Whilst Microsoft is fixing the embedded files feature in OneNote I decided to abuse a whole other feature. Embedded URLs. Turns out this is something they may also have to fix.
OneNote Embedded URL Abuse
Series: OneNote as a Malware delivery platform
OneNote can be used to deliver malware. This series will show how OneNote can be abused and how you can protect your environment against this attack technique
OneNote Embedded file abuse
In recent weeks OneNote has gotten a lot of media attention as threat actors are abusing the embedded files feature in OneNote in their phishing campaigns. In this post we will analyze this new way of malware delivery and create a detection rule for it.
