Office in Wonderland presented at BlackHatAsia2019 2019

by Pieter Hegt,

Summary : In this talk we will explore a wide range of novel techniques that abuse Microsoft Office features for offensive purposes. We will disclose details on new Word and Excel vulnerabilities, release attack vectors that Microsoft deemed features and demonstrate the security impact of the architectural design of the MS Office suite. A journey down the rabbit hole with offensive surprises ahead.In previous research, we have already demonstrated that abusing legacy functionality (such as a macro language that pre-dates VBA) bypasses many existing security controls. In this talk we will go even further and share our most recent findings and insights into unexplored legacy functionality in the MS Office suite that can be abused in all stages of an attack. Amongst others, we will demonstrate how to abuse Word documents for stealing sensitive information from systems, how to create phishing documents for credential harvesting without a macro payload, how to bypass the most recent security features in MS Office (AMSI for VBA, ASR) and much more.