This course explores novel techniques that exploit Microsoft Office features for offensive purposes. The learning outcomes include understanding new Word and Excel vulnerabilities, releasing attack vectors, and demonstrating the security impact of the MS Office suite's architectural design. The course teaches skills such as credential stealing, VBAMacros, Shell Code, and Active File Format manipulation. The teaching method involves demos and practical examples. This course is intended for cybersecurity professionals interested in offensive security techniques related to Microsoft Office.
Overview
Syllabus
Introduction
Demo
Fields
Credential stealing
Do we need VBA
Macros
Shell Code
Active File Format
Silk
Compound Files
Module Stream
Evil Clippy
MZ
Bypass MZ
Conclusion
Taught by
Black Hat