top of page
Josh Stroschein
Apr 12, 20201 min read
Excel 4 Macros – Get.Workspace Reference
With the recent resurgence of the use of Excel 4 macros in malicious excel documents, I’ve found myself scouring the internet looking for...
66 views

Josh Stroschein
Apr 9, 20202 min read
Removing Passwords from VBA Projects
Occasionally I’ll encounter a maldoc that has a password-protected VBA project. While tools such as oledump may still extract the macros,...
22 views

Josh Stroschein
Mar 18, 20205 min read
Maldoc uses Windows API to perform process hollowing
A favorite technique by malware authors is to use macros in their office documents to utilize a normal system executable and replace the...
36 views
bottom of page