Watch Hackers Craft Malicious Office Macros (ft. Kilian from SecurityFWD)

So many attacks start with a simple booby-trapped document that runs malicious code. Crafty attackers can even customize the payload to bypass endpoint controls! Don’t believe us? Check out this epic cross-over event, where Kilian from SecurityFWD meets with Kody from Null Byte/SecurityFWD to explore how an attacker would build a “malicious” document that bypasses endpoint controls, establishes a C&C channel, and more!

Subscribe to Null Byte: https://goo.gl/J6wEnH
Kody's Twitter:   / kodykinzie  

SecurityFWD:    / securityfwd  
Varonis:    / varonissystems  


Chapters:
0:00 Countdown
0:35 Intro
7:10 What are we doing today?
11:05 Macros and Social Engineering
14:25 Hello World of Macros
16:28 Auto Opening Macro
17:50 Grabbing System Details
20:35 Windows Defender
24:10 Bypassing Windows Defender
28:20 Process Explorer
30:25 Remote Connection
35:10 Send and Receive Data via Post
39:50 What this looks like in Wireshark
43:25 Sending Encrypted Data
51:20 Command and Control
54:40 Popping Calc
56:50 Closing Thoughts


Follow Null Byte on:
Twitter:   / nullbyte  
Flipboard: https://flip.it/3.Gf_0
Website: https://null-byte.com
Vimeo: https://vimeo.com/channels/nullbyte