Uploaded byMarketingCySourceLTD
14 views

Windows Shortcuts

Windows shortcuts can potentially be dangerous if their target or icon attributes are modified by a cybercriminal. A shortcut's target can be changed to point to malicious files like cmd.exe instead of the original target. The icon can also be modified to disguise the real target. For example, a shortcut could be crafted to pose as a document but actually execute commands when clicked, enabling attacks like getting remote access to the system. Users should avoid running shortcuts from untrusted sources without inspection.

Embed presentation

Download to read offline
The shortcuts of Windows can they be dangerous?
Shortcuts are files that point to other files. Through them, we can access a file without being in the same folder, for example.
If we open the properties of a shortcut file (.lnk), we can see some attributes that can be modified such as Run, Comment, Target, and Icon. All right so far, these attributes receive a value automatically as soon as you create a shortcut, for example: when you create a shortcut to a common .txt text file, the shortcut assumes the same icon as that file, but as we can see, it is possible to modify this icon to any other on our computer. What's more, we can also modify the target file, and save that information.
But then where does danger live?
At first, these attributes seem harmless, however, with the possibility to change the target file and shortcut icon to anyone on the machine, a cybercriminal can use these features of a shortcut file to create social engineering, let's see an example. But then where does danger live?
A shortcut was created on the desktop for the Documents folder, after which the Target attribute was changed to the cmd.exe path, in this way it is possible to execute commands on the system.
But see that the shortcut took over the cmd icon, that's not what we want, we can modify the icon to something more convincing, so we click Change Icon and choose an icon in the system. Now the shortcut doesn't point to Documents, but to cmd.exe which then executes a command on the machine. This can be used to get a reverse shell, or else do some damage to your computer.
It's like prevent?
Never run .lnk files downloaded from the internet without first analyzing them. For example, let's say you downloaded a .zip file and when you extract the file you find a shortcut to your Desktop. This shortcut could just be a malicious file, malware camouflaged as .lnk.

More Related Content

PDF
From velvet to silk there is still a lot of sweat
byStefano Maccaglia
 
PDF
Kealy OWASP interactive_artifacts
byFrank Victory
 
PDF
CNIT 152 12. Investigating Windows Systems (Part 3)
bySam Bowne
 
PPT
Hackers The Anarchists Of Our Time
byUtkarsh Sengar
 
PPTX
Slide 1 - Oklahoma State University - Welcome
bybutest
 
PDF
ESET India Cyber Threat Trends Report Q1
byESET_India
 
PDF
The case of the missing file extensions
byPete Beck
 
PPTX
Lateral Movement - Phreaknik 2016
byXavier Ashe
 
From velvet to silk there is still a lot of sweat
byStefano Maccaglia
 
Kealy OWASP interactive_artifacts
byFrank Victory
 
CNIT 152 12. Investigating Windows Systems (Part 3)
bySam Bowne
 
Hackers The Anarchists Of Our Time
byUtkarsh Sengar
 
Slide 1 - Oklahoma State University - Welcome
bybutest
 
ESET India Cyber Threat Trends Report Q1
byESET_India
 
The case of the missing file extensions
byPete Beck
 
Lateral Movement - Phreaknik 2016
byXavier Ashe
 

Similar to Windows Shortcuts

PDF
Batch File Programming
byFrz Khan
 
PPT
Batch file programming
byswapnil kapate
 
PPT
03 Windows Basics
byBuffalo Seminary
 
PPT
Lecture 12 malicious software
byrajakhurram
 
PDF
Email keeps getting us pwned - Avoiding Ransomware and malware
byMichael Gough
 
PPTX
OpenTechTalks: Ethical hacking with Kali Linux (Tijl Deneut, UGent)
byAvansa Mid- en Zuidwest
 
PDF
CNIT 121: 12 Investigating Windows Systems (Part 3)
bySam Bowne
 
PPTX
Client side attacks using PowerShell
byNikhil Mittal
 
PPT
Introduction To C D E
bymustafa.golam
 
PDF
Comment et pourquoi maîtriser les privilèges d’administrateur local sur Windo...
byIdentity Days
 
PPS
Power Point Lesson 08 P2
byNasir Jumani
 
PPT
Comp8.ppt
bybabababababbabbababa
 
PDF
When developer's api simplify user mode rootkits developing.
byYury Chemerkin
 
PDF
The process of computer security
byWritingHubUK
 
PPT
Green Hectares Rural Tech Workshop - Computer Basics
byGreen Hectares
 
PPTX
Pwning with powershell
byjaredhaight
 
PDF
Email keeps getting us pwned v1.0
byMichael Gough
 
PDF
Email keeps getting us pwned v1.1
byMichael Gough
 
PPTX
Security & Privacy - Lecture B
byCMDLearning
 
PPTX
Pace IT - Common Security Threats
byPace IT at Edmonds Community College
 
Batch File Programming
byFrz Khan
 
Batch file programming
byswapnil kapate
 
03 Windows Basics
byBuffalo Seminary
 
Lecture 12 malicious software
byrajakhurram
 
Email keeps getting us pwned - Avoiding Ransomware and malware
byMichael Gough
 
OpenTechTalks: Ethical hacking with Kali Linux (Tijl Deneut, UGent)
byAvansa Mid- en Zuidwest
 
CNIT 121: 12 Investigating Windows Systems (Part 3)
bySam Bowne
 
Client side attacks using PowerShell
byNikhil Mittal
 
Introduction To C D E
bymustafa.golam
 
Comment et pourquoi maîtriser les privilèges d’administrateur local sur Windo...
byIdentity Days
 
Power Point Lesson 08 P2
byNasir Jumani
 
Comp8.ppt
bybabababababbabbababa
 
When developer's api simplify user mode rootkits developing.
byYury Chemerkin
 
The process of computer security
byWritingHubUK
 
Green Hectares Rural Tech Workshop - Computer Basics
byGreen Hectares
 
Pwning with powershell
byjaredhaight
 
Email keeps getting us pwned v1.0
byMichael Gough
 
Email keeps getting us pwned v1.1
byMichael Gough
 
Security & Privacy - Lecture B
byCMDLearning
 
Pace IT - Common Security Threats
byPace IT at Edmonds Community College
 

More from MarketingCySourceLTD

PDF
O que é OSINT
byMarketingCySourceLTD
 
PDF
Atalhos do Windows podem ser perigosos?
byMarketingCySourceLTD
 
PDF
Cyber Career - Purple Team
byMarketingCySourceLTD
 
PDF
Dicas da semana - Mensagens
byMarketingCySourceLTD
 
PDF
Weekly tips - Credit Card
byMarketingCySourceLTD
 
PDF
Weekly - Tips
byMarketingCySourceLTD
 
PDF
O que faz um Purple Team?
byMarketingCySourceLTD
 
PDF
Post - Weekly tips 4.pdf
byMarketingCySourceLTD
 
PDF
Dicas da Semana CySource - Surfistas de ombro.pdf
byMarketingCySourceLTD
 
PDF
Dicas de Semana - Cartao de credito
byMarketingCySourceLTD
 
PDF
Post - Weekly tips 4 PTBR.pdf
byMarketingCySourceLTD
 
O que é OSINT
byMarketingCySourceLTD
 
Atalhos do Windows podem ser perigosos?
byMarketingCySourceLTD
 
Cyber Career - Purple Team
byMarketingCySourceLTD
 
Dicas da semana - Mensagens
byMarketingCySourceLTD
 
Weekly tips - Credit Card
byMarketingCySourceLTD
 
Weekly - Tips
byMarketingCySourceLTD
 
O que faz um Purple Team?
byMarketingCySourceLTD
 
Post - Weekly tips 4.pdf
byMarketingCySourceLTD
 
Dicas da Semana CySource - Surfistas de ombro.pdf
byMarketingCySourceLTD
 
Dicas de Semana - Cartao de credito
byMarketingCySourceLTD
 
Post - Weekly tips 4 PTBR.pdf
byMarketingCySourceLTD
 

Recently uploaded

PDF
Achieving Interoperability in Healthcare IT: A Strategic Guide
byHart, Inc.
 
PDF
Azure Identity, Governance, and Monitoring solutions
byVICTOR MAESTRE RAMIREZ
 
PDF
Beyond BBB: Practical Alternatives to Posterior Approximation in Bayesian Neu...
byTomasz Kusmierczyk
 
PPTX
Pizza Chain Market Data Scraping for Better Insights Report.pptx
byWeb Data Crawler
 
PPTX
Information about Trusted Platform Module(TPM)
bynewtoknowtechs
 
PPTX
Corporate AI Training to AI Enable a Company Workforce
byStélio Inácio
 
PDF
Unit 1.2 Components of a Computer System.pdf
bySanieBautista
 
PDF
The map to conquer linear algebra for IT engineer
byakipii ogaoga
 
PDF
Xemelgo - RFID Industry Predictions for 2026
byRich Rogers
 
PDF
AI Driven & AI Native Development AI native development
byZainKarim7
 
PPTX
Compare and contrast types of attacks.pptx
bysyednaqihassan14
 
PPTX
Introduction to Computer Network Concepts.pptx
byAnacrissa Soriano
 
PDF
Navigating the Spectrum of Advanced AI – Agentic, Autonomous, and Autopoietic...
byScott M. Graffius
 
PPTX
Salesforce Spring 26 Release Key .pptx
byMehediHasan939830
 
PPTX
Spacecraft Guidance Quick Research Guide by Arthur Morgan
byArthur Morgan
 
PPTX
AI Bot Traffic Surge: Retail Fraud Threat for Age-Restricted Websites
byFTx Identity
 
DOCX
Top Websites To ⭐Buy ⭐Old ⭐Gmail ⭐Accounts (PVA & Bulk) (5).docx
byBuy Old Gmail Accounts
 
PDF
A Brief Introduction About Christopher Elwell Woburn
byChristopher Elwell Woburn
 
PPTX
Digital transformation success powered by EPM and NexInfo.pptx
byjayasuryanexinfo
 
PPTX
Cesium formate brine - A brief history - prepared by John Downs in May 2011
byJohn Downs
 
Achieving Interoperability in Healthcare IT: A Strategic Guide
byHart, Inc.
 
Azure Identity, Governance, and Monitoring solutions
byVICTOR MAESTRE RAMIREZ
 
Beyond BBB: Practical Alternatives to Posterior Approximation in Bayesian Neu...
byTomasz Kusmierczyk
 
Pizza Chain Market Data Scraping for Better Insights Report.pptx
byWeb Data Crawler
 
Information about Trusted Platform Module(TPM)
bynewtoknowtechs
 
Corporate AI Training to AI Enable a Company Workforce
byStélio Inácio
 
Unit 1.2 Components of a Computer System.pdf
bySanieBautista
 
The map to conquer linear algebra for IT engineer
byakipii ogaoga
 
Xemelgo - RFID Industry Predictions for 2026
byRich Rogers
 
AI Driven & AI Native Development AI native development
byZainKarim7
 
Compare and contrast types of attacks.pptx
bysyednaqihassan14
 
Introduction to Computer Network Concepts.pptx
byAnacrissa Soriano
 
Navigating the Spectrum of Advanced AI – Agentic, Autonomous, and Autopoietic...
byScott M. Graffius
 
Salesforce Spring 26 Release Key .pptx
byMehediHasan939830
 
Spacecraft Guidance Quick Research Guide by Arthur Morgan
byArthur Morgan
 
AI Bot Traffic Surge: Retail Fraud Threat for Age-Restricted Websites
byFTx Identity
 
Top Websites To ⭐Buy ⭐Old ⭐Gmail ⭐Accounts (PVA & Bulk) (5).docx
byBuy Old Gmail Accounts
 
A Brief Introduction About Christopher Elwell Woburn
byChristopher Elwell Woburn
 
Digital transformation success powered by EPM and NexInfo.pptx
byjayasuryanexinfo
 
Cesium formate brine - A brief history - prepared by John Downs in May 2011
byJohn Downs
 

Windows Shortcuts

  • 1.
    The shortcuts of Windows canthey be dangerous?
  • 2.
    Shortcuts are filesthat point to other files. Through them, we can access a file without being in the same folder, for example.
  • 3.
    If we openthe properties of a shortcut file (.lnk), we can see some attributes that can be modified such as Run, Comment, Target, and Icon. All right so far, these attributes receive a value automatically as soon as you create a shortcut, for example: when you create a shortcut to a common .txt text file, the shortcut assumes the same icon as that file, but as we can see, it is possible to modify this icon to any other on our computer. What's more, we can also modify the target file, and save that information.
  • 4.
    But then where doesdanger live?
  • 5.
    At first, theseattributes seem harmless, however, with the possibility to change the target file and shortcut icon to anyone on the machine, a cybercriminal can use these features of a shortcut file to create social engineering, let's see an example. But then where does danger live?
  • 6.
    A shortcut wascreated on the desktop for the Documents folder, after which the Target attribute was changed to the cmd.exe path, in this way it is possible to execute commands on the system.
  • 7.
    But see thatthe shortcut took over the cmd icon, that's not what we want, we can modify the icon to something more convincing, so we click Change Icon and choose an icon in the system. Now the shortcut doesn't point to Documents, but to cmd.exe which then executes a command on the machine. This can be used to get a reverse shell, or else do some damage to your computer.
  • 8.
  • 9.
    Never run .lnkfiles downloaded from the internet without first analyzing them. For example, let's say you downloaded a .zip file and when you extract the file you find a shortcut to your Desktop. This shortcut could just be a malicious file, malware camouflaged as .lnk.