Skip to content
NVISO Labs

NVISO Labs

Cyber security research, straight from the lab! 🐀

  • twitter
  • linkedin
  • mail us
  • our company
  • SSO
  • All
  • Blue Team
  • Cloud Security
    • AWS
    • Azure
    • GCP
    • Microsoft 365
  • Awareness
  • Forensics
  • Other
    • Application Security
    • IoT Security
    • Web Security
    • Industrial Security
    • Mobile Security
    • Cyber Strategy
    • Purple Team
    • Red Team
    • Events

Category: OneNote

OneNote Embedded URL Abuse

OneNote Embedded URL Abuse

Whilst Microsoft is fixing the embedded files feature in OneNote I decided to abuse a whole other feature. Embedded URLs. Turns out this is something they may also have to fix.

Nicholas Dhaeyer Cyber Threats, Maldoc, phishing, Malware, SOC, Threat Hunting, Blue Team, Qbot, OneNote 4 Comments March 27, 2023April 26, 2023 5 Minutes

OneNote Embedded file abuse

In recent weeks OneNote has gotten a lot of media attention as threat actors are abusing the embedded files feature in OneNote in their phishing campaigns. In this post we will analyze this new way of malware delivery and create a detection rule for it.

Nicholas Dhaeyer Blue Team, Detection Engineering, Qbot, Cyber Threats, OneNote, Maldoc, Malware, phishing, Reverse Engineering, Threat Hunting 4 Comments February 27, 2023July 18, 2023 8 Minutes
NVISO Homepage
Services
Jobs
Blog
Info and support
info@nviso.eu
Got hacked?
csirt@nviso.eu