AppLocker Bypass – CMSTP

2018-05-10T07:01:49
ID PENTESTLAB:992F7A643B57EBF03DD3B2872531EFBE
Type pentestlab
Reporter netbiosX
Modified 2018-05-10T07:01:49

Description

CMSTP is a binary which is associated with the Microsoft Connection Manager Profile Installer. It accepts INF files which can be weaponised with malicious commands in order to execute arbitrary code in the form of scriptlets (SCT) and DLL. It is a trusted Microsoft binary which is located in the following two Windows directories. AppLocker […]