Exploiting Victims with MS Office

Transcript

1. Exploiting Victims with MS Office - Purab Parihar

2. Purab Parihar 18 Y/o Security Researcher, Red Team Enthusiast, Casual

   Gamer I am featured in 40 under 40 By Rajasthan Patrika I hold CRTP and eJPT as Certifications I Blog at purabparihar.github.io Let’s Connect: LinkedIn : linkedin.com/in/purabparihar/ Twitter : @purab_parihar Instagram : @purabparihar ~# whoami

3. Agenda Intro To Office Phishing Intro to VBA Phishing with

   Docs How Red Teamer’s perform phishing on target organisation How VBA helps Macro’s to phish victims Some Phishing Techniques to trick victims

4. Intro to MS Office Phishing 01 Tricking Target’s to work

   in our Favour!

5. Intro to MS Office Phishing • Microsoft Office is commonly

   used while performing social engineering attacks on employees of target organisation during Red Team Enangement. • From an attacker perspective, MS Office is used as medium to deliver our malicious binaries/payloads to victims system. • These malicious actions are done by tricking user and abusing Macro functionality .

6. Intro to MS Office Phishing • As an Attacker, You

   can code a malicious macro which will perform a malicious action on victim’s pc. • For Example : Attacker’s code can download a binary to Victim’s PC and execute to gain a reverse shell on his Command & Control (C2) Server and exfiltrate the sensitive data from Victim’s PC.

7. Intro to VBA 02 The heart of Office Macros

8. Intro to VBA • Visual Basic for Applications (VBA) is

   introduced by MicroSoft as it’s event-driven programming langauge. • The VBA is used as programming language for coding Macro’s in MicroSoft Office Suite. • You can leverage Win32 APIs with VBA also. For Example – Executing Shellcode in Memory is not possible with Pure VBA but you can do it with Win32 APIs !!

9. Intro to VBA – Basics • Variables : Variables are

   defined with “Dim” • Method : A method starts with “Sub [Method Name]” and Ends with “Sub End” • If Else : Conditionals are defined in this format : Sub Test() Dim number as Long number=1 If Number < 5 Then MsgBox("True") Else MsgBox ("False") End If End Sub

10. Intro to VBA – Basics • For Loop Syntax :

    Sub Test() For counter = 1 To 3 MsgBox("Alert") Next counter End Sub • This will show 3 message boxes with “Alert” message • For more, you can refer Microsoft’s Documentation (https://docs.microsoft.com/en-us/office/vba/api/overview/)

11. Intro to VBA – Example • Here is a example

    to understand macro’s in better way!

12. Phishing with Docs 03 Game of Tricking

13. Phishing with Docs • It’s time to dive into phishing!

    • We always have to trick our victim to click on “Enable Content” and “Enable Editing” to execute macro’s • If victim enables both the options, our malicious macros will be executed! • So how to trick the victim to click on the buttons? Let’s see this in next slides

14. Phishing with Docs • Here are some samples to trick

    victims Source: https://www.fortinet.com/blog/threat-research/in-depth-analysis-of-net- malware-javaupdtr

15. Phishing with Docs • We’ve seen some examples in our

    previous slides • Now this technique is known as PreTexting • Here the user will have a page like the previous one but when a user enables macro, He/She we’ll be redirected to another page in same document • Let’s see some demo

16. Phishing with Docs

17. This presentation template was created by Slidesgo, including icons by

    Flaticon, and infographics & images by Freepik Thanks Do you have any questions? LinkedIn : linkedin.com/in/purabparihar/ Twitter : @purab_parihar Instagram : @purabparihar Please keep this slide for attribution.