## Bloated EXE in LNK

This is an example of a following weaponisation idea:

- Produce your `Malware.exe` that runs Apollo/Cobalt Strike/anything
- Then pass it through Mangle (https://github.com/optiv/Mangle) to append 200 MBs of `'0'` (0x30)
- Compress it with ZIP
- Then use `repo\Tools\gen-embed-zip-lnk\gen-embed-zip.exe bloated-malware.zip bloated.lnk Malware.exe`
- Double click on produced `bloated.lnk`

As a consequence, AV/EDR shouldnt transfer such a big file into Cloud for further scanning, nor should it statically scan through it.


### Exercise Instructions

Just simply run `build.ps1` to recreate that example.