PayloadsAllTHINGS/Methodology and Resources/Office - Attacks.md

Office - Attacks

⚠️ Content of this page has been moved to InternalAllTheThings/redteam/access/office-attacks

• Office Products Features
• Office Default Passwords
• Office Macro execute WinAPI
• Excel
  • XLSM - Hot Manchego
  • XLS - Macrome
  • XLM Excel 4.0 - SharpShooter
  • XLM Excel 4.0 - EXCELntDonut
  • XLM Excel 4.0 - EXEC
  • SLK - EXEC
• Word
  • DOCM - Metasploit
  • DOCM - Download and Execute
  • DOCM - Macro Creator
  • DOCM - C# converted to Office VBA macro
  • DOCM - VBA Wscript
  • DOCM - VBA Shell Execute Comment
  • DOCM - VBA Spawning via svchost.exe using Scheduled Task
  • DCOM - WMI COM functions (VBA AMSI)
  • DOCM - winmgmts
  • DOCM - Macro Pack - Macro and DDE
  • DOCM - BadAssMacros
  • DOCM - CACTUSTORCH VBA Module
  • DOCM - MMG with Custom DL + Exec
  • VBA Obfuscation
  • VBA Purging
    • OfficePurge
    • EvilClippy
  • VBA AMSI
  • VBA - Offensive Security Template
  • DOCX - Template Injection
  • DOCX - DDE
• References