Author Archives: Pieter Ceelen

Sylk + XLM = Code execution on Office 2011 for Mac

At our Derbycon talk, the MS Office Magic Show, Stan and myself presented various novel techniques for abusing Excel and Word in Red Teaming operations. One of the tricks introduced was about the Sylk fileformat and Excel 4.0 / XLM macro’s. Full detailled blogs on Sylk and other discussed subjects will follow later. For now it […]

Hunting for evil: detect macros being executed

In many of our red teaming and incident response engagements, we encounter the abuse of MS Office macros as a vector to drop a remote access trojan and thereby gain initial foothold. From many discussions with our clients we have learned that macros are hard to secure and often a necessity for business operations. In […]