Browsers’ cache smuggling

This report documents a technique termed "browser cache smuggling" in which an attacker coerces a browser to cache malicious DLL/EXE files (by overriding MIME types and adding identifying HTTP headers), then social engineers a user to run benign-looking PowerShell or batch commands that locate and execute or relocate the cached payload (including DLL side-loading via OneDrive); the write-up includes Nginx configuration examples, msfvenom payload creation, PowerShell extraction/run oneliners for Firefox and Chrome, and observations about Defender not scanning cached files.