Office in Wonderland
Offered By: Black Hat via YouTube
Course Description
Overview
Embark on a journey through the vulnerabilities and exploitable features of Microsoft Office in this 51-minute Black Hat conference talk. Explore novel offensive techniques, including newly discovered Word and Excel vulnerabilities, and witness the security implications of the MS Office suite's architectural design. Delve into topics such as credential stealing, VBA alternatives, macros, shell code, Active File Format, Silk, compound files, module streams, and Evil Clippy. Learn about MZ bypass techniques and gain insights into the potential security risks lurking within seemingly innocuous Office features. Presented by Pieter Ceelen and Stan Hegt, this eye-opening session offers a comprehensive look at the hidden dangers within the Microsoft Office ecosystem.
Syllabus
Introduction
Demo
Fields
Credential stealing
Do we need VBA
Macros
Shell Code
Active File Format
Silk
Compound Files
Module Stream
Evil Clippy
MZ
Bypass MZ
Conclusion
Taught by
Black Hat
Related Courses
Introduction to Office 365 Development and APIsMicrosoft via edX Office 365: Managing Identities and Services with Hands-on Labs
Microsoft via edX Compliance in Office 365: eDiscovery
Microsoft via edX Compliance in Office 365: Data Governance
Microsoft via edX Microsoft Exchange Server 2016 - 5: Hybrid Topologies with Office 365
Microsoft via edX