.. /VSCode CLI
Star

Exfiltration
Access
Shell Access

Utilizing Visual Studio Code Remote Tunnels for exposing local development environment over the internet.

Paths:

Resources:

Acknowledgements:

Detections:

Exfiltration

  1. Generating Visual Studio Code Server Tunnels via VSCode built in Tunneling functionality.

    code.exe tunnel --accept-server-license-terms
    Use case
    Generating Visual Studio Code Server Tunnels for exposing local dev environemnt over the internet.
    Privileges required
    User
    Operating systems
    Windows, Mac, Linux

  2. Generating Visual Studio Code Server Tunnels via VSCode built in Tunneling functionality and installing it as a service.

    code.exe tunnel service install --accept-server-license-terms
    Use case
    Generating Visual Studio Code Server Tunnels for exposing local dev environemnt over the internet.
    Privileges required
    User
    Operating systems
    Windows, Mac, Linux

Access

  1. Insider threat, external threat actor will be accessing the link in the web browser providing access to the `vscode.dev\tunnels\*` proxying the local development environment.

    Accessing generated Visual Studio Code Server Tunnels URL.
    Use case
    Accessing local files on VSCode Cloud for Data Exfiltration.
    Privileges required
    User
    Operating systems
    Windows, Mac, Linux

Shell Access

  1. Insider threat, external threat actor will be able to run commands on local system proxying via Microsoft domains using the built-in VSCode Server Terminal.

    Shell Access via Visual Studio Code Server Tunnels.
    Use case
    Accessing & Deleting files, executing payloads, downloading payloads, running malware/ransomware etc.
    Privileges required
    User
    Operating systems
    Windows, Mac, Linux