Secondary Categories: 02 - Payloads 02 - Social Engineering Links: Search Tag:📕
Mark of the Web
Description:
When downloading a file from the internet the file will be give MOTW. You can check if the file has MOTW using Powershell with the following command:
PS C:\Users\bfarmer\Downloads> gc .\test.txt -Stream Zone.Identifier
[ZoneTransfer]
ZoneId=3
HostUrl=http://nickelviper.com/test.txtThe possible zones are:
- 0 ⇒ Local computer
- 1 ⇒ Local intranet
- 2 ⇒ Trusted sites
- 3 ⇒ Internet
- 4 ⇒ Restricted sites
Bypass
This can be usually avoided when packaging the file(s) in a container like one of the following
- ZIP
- ISO
- ISO → ZIP
Resources:
| Title | URL |
|---|---|
| place | holder |
Created Date: November 6th 2022 15:33
Last Modified Date: November 6th 2022 15:33