michaelweber

Generated a new sample based on an upcoming Macrome release - it's a wrapped up version of EXCELntDonut with some obfuscation thrown in. There's a small amount of using the...

Generated an alternate document which can also cause some issues by abusing user defined functions combined with variables set using SET.NAME. By hiding a subroutine in the sheet somewhere else...

Here's a slightly more refined version of the character substitution approach. This time the variables used take advantage of some unicode silliness in Excel. From the Excel UI, a cell...

Uploading a sample which takes advantage of some more Unicode ridiculous-ness involving Excel's magic treatment of ḁ (U+1E01) `1E 01` and A (U+0041) - ◌̥ (U+0325) `00 41 03 25`...

Here's a refinement of that abuse in a different way that could be used by attackers to obscure which argument is being passed to a function when performing analysis. In...

Yeah, the capitalization is pretty reasonable - the issue is when there's sort of uneven handling of stuff like unicode Whitespace characters or unicode characters that are just ignored. Ex:...

Just ran into this while using the library. The problem is in https://github.com/EvolutionJobs/b2xtranslator/blob/90d05a6589706cf177a245fcb74e9cba4b6264ae/Common/StructuredStorage/Common/InternalBitConverter.cs#L64. Document metadata streams begin with a unicode character like "\u0005DocumentSummary\0\0\0\0\0\0". In windows, if you call `.IndexOf("\0")` on...

Hey @irotem! I dug into this one a bit, initially I thought it might have been some of our directory identification logic that was causing the issue but apparently invoking...