Mastodawn

Another "old but gold" little trick, harkening back to @mubix's blog post waaay back in 2013: "Stealing passwords every time they change" -- creating a Password Filter & adding it to Windows Registry. A clever persistence trick to exfiltrate credz. Video: youtu.be/DhP2Hw-6DgY

Show thread

♥H♥α♥ɳ♥ɳ♥α♥ԋ♥ß♥ҽ♥ʅ♥ʅ♥ҽ♥

@JohnHammond

1.) Since youre already getting a UAC this dll could be installed via an installer that also registers the dll, correct?
2.) So, since this evades A/V as part of native Windows functionality, I feel like it would be useful to create some kind or hook to notify the user/DC/or IT Admin if that registry key is changed, or a new listener dll is registered with? (And perhaps a list of any other similar keys that exist offering the same perceived level of exploitation)