New Strategies in Stealth and Deployment
You're roughly halfway through this weighty tome, so it seems like a good time to take stock, revisit, and improve on previous topics while touching on some new and improved material.
VBA Redux: Alternative Command-Line Attack Vectors
VBA macros were examined in Chapter 1 as a means of delivering payloads and I want to revisit this technology, as there are other (better) ways of using them. The VBA macro is also a very illustrative way of demonstrating other techniques of talking to command and control and downloading and executing a second stage using only one command. There are also better ways of delivering the resulting Word document than email. Generally speaking, an MS Word document carrying a macro requires a .docm
extension which, regardless of whether you're able to get it past antivirus or malware detection, can still be identified by humans and machines alike as a possible attack vector before it's even downloaded. Email...