How threat actors spread malware using ClickOnce
placeholder
This post is divided in the following sections:
Intro
placeholder
References
[1] https://www.zscaler.com/blogs/security-research/abusing-clickonce
[2] https://www.zscaler.com/blogs/security-research/stolen-code-signing-certificates-are-your-worst-nightmare
[3] https://blog.redxorblue.com/2020/07/one-click-to-compromise-fun-with.html
[4] https://posts.specterops.io/less-smartscreen-more-caffeine-ab-using-clickonce-for-trusted-code-execution-1446ea8051c5
[5] https://github.com/0xthirteen/AssemblyHunter
tags: #other