New Abuse of the ClickOnce Technology, Part 2: Stop Threat Actors from Clicking Once and Staying Forever
ID: ef395941-af72-5b23-afb6-8001f5535003
STIX ID: report--ef395941-af72-5b23-afb6-8001f5535003
Feed Name: Crowdstrike Blog
Threat Score
This blog analyzes security risks in Microsoft ClickOnce deployments, detailing how attackers can abuse .application/.appref-ms files, exploit update mechanisms for stealthy payload delivery and persistence, trojanize signed dependencies to evade checks, and discloses a newly identified COM hijacking attack surface; it also outlines detection strategies and mentions CrowdStrike Falcon detection capabilities.
Your team is not currently subscribed to this feed. You must subscribe to it in order to see this post.
