Evil Clippy: MS Office maldoc assistant

At BlackHat Asia we released Evil Clippy, a tool which assists red teamers and security testers in creating malicious MS Office documents. Amongst others, Evil Clippy can hide VBA macros, stomp VBA code (via p-code) and confuse popular macro analysis tools. It runs on Linux, OSX and Windows.

In this blog post we will explore the features of Evil Clippy and the technology behind it. The latest source code of the tool can be found here:


Latest binary releases are available at:


Read full post

Introducing RedELK – Part 1: why we need it

This multi-part blog post is about a tool we released: RedELK. In a few words you can describe it as a “Red Team’s SIEM”, although it actually does a few more things to ease the life of red teams. We released it right after our talk at BruCON 2018, and you may have already seen it at our GitHub. But until now we haven’t had the time to articulate our reasoning and give it a proper introduction.

This first part covers our reasoning. A the second part (soon to be released) we’ll dive into the technical details, explain basic usage and show you how you can benefit from using it as a red teamer.

Read full post