An in-depth forensic analysis of how a seemingly legitimate Proof-of-Concept (PoC) for CVE-2020-35489 turned out to be a cleverly disguised malware. This blog post details the attack vector, payload deobfuscation, Indicators of Compromise (IoCs), and the steps taken to analyze and neutralize the threat.
Of course you don’t test PoCs on the same system that you use for stuff like mail etc. right?
Right?
Reading the CVE and with just a cursory glance to the deobfuscated code, it doesn’t seem to be using some VM bypass (or THAT would have been another CVE).
Now sure, OP says they didn’t go through usual precautions, but did they even not care to use a VM for it?
Or is it that they did and that’s why it wasn’t too much of a problem?