You are here : Home » Security tools » MacroPack » RedTeam With Publisher

RedTeam With Publisher

Windows Initial Vector Series

D 28 April 2022     H 18:22     A Emeric Nasi     C 0 messages


License : Copyright Emeric Nasi (@EmericNasi), some rights reserved
This work is licensed under a Creative Commons Attribution 4.0 International License.
Creative Commons License

1. Foreword

Microsoft Publisher is another tool of the Office suite which is often ignored when RedTeaming.
However, it has been successfully used in several malware campaigns (examples here). Indeed,
Publisher does have an important offensive potential as it can both:

  • Execute VBA code; and
  • Embed files

Let’s review how those work as well as the pros and cons of using a Publisher document as an initial RedTeam payload.

Note: Examples in this document rely on the use of MacroPack Pro by BallisKit. MP Pro is a commercial tool for RedTeams legal use only. Reading this post, you should be able to reproduce those examples manually even if you don’t have MacroPack Pro.

Contact information:

Please open the PDF below to read the full article.

PDF - 623.4 kb

Also in this section

9 August 2022 – RedTeam With OneNote

21 January 2021 – Launch shellcodes and bypass Antivirus using MacroPack Pro VBA payloads

18 September 2020 – Advanced MacroPack payloads: XLM Injection

18 September 2020 – EXCEL 4.0 XLM macro in MacroPack Pro

Any message or comments?
pre-moderation

This forum is moderated before publication: your contribution will only appear after being validated by an administrator.

Who are you?
Your post

Search

Also in this section

1.  RedTeam With OneNote

2.  RedTeam With Publisher

3.  Launch shellcodes and bypass Antivirus using MacroPack Pro VBA payloads

4.  Advanced MacroPack payloads: XLM Injection

5.  EXCEL 4.0 XLM macro in MacroPack Pro

Most popular

1.  Digging passwords in Linux swap

2.  Launch shellcodes and bypass Antivirus using MacroPack Pro VBA payloads

3.  Bypass Defender and other thoughts on Unicode RTLO attacks

4.  Hacking around HTA files

5.  Yet another sdclt UAC bypass

5 random articles

1.  Rogue WiFi Access point

2.  Advanced USB key phishing

3.  Iptables firewall versus nmap and hping3

4.  Digging passwords in Linux swap

5.  Code segment encryption

Sponsor

If you appreciate my work, you may help or reward with a contribution :)

Most recent articles

1 | 2 | 3 | 4 | 5

Recent comments

1 | 2 | 3 | 4 | 5

Latest news

2010-2023 Sevagas
Archives | | Contact

RSS 2.0 twitter linkedin facebook