So many attacks start with a simple booby-trapped document that runs malicious code. Crafty attackers can even customize the payload to bypass endpoint controls! Don’t believe us? Check out this epic cross-over event, where Kilian from SecurityFWD meets with Kody from Null Byte/SecurityFWD to explore how an attacker would build a “malicious” document that bypasses endpoint controls, establishes a C&C channel, and more!


Chapters:
0:00 Countdown
0:07 Intro
6:45 What are we doing today?
10:40 Macros and Social Engineering
14:00 Hello World of Macros
16:03 Auto Opening Macro
17:25 Grabbing System Details
20:10 Windows Defender
23:45 Bypassing Windows Defender
27:55 Process Explorer
30:00 Remote Connection
34:45 Send and Receive Data via Post
39:25 What this looks like in Wireshark
43:00 Sending Encrypted Data
50:55 Command and Control
54:15 Popping Calc
56:50 Closing Thoughts

свернуть