July TASK: How to roll your own document tracker using macros and tracking pixels / Threat Intelligence, Debunking Advanced Persistent Threats, and Dealing with Attribution Challenges

Wednesday 26-July-2017 // 6:00 – 9:00 PM
Meeting Location: 55 John Street, Toronto
Room: Rotunda (Main floor past the elevators)


July TASK

This month we have Roy Firestein hosting a session on how you can track users in phishing campaigns using Word and Excel attachments—using macro-based and pixel-based solutions.

As always, TASK is free, registration is not required to attend, and we invite you to bring your friends and colleagues.

Any questions email info@task.to. We look forward to seeing you there!


Roy Firestein, Research & Development Lead at eSentire Inc.
How to roll your own document tracker using macros and tracking pixels

Microsoft Office documents are ubiquitous in the corporate environment, and are an excellent vector for information gathering and exploitation. While most attacks require a sophisticated vulnerability to run your payload, there are still other “non-malicious” techniques to achieve your goal. In this talk we will delve into how, at eSentire, we generate and track users in our phishing campaigns using Word and Excel attachments—using macro-based and pixel-based solutions. Some of the cool things we will explore include how to trick users into opening your .docm file and executing a PowerShell script that interrogates ActiveDirectory or starts a port scan. Sample code and tools will be released as part of the talk so you can experiment later with these techniques.


Viktors Engelbrehts, Director of Threat Intelligence at eSentire
Threat Intelligence, Debunking Advanced Persistent Threats, and Dealing with Attribution Challenges

The buzzwords of “Threat Intelligence” and “Advanced Persistent Threats” continue to be used throughout the information security (“cyber”) industry. Viktors will describe how actionable threat intelligence actually fits into the defence cycle, and where you should be skeptical (including reliable vs. unreliable attribution methods).

Meeting Location: 55 john Street, Toronto. Room: Rotunda (Main floor past the elevators)

Posted in Events.