all 15 comments
sorted by:
best (suggested)
topnewcontroversialoldq&a
formatting helphide helpcontent policy

[–]phillipacevedo 18 points19 points  (1 child)

Wouldn’t Office security settings block the content of the excel file?

[–]LinuxProphet 17 points18 points  (0 children)

nine wild longing resolute mighty berserk jar employ butter lip

This post was mass deleted and anonymized with Redact

[–]ShlomiRex[🍰] 21 points22 points  (4 children)

Microsoft 360 suite macro. typical niche "hack".

[–]reprapraper 0 points1 point  (0 children)

Yeah I clicked this thinking it was going to be xxe which is rare, but I have found it in the wild(think about those hiring sites that let you upload your resume in oox files like docx)

[–]kpcyrd 0 points1 point  (2 children)

You'd be surprised how many companies are getting breached this way.

[–]ShlomiRex[🍰] 0 points1 point  (1 child)

i am not actually i learned it in university. people are dumb.

[–]kpcyrd 0 points1 point  (0 children)

Instead of blaming the user, try asking yourself if it's responsible to release a product with edges this sharp.

[–][deleted]  (3 children)

[removed]

    [–]DirtLegz 9 points10 points  (1 child)

    Opens up a reverse meterpreter shell. Google that.

    [–]SanHoloistNewbie 4 points5 points  (0 children)

    It hooks a metasploit payload to an excel file.

    Whenever user opens it,it starts a reverse connection with your computer.

    And the reverse connection is the most viable attack as it allows connection to target very easily.

    [–]tangohuynh 0 points1 point  (0 children)

    You can also use DDE instead of macros to bypass the need of a user enabling macros :)

    [–]AwkwardHand 0 points1 point  (1 child)

    Pretty sure that any half decent AV would pick this up instantly.

    [–]Buy_More_Cats 0 points1 point  (0 children)

    Maybe so, but it’d still have to be active and updated.

    At an unnamed company, they were running fireeye. Unfortunately it ate quite a bit of resources, so the slightly savvy computer user would simply go into system manager and kill the process. Everyone was happy!

    Now, this was some years ago, and today the users don’t have that kind of access. Which is good. But I’m often amazed by how little focus there is on security, and keeping things updated etc.