Fifty Shades of Malicious Macros presented at SourceDublin 2015

by Gianni Gnesa,

Summary : In recent years, malicious documents have been used extensively to break into companies and organizations all around the World. In fact, the ease with which an attacker can get access to your computer by simply convincing you to open a malicious Microsoft Office document has forced Antivirus Companies and “Software Security Providers” to extend the range of their detection engines.
Current antivirus products easily detect (or should easily detect) simple Visual Basic for Applications (VBA) payloads generated with Metasploit. So, in order to own a fully protected Windows machine, we must obfuscate or encrypt our VBA macro using custom code. This talk will show you some of the techniques and methods used by real malware to bypass AVs and modern APT attack detection solutions.