Since 2014, malicious macros are coming back. And their success in recent campaigns demonstrates that it is still an effective way to deliver malware, sixteen years after Melissa.
This is a presentation that I gave to the SSTIC symposium in June 2015, translated to English. It explains what malicious macros can do, how their code can be obfuscated, and some of the anti-analysis tricks observed in recent cases. Then it shows several tools that can be used to analyze macros, including oledump and olevba.
Attachment | Size |
---|---|
SSTIC15_Lagadec_Macros_slides_v2_EN.pdf | 462.41 KB |
SSTIC15_Lagadec_Macros_slides_v1_FR.pdf | 452.19 KB |