Dirty zipping
'Dirty zipping' is the method of using SFX archives (A self-extracting archive type) to 'disguise' a file such as a malicious payload within a medium such as an image through a roundabout form of steganography which results in a 'Dirty zip'.
When the victim of a dirty zip attack opens a seemingly harmless file (the image in this example) they'll be shown the image but in the background a payload will execute.
This method can be achieved through software's such as WinRar and 7Zip.
When the victim of a dirty zip attack opens a seemingly harmless file (the image in this example) they'll be shown the image but in the background a payload will execute.
This method can be achieved through software's such as WinRar and 7Zip.
Person 1: I launched the reverse shell payload on the victim.
Person 2: How did you go about that?
Person 1: Just did some Dirty zipping and put it on a USB which I dropped near their front door, curiosity took hold and the payload self-extracted in the background when the victim wanted to view the picture on the USB.
Person 2: Sneaky!
Person 2: How did you go about that?
Person 1: Just did some Dirty zipping and put it on a USB which I dropped near their front door, curiosity took hold and the payload self-extracted in the background when the victim wanted to view the picture on the USB.
Person 2: Sneaky!