Browser Cache Smuggling: the return of the dropper

This blog post demonstrates how an attacker can weaponise "Browser Cache Smuggling" to drop a proxy DLL into browser cache, move it into a user's localappdata, and leverage DLL search order in per-user installations of Teams/OneDrive to load malware that establishes covert C2 over legitimate HTTPS channels; the author provides a PoC, discusses opsec considerations, and recommends mitigations such as restricting scripting, avoiding installs in localappdata, enforcing signed PowerShell execution, configuring Chrome to clear cache on exit via GPO, and creating detection rules to alert on non-browser processes accessing browser cache.