Less SmartScreen More Caffeine: (Ab)Using ClickOnce for Trusted Code Execution

The contents of this blogpost was written by Nick Powers (@zyn3rgy) and Steven Flores (@0xthirteen), and is a written version of the content presented at Defcon30.

With the barrier to entry for initial access ever increasing, we spent some time digging into potentially lesser-known weaponization options for ClickOnce deployments. A few of the hurdles we’d like to overcome by implementing these weaponization options include:

• Install / execute application without administrative privileges


• Reputable, known-good file(s) used …

access clickonce code code execution entry initial access nick options phishing research smartscreen version written