Shifty Fifty | Extensions that Deserve a Second Look
Here are 50 extensions that deserve a second look. Users and organizations should be aware of the methods used to infect their computers without noticing and how to protect themselves against malicious practices and events. The extensions listed here are the most common ones used within the hacker/red team world. Many file types, including scripts, binaries, and shortcuts, can easily be obfuscated to bypass antivirus software and remain undetected. Many of these are routinely seen in real-life breaches investigated by BreachQuest. They are used at varying stages of the cyber attack lifecycle:
For organizations, proactively managing the plethora of files that come in/out and reside within their network is challenging. Many extensions have obvious uses, such as .exe is an executable file. Still, others are less self-explanatory, especially when you consider scripting files like .bat, .py, and .vbs, for example, as these can cover multiple areas of the attack lifecycle. To make things more complicated, the file extension can indicate what a file may do. Any file with a ‘PE’ header (Portable Executable) is an executable file and may not have an extension in this list.
Teams must be vigilant when receiving files from unknown or untrusted sources. You need to be meticulous when inspecting file type names and logos of attachments. Proper education and training are the best defense against social engineering. 93% of successful data breaches result from a social engineering attack. When in doubt, open the file in a sandbox or reach out to a BreachQuest expert. If you have concerns with any unknown files within your environment, we are here to help. In case of an emergency, contact IR@breachquest.com