Wednesday 26-July-2017 // 6:00 – 9:00 PM
Meeting Location: 55 John Street, Toronto
Room: Rotunda (Main floor past the elevators)
This month we have Roy Firestein hosting a session on how you can track users in phishing campaigns using Word and Excel attachments—using macro-based and pixel-based solutions.
As always, TASK is free, registration is not required to attend, and we invite you to bring your friends and colleagues.
Any questions email firstname.lastname@example.org. We look forward to seeing you there!
Roy Firestein, Research & Development Lead at eSentire Inc.
How to roll your own document tracker using macros and tracking pixels
Microsoft Office documents are ubiquitous in the corporate environment, and are an excellent vector for information gathering and exploitation. While most attacks require a sophisticated vulnerability to run your payload, there are still other “non-malicious” techniques to achieve your goal. In this talk we will delve into how, at eSentire, we generate and track users in our phishing campaigns using Word and Excel attachments—using macro-based and pixel-based solutions. Some of the cool things we will explore include how to trick users into opening your .docm file and executing a PowerShell script that interrogates ActiveDirectory or starts a port scan. Sample code and tools will be released as part of the talk so you can experiment later with these techniques.
Additional topics TBA
Meeting Location: 55 john Street, Toronto. Room: Rotunda (Main floor past the elevators)