BSidesVienna 0x7E9

The perpetual cat-and-mouse game between attackers and defenders has
pushed offensive security operators to innovate. While enterprise security
teams have become adept at identifying and blocking malicious Office
documents, suspicious executables, and known phishing URLs, a significant
blind spot often remains: the gray area of "benign" file formats that are
implicitly trusted by both users and security tools. This talk will arm
attendees with the knowledge to identify and leverage these blind spots in
red team engagements.

We will begin by exploring the strategic shift from noisy, high-volume
attacks to stealthy, low-profile techniques designed to circumvent modern
EDR, email gateways, and web proxies. We'll discuss why certain file types
and delivery mechanisms succeed where others fail, focusing on the
technical elements that make them effective. This includes exploiting the
browser's rendering engine and abusing features in file formats that were
never intended for malicious use. The mainpart of the presentation is a
detailed, step-by-step walkthrough of an attackchain using a weaponized
SVG image, infecting a user with malware and spreading laterally with
intune.

We will demonstrate the entire attack chain:

-) Crafting the Lure: Creating a malicious SVG that, when opened, executes
the malicious content.
-) Delivery & Execution: Discussing methods for delivering the payload and
giving alternatives to SVG images.
-) Infection & Lateral Movement: Showcasing how the malware gets executed
and how Microsoft Intune can be used afterwards to move laterally through
the network.

Beyond the SVG case study, we will briefly cover other unconventional
vectors to broaden the audience's perspective.
Attendees will leave this session with a new arsenal of TTPs. Red teamers
will learn how to build more sophisticated and evasive initial access
campaigns. Blue teamers and defenders will gain insights into these
emerging threats, learning what artifacts to hunt for.