Alternative Execution: A Macro Saga (part 6)
Over the past five blogs (part 1, part 2, part 3, part 4, part 5) we’ve covered utilizing event handlers for ActiveX controls to obtain code execution in Office documents, […]
Author: Jerry Odegaard
Alternative Execution: A Macro Saga (part 5)
Thanks for returning to the series! Over the last few posts we discussed making use events from the InkPicture, Windows Media Player, and System Monitor controls to obtain macro execution, […]
Alternative Execution: A Macro Saga (part 4)
Thanks for returning to the “Alternative Execution: A Macro Saga” series! ( Here’s part 1, part 2, and part 3) It’s been a busy past few months, and I had […]
Alternative Execution: A Macro Saga (part 3)
In the last few blogs in this series (part 1 & part 2) we worked through scenarios making use of the ActiveX controls InkPicture and WMPlayer to trigger macro execution. […]
Alternative Execution: A Macro Saga (part 2)
In the previous blog in this series, we worked through a scenario making use of the ActiveX control InkPicture to trigger macro execution. Macro execution utilizing the InkPicture object can […]
Alternative Execution: A Macro Saga (part 1)
If you have been on an internal Red Team or worked as a consultant, then you’ve probably experienced delivery or execution failure with your malicious documents (maldocs) at least once. […]
DotNetToJScript – Redux
In my previous several blog posts (here, here, and here) we covered usage of a really interesting tool released about three years ago: the DotNetToJScript project (https://github.com/tyranid/DotNetToJScript). Although it’s been […]
Advanced TTPs – DotNetToJScript – Part 3
In our last blog we walked through modifying the UnmanagedPowerShell project to produce a version of PowerShellRunner that’s compatible with DotNetToJScript. The end goal in that blog was to execute […]
Advanced TTPs – DotNetToJScript – Part 2
Last time we went through an overview of the awesome DotNetToJScript project, and why you should be interested in it for your Red/Purple Team testing. In this blog we’ll cover […]
Advanced TTPs – DotNetToJScript (Part 1)
About three years ago Google Project Zero’s researcher James Forshaw released the excellent DotNetToJScript project (https://github.com/tyranid/DotNetToJScript). If you’re not familiar, it introduced an interesting method to reflectively load a .NET […]