Weaponizing Windows Shortcuts.
Creating a Polyglot Creating a .lnk file that will run some additional code (using .hta in this instance) as well as the original expected .exe a chrome browser in this example. First an attacker would create using notepad or a related app with a generic .hta file. The main idea here is that in the target property of icon files there is a character limit. So running the code there is out of the question but, if adversaries can create a polyglot file to run both an .hta and .exe the user can be fooled into thinking nothing else is going on in the background. Strangely enough when it comes to .lnk files when opened in an editor they are not affected nor do they react adversely when you add extra code to the bottom of a .lnk file. Essentially this gives us the space we need to create a polyglot and bypass the aforementioned character limit. The second critical piece of the Polyglot is going to have to be another f...