Learn
active
CrowdStrike: ClickOnce Deployment Abuse — Part 1 Inner Workings
- Engineer — Learn: Part 1 is foundational research on how ClickOnce deployment can be weaponized as an initial-access vector; no patch or config action today, but engineers supporting Windows app delivery should understand the attack surface before Part 2 drops with exploitation specifics.
- SOC/IR — Learn: Builds triage context for ClickOnce-based delivery chains; hold detection engineering work until Part 2, which is expected to cover observable behaviors and threat-actor abuse patterns.
- Leader — Skip
This entry was curated and judged by AI (Claude) with automated enrichment
(CISA KEV / EPSS / public PoC). Verify against the original source before
acting. Found a bad verdict?
Report it —
confirmed errors go to the corrections log.