NahamSec and Jacobe Discuss Advanced Hacking Technique Using Windows Shortcuts

In this video, NahamSec and Jacobe discuss an advanced hacking technique involving Windows shortcuts, known as link files. These files, often used to launch applications like web browsers or games, can be manipulated to execute malicious code without the user needing to click on anything. This method allows attackers to steal passwords and gain unauthorized access to a system. One of the key points of the discussion is how link files can be manipulated to execute arbitrary code. Jacobe explains that, unlike the previous method which required physical access to the target machine, a more realistic approach would involve tricking the victim into downloading a malicious file. This file, disguised as an image or another type of harmless file, actually contains a shortcut that executes code in the background. This code can include a reverse shell, allowing the attacker to take remote control of the machine. To bypass the size limitations of shortcut properties, Jacobe uses an API call to generate the reverse shell code on the fly. This allows him to bypass size restrictions and make the attack more flexible. Additionally, to mask the origin of the API call, Jacobe uses Cloudflare Workers, which act as a reverse proxy, making the attack harder to detect and trace. The video also addresses the practical implications of this technique. For example, by placing a malicious shortcut in the startup folder, the attacker can ensure that the malicious code runs every time the system starts. Moreover, by using folder exclusions in security settings, it is possible to bypass certain antivirus protections. Another fascinating aspect of the video is the demonstration of a technique to steal NTLM hashes without user interaction. By modifying the internal structure of a link file to point to an SMB share, it is possible to force the system to attempt an SMB connection, resulting in the leakage of NTLM hashes. This technique is particularly powerful because it does not even require a user click; a simple right-click or even navigating the directory containing the file is enough for the hashes to be stolen. Finally, the video concludes with a discussion on protective measures against these types of attacks. Using advanced security solutions like "ring fencing" can help block malicious connections before they can be established. This underscores the importance of having robust protections and understanding potential attack vectors to better defend oneself. To learn more and see the full demonstration, watch the video here: https://www.youtube.com/watch?v=JKK24EEpSDo