Bypassing Endpoint Controls Using Office Macros - Techniques and Defenses

Explore the intricacies of bypassing endpoint controls using Office macros in this 48-minute video featuring Kilian from Varonis. Dive into the creation of a "malicious" document that evades security measures, establishes command and control channels, and executes remote code. Learn about Excel macro documents, attack surface reduction techniques, and sneaky data exfiltration methods. Discover how base64 encoding is utilized in macros and understand what to monitor for in your security efforts. Gain valuable insights into the world of cybersecurity and endpoint protection through this collaborative presentation by SecurityFWD and Varonis.

Countdown
Intro
What we're doing today
Excel Macro Document
Exploring the Macro
Attack Surface Reduction
Bypassing Defenses
Using Command and Control
Sneaky Data Exfiltration
Base64 Encoding in the Macro
What to Monitor For
Remote Code Execution
Kody Shout-out
Closing Thoughts
Endscreen