• Skip to primary navigation
  • Skip to main content
  • Skip to primary sidebar
  • Skip to footer
  • Student360
  • About
    • Secure360
    • UMSA
  • Secure360 2022
  • For Sponsors
  • For Speakers
  • Get Involved
  • Blog
  • Nav Social Menu

    • Facebook
    • LinkedIn
    • Twitter
    • Vimeo

Secure360

All You Need Is One: A-Click-Once-Love-Story

ClickOnce is a deployment solution that enables fast, easy delivery of packaged software. It is commonly used by organizations to deploy both internal and production-grade software packages along with their respective updates. By allowing end-users to accept the requested permissions of the software package without the intervention of an administrator, ClickOnce simplifies the deployment and use of robust software solutions.
It also provides an excellent opportunity for malicious actors to establish a foothold in your network.
In this talk, we will discuss how we combined ClickOnce technology and existing phishing techniques into a new methodology for establishing an initial presence in an environment. By minimizing user interaction, we only require that the user is fooled for “one click” – after that, we already have a foothold in their environment and are ready to pivot and escalate further.

Key learning points:
  • ClickOnce is a commonly deployed technology in enterprise environments
  • Malicious actors can exploit ClickOnce to establish initial unauthorized access
  • Configuration-based controls exist to mitigate this attack vector

About Ryan Gandrud

Ryan has a B.S. in computer science from North Dakota State University. He has done work in the Information Technology, Healthcare, Financial Services, and Information Security industries. Ryan’s primary knowledge base includes network, web application, and thick application penetration testing with extensive knowledge in email phishing.

About Cody Wass

Cody graduated from North Dakota State University with a degree in Computer Science. He fiddles with web applications and struggles with IDA in his spare time, usually while enjoying a glass of single malt scotch.

Primary Sidebar

Details

Tuesday May 12, 2015
1:30 PM - 2:30 PM
Room 13
Level: Intermediate
Focus: Cybersecurity,

Share this page

Share on Facebook
Facebook
Tweet about this on Twitter
Twitter
Share on LinkedIn
Linkedin
Buffer this page
Buffer
Email this to someone
email

Footer

Contact

For more information about UMSA events, contact: Marie Strawser

Email List Signup

Join our email list for monthly Secure360 news and updates!




Join our tradeshow email list for updates on sponsorship opportunities and upcoming exhibitor deadlines.

Sponsored by:
© 2022 Secure360. All rights reserved.