Windows COM automation serves a number of practical uses, from interacting with network-based services to embedding a Microsoft Excel spreadsheet into your own application. All versions of Windows from XP forward allow you to embed an Internet Explorer COM object into applications, and we’ll take advantage of this ability in this chapter. Using the native IE automation object, we’ll create a man-in-the browser-style attack where we can steal credentials from a website while a user is interacting with it. We’ll make this credential-stealing attack extendable, so that several target websites can be harvested. The last step will use Internet Explorer as a means to exfiltrate data from a target system. We’ll include ...