That's just MoTW, I've verified it works. No prompts required. I think someone could realistically click on that.pic.twitter.com/VwYGB5il48
You can add location information to your Tweets, such as your city or precise location, from the web and via third-party applications. You always have the option to delete your Tweet location history. Learn more
I wonder if they'd even bother to fix this type of bug when you can just send payload.exe over chat and they can download and run it without the prompt in about as many clicks.pic.twitter.com/rUcvCjaAw6
I guess at least this is a little more clear that you're download a file and then running it than the UNC path execution version.
Agree about the severity but does pulling a signed bin from a remote SMB share evades the warning message?
We can have this chained as follows: 1. Leaking user's domain and username 2. Somehow trigger a file download action to have a file let's say "win64.exe" in \users\{username}\downloads\win64.exe 3. Using the leaked user name to craft an auto execute link:pic.twitter.com/UX6CNucq8k
I've actually tried it and it worked like a charm (except for the downloading step which done manually just for the sake of the PoC)
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.