oletools icon indicating copy to clipboard operation
oletools copied to clipboard

Published 20 hours ago verified publisher icon decalage2

olevba: add keywords to detect x64 shellcode injection in XLM macros

Open decalage2 opened this issue 4 years ago • 0 comments

Add the following keywords: RtlCopyMemory, QueueUserAPC, NtTestAlert References:

  • https://fortynorthsecurity.com/blog/excelntdonut/
  • https://www.cybereason.com/blog/excel4.0-macros-now-with-twice-the-bits

decalage2 avatar May 27 '20 18:05 decalage2