Discover and read the best of Twitter Threads about #blueteams

Most recents (2)

Todays #VBALostArts Topic: #Sandbox Detection

So a few hours ago I whipped up a super basic Office #malware whose goal was to extract as much info from sandboxes as possible and send it in the clear so you can gather all the configurations of the sandbox.

I named it Thumper
Thumper does 4 things:
- Built In Office/VBA Info Gathering
- Registry Reading (USER & LM)
- RecentFiles Methods
- Shoots results via HTTP (so you can see)

It does this (by design) with the elegance of a herd of drunken water buffaloes dancing to Russian hard bass in a tea shop.
As the reference to the name, it's meant to call the sandworms hidding in the dunes.

And if you want to detect and avoid almost all of the sandboxes - easiest way is to check the DateTime stamps of RecentFile methods of Word.

Like This: Image
Read 8 tweets
Now that my health is stable again, I will be resuming the development of the #Hephaestus project with a few new additions I would like to share.

For those who missed it the Hephaestus project was originally presented at #Hushcon in 2017: github.com/glinares/Offic…
Microsoft in the last year has done quite a few great features to enhance Office security and the overall posture of Office based exploits seem to be lower than a year ago.

However with this I am pivoting a bit on how #Hephaestus will be used and leveraged in #Redteam events
#Hephaestus will be a 2nd phase tool that will allow an operator to exploit a system using Microsoft Office components as sort of a puppet. Think of how many tools use Powershell in order to compromise systems and stay persistent and gather system info.
Read 8 tweets

Related hashtags

Did Thread Reader help you today?

Support us! We are indie developers!


This site is made by just two indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member ($3.00/month or $30.00/year) and get exclusive features!

Become Premium

Too expensive? Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal Become our Patreon

Thank you for your support!