- ALTERNATIVE TO RUN EXCEL VBA ON TABLET FULL
- ALTERNATIVE TO RUN EXCEL VBA ON TABLET SOFTWARE
- ALTERNATIVE TO RUN EXCEL VBA ON TABLET CODE
- ALTERNATIVE TO RUN EXCEL VBA ON TABLET SERIES
- ALTERNATIVE TO RUN EXCEL VBA ON TABLET WINDOWS
DCOM) functionality and is readily accessible from PowerShell. Yet in other use cases, you can instantiate COM objects on remote computers. Neither of these functions are natively available to client-side JavaScript on Windows.
From an attacker’s perspective, the XMLHTTPRequest and ADODB.Stream objects are highly valuable for downloading a file and writing them to disk. Once the COM object has been instantiated, additional functionality is exposed to the developer. native C++ binary or managed C# application/library). CScript/WScript, PowerShell, etc) or application (e.g. This functionality is provided by loading a COM object into your code, which in turn loads a DLL into either your script interpreter (e.g.
ALTERNATIVE TO RUN EXCEL VBA ON TABLET CODE
In other cases, COM can provide general purpose functionality that’s not provided by the language you’re writing code in. Previously, I have made use of COM objects to automate the construction of Microsoft Word maldocs using builder scripts.
ALTERNATIVE TO RUN EXCEL VBA ON TABLET WINDOWS
What can COM do for you? Well, in the most common use cases, it can give you the ability to open and interact with applications and services on Windows programmatically. You can access COM objects through all native programming languages for Windows OS’s, as well as through many non-native programming languages that provide COM access libraries.
ALTERNATIVE TO RUN EXCEL VBA ON TABLET SOFTWARE
But they’re still highly relevant today, since quite a bit of software that runs on Windows makes use of COM objects directly. In other words, ActiveX is a framework for accessing and using COM objects. In principle, ActiveX is not dependent on Microsoft Windows operating systems, but in practice, most ActiveX controls only run on Windows. Regardless, it’s probably a good idea to quote Wikipedia to help elaborate for those of us who aren’t in technical roles ( ):ĪctiveX is a software framework created by Microsoft that adapts its earlier Component Object Model (COM) and Object Linking and Embedding (OLE) technologies for content downloaded from a network, particularly from the World Wide Web. If you’re a technical type, you’re probably already familiar with ActiveX technology on Windows. The best I can come up with, to this date, is adding a digital signature within an Office document when you don’t have one prepared ahead of time. Maybe I’m getting old, or my imagination isn’t creative enough, but I can’t think of a reason why this object type would be available to embed in a Microsoft Office document. Sounds like something you might need on a tablet. It is intended for scenarios in which ink need not be recognized as text but is stored as ink. gif format) in an application that users can add ink to.
The InkPicture control enables you to place an image (.jpg. It made use of an embedded ActiveX object called InkPicture, and maldocs were utilizing this as an embedded ActiveX object which make use of the event handler InkPicture.Painted() to trigger execution.īut what the heck is an InkPicture? If we review Microsoft’s documentation ( ) we see the following:
Despite being a pain in his rear, he was kind enough to pass me the intel on this macro variant. He said something about an alternative macro execution method that was floating around in the wild, but luckily his team had been implementing YARA rules to catch any payloads that were delivered to our organization. Painting the PictureĪbout three years ago during my previous life on an internal Red Team, the director of threat detection mentioned something offhandedly during one of our weekly debriefs.
ALTERNATIVE TO RUN EXCEL VBA ON TABLET SERIES
This blog series is an attempt to rip the band aid off and convince you as a Red Teamer to use more macros and hopefully motivate your leadership to block macro execution via GPO. Although we still regularly have success utilizing maldocs during both Red and Purple Team tests, we don’t always depend upon methods that use the Document_Open() or Workbook_Open() event handlers – we have some alternatives for triggering macro execution. In a world where VBA Macros are still a viable delivery mechanism for both Red Teams and the bad guys, security tools such as antivirus within email gateways, sandbox detonation, YARA inspection of attachments, and host-based antivirus have all finally begun to catch up. But maybe it was because your defender’s tools flagged on the Document_Open() or Workbook_Open() event handlers for Microsoft Word or Excel. Perhaps it was because you reused a publicly available demo payload, maybe it was because you refactored some VBA you found on VirusTotal. If you have been on an internal Red Team or worked as a consultant, then you’ve probably experienced delivery or execution failure with your malicious documents (maldocs) at least once.
ALTERNATIVE TO RUN EXCEL VBA ON TABLET FULL
This is the first in a series of blogs – if you’re interested in reading the full series the links are here: part 1, part 2, part 3, part 4, part 5, and part 6