sysmon-config icon indicating copy to clipboard operation
sysmon-config copied to clipboard

Published 20 hours ago verified publisher icon SwiftOnSecurity

Outlook Webview URL changes

Open humpalum opened this issue 3 years ago • 0 comments

Matches registry events that changes the URL value for the WebView of Outlook which could enable persistence for hackers.

Ref: https://speakerdeck.com/heirhabarov/hunting-for-persistence-via-microsoft-exchange-server-or-outlook?slide=70

humpalum avatar Jun 14 '21 11:06 humpalum