"New Specula Tool Uses Outlook for Remote Code Execution in Windows"

The new red team post-exploitation framework "Specula," released by the cybersecurity company TrustedSec, uses Microsoft Outlook as a Command-and-Control (C2) beacon for Remote Code Execution (RCE). The C2 framework creates a custom Outlook Home Page using WebView by exploiting an Outlook security feature bypass vulnerability patched in October 2017. This article continues to discuss the new Specula tool.

BleepingComputer reports "New Specula Tool Uses Outlook for Remote Code Execution in Windows"

Submitted by grigby1