New Pen Test Tool Tricks Targets with Microsoft WCX Files

  /     /     /  
Publicated : 23/11/2024   Category : security


New Pen Test Tool Tricks Targets with Microsoft WCX Files


The open-source tool lets penetration testers gather credentials by convincing targets to open a Microsoft WCX file.



A new open-source penetration testing tool, dubbed Firework, will let pen testers collect sensitive data by tricking their targets into opening Microsoft WCX files.
Firework is a Python-based tool designed to find weak spots in enterprise security practices, and address the issue of social engineering tactics in corporate network breaches. It leverages these techniques to get targets to open a WCX file, which can be used to configure a Microsoft Workplace on a system and grant an attacker remote access.
An attacker could leverage the Workspace functionality to deploy a malicious application or desktop as part of a larger social engineering campaign. This could have broader implications; for example, data loss in the event that local resources are mapped to an attackers terminal server.
Once the target opens the file, the tool links to Firework, gathers credentials (including password hashes), and offers resources that were set up in the file, such as links to potentially malicious Office documents or a remote desktop environment that the pen tester controls.
Read more details
here
.

Last News

▸ 27 Million South Koreans Hit by Online Gaming Theft. ◂
Discovered: 23/12/2024
Category: security

▸ Homeland Security Background Checks Breach Raises Concerns. ◂
Discovered: 23/12/2024
Category: security

▸ Fully committed to the future world of technology. ◂
Discovered: 23/12/2024
Category: security


Cyber Security Categories
Google Dorks Database
Exploits Vulnerability
Exploit Shellcodes

CVE List
Tools/Apps
News/Aarticles

Phishing Database
Deepfake Detection
Trends/Statistics & Live Infos



Tags:
New Pen Test Tool Tricks Targets with Microsoft WCX Files