A Chain Is No Stronger Than Its Weakest LNK
David French at BSidesSLC 2020
Attackers continue to abuse Windows shortcut (LNK) files to gain initial access to their targeted networks, maintain persistence, and execute malicious scripts. This presentation will familiarize practitioners with the ways in which adversaries abuse LNK files, why detection rates for malicious LNK files are so poor, and provide them with the knowledge to hunt for and detect this behavior in their environment.