THREAT CON 2019 - Depth of effective macro campaign by Aniruddha Dolas and Prashant Tilekar
Talk Title: Depth of effective macro campaign
Presenters: Aniruddha Dolas and Prashant Tilekar
Spreading malware through MS Office macros is very simple, as it does not depend on MS Office version. Some of the major threats like Emotet, Trickbot, Ursnif, Hancitor, etc. have been using VBA macros, some of the futures of OLE has been used to spread malware like DDE. Spear-phishing, APT attacks, Muddy water campaigns are the few which spread through the same. We would like to deliver how malware gets spread using MS Office macros and in-details about different techniques of obfuscation and how it bypasses the detections of different AVs, as well as showing some different examples of VBA macro malware and normal VBA macro code. In our findings, we show you how to detect such VBA macros. Also, how the MS Office macros get evolved and stay persists in the system using WMI, COM, and Registries and behaves like a file-less.
Website : http://threatcon.io
Twitter : https://twitter.com/threat_con
Facebook : https://www.facebook.com/threatcon
Видео THREAT CON 2019 - Depth of effective macro campaign by Aniruddha Dolas and Prashant Tilekar канала THREAT CON
Presenters: Aniruddha Dolas and Prashant Tilekar
Spreading malware through MS Office macros is very simple, as it does not depend on MS Office version. Some of the major threats like Emotet, Trickbot, Ursnif, Hancitor, etc. have been using VBA macros, some of the futures of OLE has been used to spread malware like DDE. Spear-phishing, APT attacks, Muddy water campaigns are the few which spread through the same. We would like to deliver how malware gets spread using MS Office macros and in-details about different techniques of obfuscation and how it bypasses the detections of different AVs, as well as showing some different examples of VBA macro malware and normal VBA macro code. In our findings, we show you how to detect such VBA macros. Also, how the MS Office macros get evolved and stay persists in the system using WMI, COM, and Registries and behaves like a file-less.
Website : http://threatcon.io
Twitter : https://twitter.com/threat_con
Facebook : https://www.facebook.com/threatcon
Видео THREAT CON 2019 - Depth of effective macro campaign by Aniruddha Dolas and Prashant Tilekar канала THREAT CON
Показать
Комментарии отсутствуют
Информация о видео
Другие видео канала
THREAT CON 2019 - Hacking Human Lives via Body Area Network by Vignesh CTHREAT CON 2022- Attacking Access Control Models in Modern Web Applications By Imran ParrayTHREAT CON 2019 - Securing the SDLC in the real world by Jim ManicoThreat CON 2018 - Exploiting Cloud Synchronisation to Mass Hack IoTsTHREAT CON 2022- Automation for Manual Bug Bounty Hunters By Eugene Lim (spaceraccoonsec)THREAT CON 2019 - Nepal’s level of preparedness to deal with cyberwarfare attacks by Yogesh OjhaTHREAT CON 2022- XSS Curioxssity by Ahmad AshraffThreat CON 2018 - Building and Developing Communities (keynote) by Matt SuicheDay 2 - THREAT CON 2021 | Virtual EditionTHREAT CON 2022 - Gajabaar, An InfoSecurity Mentorship – Design To Deployment by Prasant AdhikariThreat CON 2018 - License managers: The Phantom MenaceTHREAT CON 2019 - Bypassing iOS Security by Georgia WeidmanTHREAT CON 2019 - XSS is dead?(Keynote) by Mario HeiderichThreat CON 2018 - How To Effectively Manage Your Org's Cloud Security PostureTHREAT CON 2022 - Attacking Java For Fun and Profit By Vladimir DashchenkoThreat CON 2018 - The OWASP Top Ten Proactive Controls 2018 by Jim ManicoDay 1 - THREAT CON 2021 | Virtual EditionTHREAT CON 2022 - Frida Unleashed By Bharath Kumar & Akshay Jain (Bounty Track)THREAT CON 2022 - Operation Earth Berberoka by Jaromir Horejsi