RedTeam With Publisher

Windows Initial Vector Series

Microsoft Publisher is another tool of the Office suite which is often ignored when RedTeaming. This is a basic review of the great potential Publisher has for Offensive Security engagements.

Article published on 28 April 2022

by Emeric Nasi

License : Copyright Emeric Nasi (@EmericNasi), some rights reserved
This work is licensed under a Creative Commons Attribution 4.0 International License.

1. Foreword

Microsoft Publisher is another tool of the Office suite which is often ignored when RedTeaming.
However, it has been successfully used in several malware campaigns (examples here). Indeed,
Publisher does have an important offensive potential as it can both:

Execute VBA code; and
Embed files

Let’s review how those work as well as the pros and cons of using a Publisher document as an initial RedTeam payload.

Note: Examples in this document rely on the use of MacroPack Pro by BallisKit. MP Pro is a commercial tool for RedTeams legal use only. Reading this post, you should be able to reproduce those examples manually even if you don’t have MacroPack Pro.

Contact information:

emeric.nasi[at]sevagas.com
https://twitter.com/EmericNasi
https://blog.sevagas.com/ - https://github.com/sevagas

Please open the PDF below to read the full article.

1. Foreword

Also in this section