| |||||
| |||||
Search Irongeek.com:
Help Irongeek.com pay for bandwidth and research equipment: |
Most people think of document macro based malware as a
thing of the past. Back around the year 2000, macro based
malware such as Melissa and ILOVEYOU wreaked havoc on
the Internet. Anti-virus vendors responded accordingly and
it appeared that the threats were large mitigated at that
time. However during the first part of 2014- vendors such
as Cisco (senderbase), and Sophos have documented a
rise in document macro-based malware. This talk will initial
present metasploit's visual basic payloads, and speak to
evasion techniques that be used for effective A/V bypass with
a memory based thread creation macro. The talk will then
demonstrate techniques of combining powershell scripts with MS-Office document macros- and detail the research used
to completely obfuscate all details of the resulting malware
based macro. An automatic document macro generation
tool will also be demonstrated. Samples of targeted phishing
documents will also be shown.
15 most recent posts on Irongeek.com:
|
If you would like to republish one of the articles from this site on your
webpage or print journal please contact IronGeek.
Copyright 2020, IronGeek
Louisville / Kentuckiana Information Security Enthusiast