DiscoverState of the HackS4E02: Weaponizing Office Documents with VBA Purging
S4E02: Weaponizing Office Documents with VBA Purging

S4E02: Weaponizing Office Documents with VBA Purging

Update: 2020-11-19
Share

Description

Malicious Office document’s module streams that contain source code,
but no P-code are more likely to evade YARA rules and AV detection.
This evasion technique is called VBA purging; which is different than
the observed VBA stomping technique. In this episode we will discuss
what VBA purging is, the difference between purging and stomping, the
consequences of this technique, and a new tool created by Mandiant’s
Red Team called OfficePurge.

Comments 
In Channel
The Defender's Advantage Podcast

The Defender's Advantage Podcast

2022-03-3001:05

S4E07: IIV Drippin: Overcoming Your Zero Day Hangover

S4E07: IIV Drippin: Overcoming Your Zero Day Hangover

2021-05-2035:36

S4E06: Extortion, Ransoms & the Wonderful Life of Red Teams

S4E06: Extortion, Ransoms & the Wonderful Life of Red Teams

2021-03-1937:05

S4E05: The Wonderful World of Web Shells

S4E05: The Wonderful World of Web Shells

2021-02-1832:51

S4E04: Apex Predators: Inside OpSec Strategy

S4E04: Apex Predators: Inside OpSec Strategy

2021-01-2135:27

S4E03: Azure Got Run Over by a Refresh Token

S4E03: Azure Got Run Over by a Refresh Token

2020-12-1840:41

S4E02: Weaponizing Office Documents with VBA Purging

S4E02: Weaponizing Office Documents with VBA Purging

2020-11-1956:32

S4E01: KEGTAP-ing Out: Don't be a One Trickbot Pony

S4E01: KEGTAP-ing Out: Don't be a One Trickbot Pony

2020-10-2949:46

S3E2: Hacking Tracking Pix & Macro Stomping Tricks

S3E2: Hacking Tracking Pix & Macro Stomping Tricks

2020-02-1042:58

S3E1: Spotlight Iran - from Cain & Abel to full SANDSPY

S3E1: Spotlight Iran - from Cain & Abel to full SANDSPY

2020-01-1753:54

S2E13: Rudolph the Redsourced Reindeer

S2E13: Rudolph the Redsourced Reindeer

2019-12-1137:47

S2E12: Shellcode. DLLy DLLy!

S2E12: Shellcode. DLLy DLLy!

2019-10-1720:07

S2E11: Between Two Steves

S2E11: Between Two Steves

2019-10-1126:18

S2E10: from MATH import CYBERZ*

S2E10: from MATH import CYBERZ*

2019-10-0342:23

S2E09: DerbyCon Edition with Dave Kennedy

S2E09: DerbyCon Edition with Dave Kennedy

2019-09-1819:13

S2E08: DerbyCon Edition with Nate Warfield

S2E08: DerbyCon Edition with Nate Warfield

2019-09-1625:34

S2E07: DerbyCon Edition w/ Carlos Perez & Benjamin Delpy

S2E07: DerbyCon Edition w/ Carlos Perez & Benjamin Delpy

2019-09-1230:17

S2E06: APT41 - Double Dragon: The Spy Who Fragged Me

S2E06: APT41 - Double Dragon: The Spy Who Fragged Me

2019-08-1431:19

SotH Convos: Finding Evil in Windows 10 Compressed Memory

SotH Convos: Finding Evil in Windows 10 Compressed Memory

2019-08-0717:39

S2E05: Your Payment Cards Are Our Business Cards

S2E05: Your Payment Cards Are Our Business Cards

2019-07-2531:57

loading
Google Play
Download from Google Play
Castbox
Download from App Store
usUnited States
00:00
00:00
x

0.5x

0.8x

1.0x

1.25x

1.5x

2.0x

3.0x

Sleep Timer

Off

End of Episode

5 Minutes

10 Minutes

15 Minutes

30 Minutes

45 Minutes

60 Minutes

120 Minutes

S4E02: Weaponizing Office Documents with VBA Purging

S4E02: Weaponizing Office Documents with VBA Purging

helena.davis@fireeye.com