THREAT CON 2019 - Depth of effective macro campaign by Aniruddha Dolas and Prashant Tilekar
Talk Title: Depth of effective macro campaign
Presenters: Aniruddha Dolas and Prashant Tilekar
Spreading malware through MS Office macros is very simple, as it does not depend on MS Office version. Some of the major threats like Emotet, Trickbot, Ursnif, Hancitor, etc. have been using VBA macros, some of the futures of OLE has been used to spread malware like DDE. Spear-phishing, APT attacks, Muddy water campaigns are the few which spread through the same. We would like to deliver how malware gets spread using MS Office macros and in-details about different techniques of obfuscation and how it bypasses the detections of different AVs, as well as showing some different examples of VBA macro malware and normal VBA macro code. In our findings, we show you how to detect such VBA macros. Also, how the MS Office macros get evolved and stay persists in the system using WMI, COM, and Registries and behaves like a file-less.
Website : http://threatcon.io
Twitter : https://twitter.com/threat_con
Facebook : https://www.facebook.com/threatcon
Видео THREAT CON 2019 - Depth of effective macro campaign by Aniruddha Dolas and Prashant Tilekar канала THREAT CON
Presenters: Aniruddha Dolas and Prashant Tilekar
Spreading malware through MS Office macros is very simple, as it does not depend on MS Office version. Some of the major threats like Emotet, Trickbot, Ursnif, Hancitor, etc. have been using VBA macros, some of the futures of OLE has been used to spread malware like DDE. Spear-phishing, APT attacks, Muddy water campaigns are the few which spread through the same. We would like to deliver how malware gets spread using MS Office macros and in-details about different techniques of obfuscation and how it bypasses the detections of different AVs, as well as showing some different examples of VBA macro malware and normal VBA macro code. In our findings, we show you how to detect such VBA macros. Also, how the MS Office macros get evolved and stay persists in the system using WMI, COM, and Registries and behaves like a file-less.
Website : http://threatcon.io
Twitter : https://twitter.com/threat_con
Facebook : https://www.facebook.com/threatcon
Видео THREAT CON 2019 - Depth of effective macro campaign by Aniruddha Dolas and Prashant Tilekar канала THREAT CON
Показать
Комментарии отсутствуют
Информация о видео
Другие видео канала
THREAT CON 2019 - Hacking Human Lives via Body Area Network by Vignesh C
THREAT CON 2022- Attacking Access Control Models in Modern Web Applications By Imran Parray
THREAT CON 2019 - Securing the SDLC in the real world by Jim Manico
Threat CON 2018 - Exploiting Cloud Synchronisation to Mass Hack IoTs
THREAT CON 2022- Automation for Manual Bug Bounty Hunters By Eugene Lim (spaceraccoonsec)
THREAT CON 2019 - Nepal’s level of preparedness to deal with cyberwarfare attacks by Yogesh Ojha
THREAT CON 2022- XSS Curioxssity by Ahmad Ashraff
Threat CON 2018 - Building and Developing Communities (keynote) by Matt Suiche
Day 2 - THREAT CON 2021 | Virtual Edition
THREAT CON 2022 - Gajabaar, An InfoSecurity Mentorship – Design To Deployment by Prasant Adhikari
Threat CON 2018 - License managers: The Phantom Menace
THREAT CON 2019 - Bypassing iOS Security by Georgia Weidman
THREAT CON 2019 - XSS is dead?(Keynote) by Mario Heiderich
Threat CON 2018 - How To Effectively Manage Your Org's Cloud Security Posture
THREAT CON 2022 - Attacking Java For Fun and Profit By Vladimir Dashchenko
Threat CON 2018 - The OWASP Top Ten Proactive Controls 2018 by Jim Manico
Day 1 - THREAT CON 2021 | Virtual Edition
THREAT CON 2022 - Frida Unleashed By Bharath Kumar & Akshay Jain (Bounty Track)
THREAT CON 2022 - Operation Earth Berberoka by Jaromir Horejsi