Cross Posting - Other Blog Posts

Before creating this blog, I had the opportunity to create numerous posts under the SensePost blog. These cover a few topics including mobile apps, web apps and infrastructure. ...

February 17, 2018 · 3 min · 593 words · Etienne Stalmans

MSWord - Obfuscation with Field Codes

A few weeks back Saif El-Sherei and I posted on the SensePost blog about DDE and getting command exec in MSWord without macros. This post got way more attention than we initially expected it would. Since then DDE has been used in phishing and malware campaigns, as well as legitimate red-team engagements. With the rapid rise in attacks using DDE, detection has been stepped up and most AV engines have basic DDE detection built in....

October 23, 2017 · 11 min · 2339 words · Etienne Stalmans

Phishing with OAuth and o365/Azure

Typically phishing has provided a low tech approach to getting access to credentials and services. The mainfocus up until now has been on getting username&passwords or tricking users into executing code. Subsequently, user awareness has gone up and users are better at identifying suspicious pages. Experience has shown that the click-through rate on emails have remained high, while users have been (slightly) less likely to enter credentials and more likely to report the phishing page....

August 2, 2017 · 7 min · 1294 words · Etienne Stalmans