The Road to Hell is paved with EICAR

Or how to fuck with Windows Admins
(Last Update May 18th 2021)

The obvious ones – EICAR as:

User-AgentSee what Webserver is running Windows and AV
PasswordSee what crappy application is hosted on Windows and Stores Passwords in Cleartext
Eicar in CookiesSee some cookie monsters?
OS UsernameIf you are not on Windows obviously! Clusterbomb, see where your username gets stored as Metadata – like every Office Document – kind of a DLP :)
As Crypto transaction commentIn the blockchain forever! Ruin Coins for Windows Users!
Obvious Admin approved EICAR Usecases

Maybe less successful ones – EICAR as:

Spray EICAR against any Login Prompt as UsernameSee what Logfiles are stored and processed on Windows machines with AV
EICAR as TLS Certificate Alternate Name or CommentSee who processes TLS Certificates on Windows machines
EICAR as DNS Reverse LookupsAnyone hosting SIEM on Windows?
EICAR as TXT/MX DNS LookupsMailsecurity on Windows? Logging of Mailsecurity on Windows?
Post EICAR in MS Teams Chats, Calls Maybe they get delivered as mails or stored as chatlogs?
Inside Website IconEicar as Icon – see recent vulnerabilities in Browser Icon Storage – Some browsers never clear Icon Cache?!
In as many social media Information Fields as possibleSee who mines social media and works with the results in excel? Shoot me!
In as many Azure as a Service thingies you can find?Lets test how much cloud backend Microsoft still runs on Windows with AV?
HTML Comments – especially in every automatically generated CMS PageJust for the kicks?
In Webpage Forms?Any food delivery Comments? WARNING: DO NOT DO THIS IF YOU ARE ACTUALLY HUNGRY!
Webshops Like in every single input field if the Webserver is running on IIS?
OTP Token Entry fieldMicrosoft Azure Authenticator and Microsoft LDAP MFA Whatever Proxy?
WiFi SSIDSupplicAVnt?
EICAR as a Challenge

Stupid Stuff – Eicar as:

Inside Games, Chats, Items, Character NamesGameserver Backend on Windows?
Bumper StickerOCR on the Road – or what crazy person is storing car camera Images/OCR on Windows?
As a banking transaction commentHELL NO! DONT DO THIS!
YOLO

Disclaimer

Do not do this at work, or anywhere without permission!
If you have to do this do it in VMs and Safe Environments for testing!
It may not be illegal to use EICAR as a string but it sure will be illegal to willingly and knowingly use EICAR to cause harm.

Regards
X5O!P%@AP[4\PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H*

About SebastianB

read it in my blog
This entry was posted in miscellaneous. Bookmark the permalink.