Malicious Outlook Rule without an EXE

 Carrie Roberts // My current favorite exploit is creating malicious outlook rules as described here. The rule is configured to download an executable file with an EXE extension (.exe) when an email with a certain subject line is received. The executable establishes a command and control (C2) session with the attacker’s server. On a recent […]

Read the entire post here