Class Central is learner-supported. When you buy through links on our site, we may earn an affiliate commission.

YouTube

LOLDocs - Sideloading in Signed Office Files

BruCON Security Conference via YouTube

Overview

Explore an innovative approach to phishing through "code side-loading in signed documents" in this 43-minute conference talk from BruCON Security Conference. Delve into the process of identifying vulnerabilities in Microsoft signed Office add-ins, with a focus on the Microsoft Analysis ToolPak Excel add-ins (.XLAM file type). Learn how attackers can exploit these vulnerabilities to embed malicious code without invalidating signatures, creating potential phishing scenarios. Discover the complexities involved in finding, exploiting, and weaponizing this class of vulnerabilities, as well as the challenges in implementing effective mitigations. Gain insights into the ongoing battle between increased security measures and evolving phishing techniques in the realm of Office documents.

Syllabus

07 - BruCON 0x0E - LOLDocs: Sideloading in Signed Office files - Pieter Ceelen & Dima van de Wouw

Taught by

BruCON Security Conference

Reviews

Start your review of LOLDocs - Sideloading in Signed Office Files

Never Stop Learning.

Get personalized course recommendations, track subjects and courses with reminders, and more.

Someone learning on their laptop while sitting on the floor.