At BlackHat Asia we released Evil Clippy, a tool which assists red teamers and security testers in creating malicious MS Office documents. Amongst others, Evil Clippy can hide VBA macros, stomp VBA code (via p-code) and confuse popular macro analysis tools. It runs on Linux, OSX and Windows. In this blog post we will explore […]
Author Archives: Stan Hegt
This month (October 2018) our team members presented at two hacker conferences: The MS Office magic show at DerbyCon Mirror on the wall: using blue team techniques in red team ops at BruCON Below, you can find the video recordings of these presentations.
In this post, I will dive into Excel 4.0 macros (also called XLM macros – not XML) for offensive purposes. If you grew up in the Windows 95 age or later, just as I did, you might have never heard of this technology that was introduced as early as 1992. Virtually all malicious macro documents […]