Loading…
This event has ended. View the official site or create your own event → Check it out
This event has ended. Create your own
View analytic
Friday, September 15 • 14:00 - 14:59
William Knowles - Persisting with Microsoft Office: Abusing Extensibility Options

Sign up or log in to save this to your schedule and see who's attending!

One software product that red teamers will almost certainly find on any compromised workstation is Microsoft Office. This talk will discuss the ways that native functionality within Office can be abused to obtain persistence.

A wide range of techniques for abusing various add-in mechanisms will be covered. Each persistence mechanism will be discussed in terms of its relative advantages and disadvantages for red teamers. In particular, with regards to their complexity to deploy, privilege requirements, and applicability to Virtual Desktop Infrastructure (VDI) environments which hinder the use of many traditional persistence mechanisms.

The talk will finish with approaches to detection and prevention of these persistence mechanisms.

Speakers

Friday September 15, 2017 14:00 - 14:59
*Track 2*

Attendees (23)