OSCP Tactics: How to Create a Malicious Word Macro for Remote Code Execution
1 min read
Summary
This article comes from a Pentester Magazine writer, who shares their opinion and experience on OSCP (Offensive Security Certified Professional) training, and using macros for remote code execution.
They have resurfaced an older Cyber Attack technique, that of using malicious Microsoft Word macros, to get a foothold on a targeted company’s system.
They say that whilst these types of malware attacks are less successful than in the early 2000s, they are still very much a viable tactic.
The writer gives credit to Microsoft for trying to block these types of attack, by default blocking macros, and requiring multiple security authorisations to enable them.
They conclude however, that the bad actors will always come up with new tactics and methodologies, especially as more businesses move to the cloud, and they (the writers) feel that these older attack methods could make a comeback given the right circumstances.