Discover and read the best of Twitter Threads about #hushcon

Most recents (2)

Gather round #infosec fam

Warning: This is a long Thread with lots of #VBALostArts & new goodies for #c2c #opsec & #payloads in Office Malware #VBA

Spoilers: This thread is gonna make some Blue Teams & sandboxes mad

Red Teams: There is plenty of fun up ahead.

Enjoy.
Currently Office Malware is 3 steps generally:

1. Encrypt/Obfuscate Your #Macro Dropper
2. Get Your Powershell/Java/JS/DLL flavor of the week onto the victim ASAP
3. Bug out

I want to change all of this, however before we do that we need to upgrade Office Malware
For now lets focus on the first step and why obfuscating/encrypting your macros not ideal.

1. Your code will eventually get deobfuscated
2. Your code is not unique - same sample <-> many targets
3. Most obfuscation methods = Noise/Signatures
4. Your code becomes evidence
Read 18 tweets
Now that my health is stable again, I will be resuming the development of the #Hephaestus project with a few new additions I would like to share.

For those who missed it the Hephaestus project was originally presented at #Hushcon in 2017: github.com/glinares/Offic…
Microsoft in the last year has done quite a few great features to enhance Office security and the overall posture of Office based exploits seem to be lower than a year ago.

However with this I am pivoting a bit on how #Hephaestus will be used and leveraged in #Redteam events
#Hephaestus will be a 2nd phase tool that will allow an operator to exploit a system using Microsoft Office components as sort of a puppet. Think of how many tools use Powershell in order to compromise systems and stay persistent and gather system info.
Read 8 tweets

Related hashtags

Did Thread Reader help you today?

Support us! We are indie developers!


This site is made by just two indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member ($3.00/month or $30.00/year) and get exclusive features!

Become Premium

Too expensive? Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal Become our Patreon

Thank you for your support!