Advanced VBA Macros Attack & Defence - Black Hat Europe 2019

Presentation at Black Hat Europe 2019, about malicious VBA Macros and recent advances in the attack and defense sides.


In 2019, VBA macros are still heavily used to deliver malware, and new obfuscation techniques such as VBA Stomping implemented in EvilClippy allow attackers to deliver malicious payloads to end users without being detected. Luckily, analysis and detection tools are also progressing to address all the advanced attack techniques. This presentation will demonstrate some of the advanced attack techniques, and show how analysis and detection tools such as olevba have been recently improved to address the new challenges.

eu-19-Lagadec-Advanced-VBA-Macros-Attack-And-Defence.pdf2.3 MB