oletools
oletools copied to clipboard
olevba: add keywords to detect x64 shellcode injection in XLM macros
Add the following keywords: RtlCopyMemory, QueueUserAPC, NtTestAlert References:
- https://fortynorthsecurity.com/blog/excelntdonut/
- https://www.cybereason.com/blog/excel4.0-macros-now-with-twice-the-bits