Skip to content

title: Client-Side Attacks description: Client-side payloads and delivery chains targeting end-user applications: malicious Office macros, HTA files, evil PDFs and HTML smuggling.

Client-Side Attacks

Client-side payloads and delivery chains targeting end-user applications: malicious Office macros, HTA files, evil PDFs and HTML smuggling.

Contents

  • Evil PDF

    An Evil PDF is a pdf with malware inside.

  • HTML Application (HTA)

    An HTML Application (HTA) is a proprietary Windows program whose source code consists of HTML and one or more scripting languages supported by Internet Explorer (VBScript and JScript). The HTML is used to generate the u…

  • HTML Smuggling

    It is a discret delivery method of payloads. An attacker can embed a link in an email. When the victim reads the email and visits the webpage, js code will use html smuggling to automatically save the dropper file.

  • Microsoft Office Macros

    VBA is an implementation of Visual Basic that is very widely used with Microsoft Office applications - often used to enhance or augment functionality in Word and Excel for data processing etc.