research poc
GrimResource: Novel MSC File Technique for Initial Access and EvasionGrimResource
Elastic Security Labs discovered a new in-the-wild technique, GrimResource, that uses specially crafted MSC files to execute arbitrary code in Microsoft Management Console (mmc.exe) with minimal warnings. The technique exploits an old XSS vulnerability in apds.dll and combines it with DotNetToJScript to achieve code execution, evading static detection. It was used to deliver Cobalt Strike via a stealthy .NET loader called PASTALOADER.