Neurohazard
Our democracy have been h4ck3d.

文件名伪装 Unicode RLO

wpadmin~June 17, 2018 /InfoSec

Unicode RLO

案例

摘自
趋势科技的一次培训APT模拟攻击实验WP

原始文件名
cod.esicrACE202.Exe

在文件名开头插入RLO
exE.202ECArcise.doc

在 202ECA 与 rcise 之间插入 LRO
ACE202.Exercise.doc

关联资料

Unicode控制符号在载荷投递中的应用
http://blkstone.github.io/2016/01/21/unicode-payload-delivery/

趋势科技的一次培训APT模拟攻击实验WP
https://paper.tuisec.win/detail/cd6536f96b1d799
https://blog.donot.me/end-beijing/

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.