Outflank Blog Will the real #GrimResource please stand up? - Abusing the MSC file format

In this blog post we describe how the MSC file format can be leveraged to execute arbitrary code via MMC (Microsoft Management Console) for initial access or lateral movement purposes. A sample payload that implements this technique was publicly shared recently. This sample was generated using our Outflank Security Tooling (OST) offering and hence we decided to publish additional details on this method and its discovery.Context of this blog postRecently, Elastic released details on a new initial access vector technique leveraging MSC files, which they dubbed "GrimResource". These files can be used to execute code within MMC (Microsoft Management Console). This technique was researched and developed by Outflank as part of the Outflank Security Tooling (OST) toolkit. The analyzed sample was a payload generated using our In-Phase Builder,Read full postThe post Will the real #GrimResource please stand up? - Abusing the MSC file format appeared first on Outflank.