Friday, November 14, 2008

Link: Writing malicious maros using metasploit

Good blog post over at securiteam on using the exe2vba portion of metasploit to embed malicious code into office documents. Fun!

of course those attacks can be mitigated with proper group policy but most places "need their macros!" so enjoy the pwnings.


denial said...

HDM published this new Metasploit "feature" few days ago on Pen-Test mailing list:


natron said...

Using VBA in Word/Excel to run commands:

To download files:

Running commands as system:

Killing of antivirus:

Modifying the windows firewall:

CG said...

thanks for the links