GitPlanet

Cheap and reliable Node.js hosting starts at $3/month, and $1/month static HTML hosting

Created with love in Canada, visit hostnodejs.com today

Feel like to post an Ad? Learn Details
All Projects → py7hagoras → OfficeMacro64

py7hagoras / OfficeMacro64

Licence: other
This is a 64 bit VBA implementation of Christophe Tafani-Dereeper's original VBA code described in his blog @ https://blog.christophetd.fr/building-an-office-macro-to-spoof-process-parent-and-command-line/

Programming Languages

vba
158 projects

OfficeMacro64

This is a 64 bit VBA implementation of Christophe Tafani-Dereeper's original VBA code described in his blog @ https://blog.christophetd.fr/building-an-office-macro-to-spoof-process-parent-and-command-line/

I was on a red team engagement and found out the client uses 64-bit version of Office 2016. Had to quickly modify Christophe's code @ https://raw.githubusercontent.com/christophetd/spoofing-office-macro/master/macro.vba

As described in his blog it spoofs the parent PID (e.g., explorer.exe) and also spoofs the arguements to bypass AVs and certain EDRs.

Note that the project description data, including the texts, logos, images, and/or trademarks, for each open source project belongs to its rightful owner. If you wish to add or remove any projects, please contact us at [email protected].