Malware Powered by Windows 11 No-Code

Abstract

Windows 11 includes a handy feature called Power Automate Desktop, which lets users automate mundane tasks. In a nutshell, Users can build custom processes and hand them to Microsoft, which in turn ensures they are distributed to all user machines, executed successfully and reports back to the cloud. You can probably already see where this is going..

We will show how Power Automate Desktop can be repurposed to power malware operations. We will demonstrate the full cycle of distributing payloads, bypassing perimeter controls, executing them on victim machines and exfiltrating data. All while using nothing but Windows baked-in and signed executables, and Office cloud services.

We will then take you behind the scenes and explore how this service works and what attack surface it exposes on the machine and in the cloud. We will also point out a few promising future research directions for the community to pursue.

Finally, we will share an open-source command line tool to easily accomplish all of the above, so you will be able to add it into your Red Team arsenal and try out your own ideas.


Speakers Information


Michael Bargury

Michael Bargury is a cyber security expert interested in cloud, SaaS and AppSec. Michael is the Co-Founder and CTO of Zenity, the first security company to protect on low-code/no-code applications. Prior to Zenity, Michael was a senior architect at Microsoft Cloud Security CTO Office, where he founded and headed security product efforts for IoT, APIs, IaC and confidential computing. Michael holds 15 patents in the field of cyber security and has a BSc in Mathematics and Computer Science from Tel Aviv university. He is currently leading the OWASP community effort on low-code/no-code security, and writes about it regularly on DarkReading.





View Full Schedule

Subscribe to Our Mailing List

Join our community mailing list for updated on conference annoucements, important dates and discussions.