Evil Clippy: MS Office maldoc assistant
At BlackHat Asia we released Evil Clippy, a tool which assists red teamers and security testers in creating malicious MS Office documents. Amongst others, Evil Clippy can hide VBA macros, stomp VBA code (via p-code) and confuse popular macro analysis tools. It runs on Linux, OSX and Windows.
In this blog post we will explore the features of Evil Clippy and the technology behind it. The latest source code of the tool can be found here:
Latest binary releases are available at:
At the time of writing, this tool is capable of getting malicious macros to bypass all major antivirus products and most maldoc analysis tools. It achieves this by manipulating MS Office files on a file format level.
Copy and paste this URL into your WordPress site to embed
Copy and paste this code into your site to embed