#Remote

<p><a href="https://1.bp.blogspot.com/-p5_2_IEv9P8/YUuqKRcI1rI/AAAAAAAAvSg/hsnZHGNuRTEP9G-_v8lbWCSQYvVXbj3XQCNcBGAsYHQ/s1350/QueenSono_2_qssono-trunc.gif" imageanchor="1" style="margin-left: 1em; margin-right: 1em; text-align: center;"><img border="0" data-original-height="571" data-original-width="1350" height="270" src="https://1.bp.blogspot.com/-p5_2_IEv9P8/YUuqKRcI1rI/AAAAAAAAvSg/hsnZHGNuRTEP9G-_v8lbWCSQYvVXbj3XQCNcBGAsYHQ/w640-h270/QueenSono_2_qssono-trunc.gif" width="640" /></a></p><div><br /></div> <p style="text-align: left;"> QueenSono tool only relies on the fact that ICMP protocol isn't monitored. It is quite common. It could also been used within a system with basic ICMP inspection (ie. frequency and content length watcher). Try to imitate <a href="https://github.com/ytisf/PyExfil" rel="nofollow" target="_blank" title="PyExfil">PyExfil</a> (and others) with the idea that the target machine does not necessary have python installed (so provide a binary could be useful)</p...

<div class="separator" style="clear: both; text-align: center;"><a href="https://1.bp.blogspot.com/-X7RGnp89UBU/YUNCQ39MNeI/AAAAAAAAunU/ZpAc4HUyWtMEl7jz_yxyLBLvvXkpbacLwCNcBGAsYHQ/s1473/CVE-2021-40444_3_calc.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="820" data-original-width="1473" height="356" src="https://1.bp.blogspot.com/-X7RGnp89UBU/YUNCQ39MNeI/AAAAAAAAunU/ZpAc4HUyWtMEl7jz_yxyLBLvvXkpbacLwCNcBGAsYHQ/w640-h356/CVE-2021-40444_3_calc.png" width="640" /></a></div><p><br /></p><p>Malicious docx <a href="https://www.kitploit.com/search/label/Generator" target="_blank" title="generator">generator</a> to exploit CVE-2021-40444 (Microsoft Office Word <a href="https://www.kitploit.com/search/label/Remote" target="_blank" title="Remote">Remote</a> Code Execution)</p><span><a name='more'></a></span><p><br /></p><p>Creation of this Script is based on some <a href="https://www.kitploit.com/search/label/Reverse%20Engineering" target="_...