oletools icon indicating copy to clipboard operation
oletools copied to clipboard

Published 20 hours ago verified publisher icon decalage2

olevba - detect external references in VBA project

Open decalage2 opened this issue 6 years ago • 1 comments

This technique can be used to detect sandboxing: https://conference.hitb.org/hitbsecconf2018ams/materials/D2T1%20-%20Aviv%20Grafi%20&%20Amit%20Dori%20-%20Sandbox%20Evasion%20Using%20VBA%20Referencing.pdf

The VBA code could also check if Protected View is disabled, probably by looking at the registry.

decalage2 avatar Apr 13 '18 20:04 decalage2

See also #386, #707, #719, #752 and this commit: https://github.com/decalage2/oletools/commit/866ab3393878df01c2e15cdfdd2b2371aa894808

decalage2 avatar Mar 17 '22 21:03 decalage2