Overview
Explore advanced VBA macros attack and defense techniques in this 51-minute Black Hat conference talk. Delve into the persistent use of VBA macros for malware delivery and learn about new obfuscation methods like VBA Stomping. Discover how analysis and detection tools have evolved to counter these sophisticated attack strategies. Examine the history of macros, typical macro viewers, and the potential consequences of macro-based campaigns. Gain insights into VBA encryption, analysis tools, and the inner workings of macro integration. Understand the challenges posed by VBA stomping and its impact on Excel macros. Learn about detection and prevention methods, including Macro Raptor, Macro Block, Microsoft GPO, and Application Guard. Conclude with a look at safe features and future developments in the field of macro security.
Syllabus
Introduction
Disclaimer
Agenda
History of Macros
Macro Based Campaigns
Typical Macro Viewer
What can happen
Macros in 2019
Macro Example
VBA Encryption
Analysis Tools
VBA
Demo
Integrations
Macros
How it works
VBA stomping
The problem
The demo
The new technique
Excel for macros
Quick demo
How does it work
Detection Prevention
Detecting Macros
Macro Raptor
Macro Block
Microsoft GPO
Application Guard
Safe Features
Future Work
Taught by
Black Hat