Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Exploiting Victims with MS Office

Exploiting Victims with MS Office

Talk at Gravithon 2021

Purab Parihar

August 16, 2021
Tweet

More Decks by Purab Parihar

Other Decks in Technology

Transcript

  1. Purab Parihar 18 Y/o Security Researcher, Red Team Enthusiast, Casual

    Gamer I am featured in 40 under 40 By Rajasthan Patrika I hold CRTP and eJPT as Certifications I Blog at purabparihar.github.io Let’s Connect: LinkedIn : linkedin.com/in/purabparihar/ Twitter : @purab_parihar Instagram : @purabparihar ~# whoami
  2. Agenda Intro To Office Phishing Intro to VBA Phishing with

    Docs How Red Teamer’s perform phishing on target organisation How VBA helps Macro’s to phish victims Some Phishing Techniques to trick victims
  3. Intro to MS Office Phishing • Microsoft Office is commonly

    used while performing social engineering attacks on employees of target organisation during Red Team Enangement. • From an attacker perspective, MS Office is used as medium to deliver our malicious binaries/payloads to victims system. • These malicious actions are done by tricking user and abusing Macro functionality .
  4. Intro to MS Office Phishing • As an Attacker, You

    can code a malicious macro which will perform a malicious action on victim’s pc. • For Example : Attacker’s code can download a binary to Victim’s PC and execute to gain a reverse shell on his Command & Control (C2) Server and exfiltrate the sensitive data from Victim’s PC.
  5. Intro to VBA • Visual Basic for Applications (VBA) is

    introduced by MicroSoft as it’s event-driven programming langauge. • The VBA is used as programming language for coding Macro’s in MicroSoft Office Suite. • You can leverage Win32 APIs with VBA also. For Example – Executing Shellcode in Memory is not possible with Pure VBA but you can do it with Win32 APIs !!
  6. Intro to VBA – Basics • Variables : Variables are

    defined with “Dim” • Method : A method starts with “Sub [Method Name]” and Ends with “Sub End” • If Else : Conditionals are defined in this format : Sub Test() Dim number as Long number=1 If Number < 5 Then MsgBox("True") Else MsgBox ("False") End If End Sub
  7. Intro to VBA – Basics • For Loop Syntax :

    Sub Test() For counter = 1 To 3 MsgBox("Alert") Next counter End Sub • This will show 3 message boxes with “Alert” message • For more, you can refer Microsoft’s Documentation (https://docs.microsoft.com/en-us/office/vba/api/overview/)
  8. Intro to VBA – Example • Here is a example

    to understand macro’s in better way!
  9. Phishing with Docs • It’s time to dive into phishing!

    • We always have to trick our victim to click on “Enable Content” and “Enable Editing” to execute macro’s • If victim enables both the options, our malicious macros will be executed! • So how to trick the victim to click on the buttons? Let’s see this in next slides
  10. Phishing with Docs • Here are some samples to trick

    victims Source: https://www.fortinet.com/blog/threat-research/in-depth-analysis-of-net- malware-javaupdtr
  11. Phishing with Docs • We’ve seen some examples in our

    previous slides • Now this technique is known as PreTexting • Here the user will have a page like the previous one but when a user enables macro, He/She we’ll be redirected to another page in same document • Let’s see some demo
  12. This presentation template was created by Slidesgo, including icons by

    Flaticon, and infographics & images by Freepik Thanks Do you have any questions? LinkedIn : linkedin.com/in/purabparihar/ Twitter : @purab_parihar Instagram : @purabparihar Please keep this slide for attribution.