Bringing the Power of Symbolic Execution to the Fight Against Malicious Excel 4 Macros

Explore a 35-minute Black Hat conference presentation on Symbexcel, a new tool implementing Symbolic Execution for Excel 4.0 macros. Dive into the world of cybersecurity as experts Giovanni Vigna, Nicola Ruaro, Fabio Pagani, and Stefano Ortolani discuss how this innovative approach combats malicious macros. Learn about the challenges in detecting these attack vectors, the limitations of current security measures, and how Symbexcel's plugins support the analysis of highly obfuscated and evasive samples. Gain insights into Excel 4 macro functionality, evasion techniques, and the principles of Symbolic Execution. Discover the tool's architecture, including its loader, simulation manager, and step function. Understand the importance of deobfuscating malicious samples and evaluate the effectiveness of this cutting-edge cybersecurity solution.

Introduction
Excel 4 Macros
How they work
Mouse and Audio
Evasion
Char Function
Register Function
Symbolic Execution Example
Introduction to Symbolic Execution
Concrete Analysis
Concrete Analysis Problem
Architecture
Loader
Simulation Manager
Environment and constraints
Step function
Examples
Malicious Excel sample analysis
Why deobfuscate a sample
Evaluation
Conclusion