RedTeam With Publisher
Windows Initial Vector Series
28 April 2022 18:22 0 messages
License : Copyright Emeric Nasi (@EmericNasi), some rights reserved
This work is licensed under a Creative Commons Attribution 4.0 International License.
1. Foreword
Microsoft Publisher is another tool of the Office suite which is often ignored when RedTeaming.
However, it has been successfully used in several malware campaigns (examples here). Indeed,
Publisher does have an important offensive potential as it can both:
- Execute VBA code; and
- Embed files
Let’s review how those work as well as the pros and cons of using a Publisher document as an initial RedTeam payload.
Contact information:
- emeric.nasi[at]sevagas.com
- https://twitter.com/EmericNasi
- https://blog.sevagas.com/ - https://github.com/sevagas
Please open the PDF below to read the full article.
Also in this section
9 August 2022 – RedTeam With OneNote
21 January 2021 – Launch shellcodes and bypass Antivirus using MacroPack Pro VBA payloads
18 September 2020 – Advanced MacroPack payloads: XLM Injection
18 September 2020 – EXCEL 4.0 XLM macro in MacroPack Pro