Рет қаралды 5,030
Join the WWHF Discord Community / discord
00:00:00 - PreShow Banter™ - Everything is Propaganda
00:08:57 - FEATURE PRESENTATION: Offensive Maldocs in 2020
00:12:55 - EXCEL 4.0 Macros ( XLM Macros )
00:18:54 - Process Injection
00:23:25 - DEMO
00:27:33 - Anti Virus Evasion
00:30:45 - Epic Manchego
00:34:24 - Hot Manchego
00:35:00 - DEMO
00:36:34 - PPT Hover-Over
00:38:50 - DEMO
00:43:41 - Remote DOCX Template Injection
00:49:58 - DEMO
00:52:48 - Inline Shapes
01:00:36 - DEMO
01:02:50 - The TL;DW (To Long; Didn't Watch)
Notable Links:
github.com/FortyNorthSecurity...
github.com/FortyNorthSecurity...
github.com/pretext-project/pr...
www.blackhillsinfosec.com/dep...
/ fortynorthsec
Are we really using macros in 2020? Heck yeah! In this webinar we go over using various new techniques when creating a malicious document for use in a social engineering attack. Everyone can generate a macro and throw it in using Auto_Open but we’ll look at a few more stealthy and less known methods which will hopefully bypass detection techniques.
topics include generating XLM (Excel 4.0) macros for use in Microsoft Excel document delivery, using Remote Template Injection to deliver an initial benign document that pulls down a malicious template on the fly, and utilizing a new method of abusing MsoShapes in office documents to control the execution of macros and pull malicious code down remotely. Also covered, a tool written by Joe Leon which automates the process of creating Excel 4.0 macros and customizations you can make to increase your chance of successful delivery.
-Matthew Grandy is a senior offensive security engineer with extensive experience leading penetration testing and red team engagements across various industries. He is an offensive security certified expert (OSCE) as well as an offensive security certified professional (OSCP) and contributes regularly to the open source community, as he believes very strongly in elevating the security industry as a whole.
-Joe Leon is an Offensive Security Engineer with FortyNorth Security and holds the OSCP certification. Prior to joining FortyNorth, Joe founded and sold two companies, including a SaaS startup where he led full stack development as CTO. In a previous career, Joe spent 6 years training and consulting sales teams on how to generate new sales leads. That experience has uniquely informed his ability to conduct highly-effective social engineering campaigns - both via email and phone.