A Logo

Feel free to include my content in your page via my
RSS feed

Help Irongeek.com pay for
bandwidth and research equipment:

Search Irongeek.com:

Affiliates:
Irongeek Button
Social-engineer-training Button

Help Irongeek.com pay for bandwidth and research equipment:

paypalpixle


Macro Malware Lives! - Putting the sexy back into MS-Office document macros - Joff Thyer Derbycon 2014 (Hacking Illustrated Series InfoSec Tutorial Videos)

Macro Malware Lives! - Putting the sexy back into MS-Office document macros
Joff Thyer
Derbycon 2014

Most people think of document macro based malware as a thing of the past. Back around the year 2000, macro based malware such as Melissa and ILOVEYOU wreaked havoc on the Internet. Anti-virus vendors responded accordingly and it appeared that the threats were large mitigated at that time. However during the first part of 2014- vendors such as Cisco (senderbase), and Sophos have documented a rise in document macro-based malware. This talk will initial present metasploit's visual basic payloads, and speak to evasion techniques that be used for effective A/V bypass with a memory based thread creation macro. The talk will then demonstrate techniques of combining powershell scripts with MS-Office document macros- and detail the research used to completely obfuscate all details of the resulting malware based macro. An automatic document macro generation tool will also be demonstrated. Samples of targeted phishing documents will also be shown.

Back to Derbycon 2014 video list

Printable version of this article

15 most recent posts on Irongeek.com:


If you would like to republish one of the articles from this site on your webpage or print journal please contact IronGeek.

Copyright 2016, IronGeek
Louisville / Kentuckiana Information Security Enthusiast