Now that my health is stable again, I will be resuming the development of the #Hephaestus project with a few new additions I would like to share.

For those who missed it the Hephaestus project was originally presented at #Hushcon in 2017: github.com/glinares/Offic…

Microsoft in the last year has done quite a few great features to enhance Office security and the overall posture of Office based exploits seem to be lower than a year ago.

However with this I am pivoting a bit on how #Hephaestus will be used and leveraged in #Redteam events

#Hephaestus will be a 2nd phase tool that will allow an operator to exploit a system using Microsoft Office components as sort of a puppet. Think of how many tools use Powershell in order to compromise systems and stay persistent and gather system info.

#Hephaestus will also have a macro obfuscator & VBA payload delivery system, all of the features you saw in my demo and presentations with @digbei will be added.

Another feature will be to assist in developing an easy way for developers to write COM interaction with Office, to allow RATs to instantiate Office & conduct all of their activities through the signed and trusted office binaries as a proxy.

The GUI will still be point and click development, I wanted to mimic the old school NUKE VCL experience as much as possible - so that redteams can quickly develop a tool with a few button presses and have a product delivered.

And finally for the #Blueteams & #PurpleTeams out there, I haven't forgotten about you:

I will be releasing a zine style doc on all the features & methods inside #Hephaestus to allow you to read in depth how methods such as the Anti-analysis, obfuscation, and other methods work

This will probably be the largest & most detailed document on Office malware / techniques to date (I wrote one many years ago for a few virii zines and this will surpass that easily). It will also be a great tool for RE & Malware analysts to have.