Office-DDE-Payloads icon indicating copy to clipboard operation
Office-DDE-Payloads copied to clipboard

Published 20 hours ago verified publisher icon 0xdeadbeefJERKY

Conditional payload execution

Open v-p-b opened this issue 6 years ago • 1 comments

I'm wondering if conditional execution primitives could be integrated to this tool - they are pretty useful for bypassing sandboxes/nextgen protections:

https://blog.silentsignal.eu/2017/12/05/conditional-dde/

v-p-b avatar Jan 31 '18 09:01 v-p-b

I'll have to do a bit more research and testing before integrating this into the tool, but the technique seems promising. You're obviously limited in the conditions that can be implemented, but nonetheless can improve OPSEC. Additionally, you can leverage the tool's obfuscation technique to host an Office file remotely containing the values you want to check against within the conditional statements. Thanks for bringing this to my attention!

0xdeadbeefJERKY avatar Feb 10 '18 18:02 0xdeadbeefJERKY