Slide 1

Slide 1 text

Exploiting Victims with MS Office - Purab Parihar

Slide 2

Slide 2 text

Purab Parihar 18 Y/o Security Researcher, Red Team Enthusiast, Casual Gamer I am featured in 40 under 40 By Rajasthan Patrika I hold CRTP and eJPT as Certifications I Blog at purabparihar.github.io Let’s Connect: LinkedIn : linkedin.com/in/purabparihar/ Twitter : @purab_parihar Instagram : @purabparihar ~# whoami

Slide 3

Slide 3 text

Agenda Intro To Office Phishing Intro to VBA Phishing with Docs How Red Teamer’s perform phishing on target organisation How VBA helps Macro’s to phish victims Some Phishing Techniques to trick victims

Slide 4

Slide 4 text

Intro to MS Office Phishing 01 Tricking Target’s to work in our Favour!

Slide 5

Slide 5 text

Intro to MS Office Phishing • Microsoft Office is commonly used while performing social engineering attacks on employees of target organisation during Red Team Enangement. • From an attacker perspective, MS Office is used as medium to deliver our malicious binaries/payloads to victims system. • These malicious actions are done by tricking user and abusing Macro functionality .

Slide 6

Slide 6 text

Intro to MS Office Phishing • As an Attacker, You can code a malicious macro which will perform a malicious action on victim’s pc. • For Example : Attacker’s code can download a binary to Victim’s PC and execute to gain a reverse shell on his Command & Control (C2) Server and exfiltrate the sensitive data from Victim’s PC.

Slide 7

Slide 7 text

Intro to VBA 02 The heart of Office Macros

Slide 8

Slide 8 text

Intro to VBA • Visual Basic for Applications (VBA) is introduced by MicroSoft as it’s event-driven programming langauge. • The VBA is used as programming language for coding Macro’s in MicroSoft Office Suite. • You can leverage Win32 APIs with VBA also. For Example – Executing Shellcode in Memory is not possible with Pure VBA but you can do it with Win32 APIs !!

Slide 9

Slide 9 text

Intro to VBA – Basics • Variables : Variables are defined with “Dim” • Method : A method starts with “Sub [Method Name]” and Ends with “Sub End” • If Else : Conditionals are defined in this format : Sub Test() Dim number as Long number=1 If Number < 5 Then MsgBox("True") Else MsgBox ("False") End If End Sub

Slide 10

Slide 10 text

Intro to VBA – Basics • For Loop Syntax : Sub Test() For counter = 1 To 3 MsgBox("Alert") Next counter End Sub • This will show 3 message boxes with “Alert” message • For more, you can refer Microsoft’s Documentation (https://docs.microsoft.com/en-us/office/vba/api/overview/)

Slide 11

Slide 11 text

Intro to VBA – Example • Here is a example to understand macro’s in better way!

Slide 12

Slide 12 text

Phishing with Docs 03 Game of Tricking

Slide 13

Slide 13 text

Phishing with Docs • It’s time to dive into phishing! • We always have to trick our victim to click on “Enable Content” and “Enable Editing” to execute macro’s • If victim enables both the options, our malicious macros will be executed! • So how to trick the victim to click on the buttons? Let’s see this in next slides

Slide 14

Slide 14 text

Phishing with Docs • Here are some samples to trick victims Source: https://www.fortinet.com/blog/threat-research/in-depth-analysis-of-net- malware-javaupdtr

Slide 15

Slide 15 text

Phishing with Docs • We’ve seen some examples in our previous slides • Now this technique is known as PreTexting • Here the user will have a page like the previous one but when a user enables macro, He/She we’ll be redirected to another page in same document • Let’s see some demo

Slide 16

Slide 16 text

Phishing with Docs

Slide 17

Slide 17 text

This presentation template was created by Slidesgo, including icons by Flaticon, and infographics & images by Freepik Thanks Do you have any questions? LinkedIn : linkedin.com/in/purabparihar/ Twitter : @purab_parihar Instagram : @purabparihar Please keep this slide for attribution.