YoVDO

Office in Wonderland

Offered By: Black Hat via YouTube

Tags

Black Hat Courses Cybersecurity Courses Microsoft Office 365 Courses

Course Description

Overview

Embark on a journey through the vulnerabilities and exploitable features of Microsoft Office in this 51-minute Black Hat conference talk. Explore novel offensive techniques, including newly discovered Word and Excel vulnerabilities, and witness the security implications of the MS Office suite's architectural design. Delve into topics such as credential stealing, VBA alternatives, macros, shell code, Active File Format, Silk, compound files, module streams, and Evil Clippy. Learn about MZ bypass techniques and gain insights into the potential security risks lurking within seemingly innocuous Office features. Presented by Pieter Ceelen and Stan Hegt, this eye-opening session offers a comprehensive look at the hidden dangers within the Microsoft Office ecosystem.

Syllabus

Introduction
Demo
Fields
Credential stealing
Do we need VBA
Macros
Shell Code
Active File Format
Silk
Compound Files
Module Stream
Evil Clippy
MZ
Bypass MZ
Conclusion


Taught by

Black Hat

Related Courses

Introduction to Office 365 Development and APIs
Microsoft via edX
Office 365: Managing Identities and Services with Hands-on Labs
Microsoft via edX
Compliance in Office 365: eDiscovery
Microsoft via edX
Compliance in Office 365: Data Governance
Microsoft via edX
Microsoft Exchange Server 2016 - 5: Hybrid Topologies with Office 365
Microsoft via edX