30Oca
Is it possible to make whitelisted software do custom, malicious things?
Let's say there's a keylogger secretly installed in an employee's computer. The keylogger recorded a bunch of information, but the well-configured firewall blocked the keylogger from sending that information to its server.
Attacking the firewall directly might be too difficult, but what about manipulating the software that the firewall allows (either directly or that software uses an allowed port)?
It can be any allowed software that uses the Internet. Say Outlook for example, can the keylogger somehow make Outlook send custom information to a custom server?
