Some unintelligent fun with ms-notepad protocol
ATT&CK techniques detected
T1574.001DLL
98%
"some unintelligent fun with ms - notepad protocol in my previous post i have provided a list of ‘ new ’ protocols i noticed in the latest windows 11 build. one that immediately caught my attention was “ ms - notepad : / / ”. you can use it to launch notepad via “ ms - notepad : /…"
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1574.001DLL
85%
"##m9vymfylnr4dcagica = one can then launch notepad with a testing argument from a command line or via a protocol handler : notepad / testing : zmlsztovly4uxc4uxc4uxhrlc3rczm9vymfylnr4dcagica = ms - notepad : / / / testing : zmlsztovly4uxc4uxc4uxhrlc3rczm9vymfylnr4dcagica = in bot…"
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1574.001DLL
39%
"in a html file and open in f. ex. microsoft edge, and then click the link, you will see notepad trying to open the following files : - c : \ users \ < user > \ ms - notepad :.. % 5c.. % 5c.. % 5cfoobar. txt \ - c : \ users \ < user > \ ms - notepad :.. % 5c.. % 5c.. % 5cfoobar. t…"
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
Summary
In my previous post I have provided a list of ‘new’ protocols I noticed in the latest Windows 11 build. One that immediately caught my attention was “ms-notepad://”. You can use it to launch Notepad via “ms-notepad://<filename>” links and it … Continue reading