Skip to main content



A Convoluted Phishing Payload to Circumvent Common Protections

UPDATE (Jan. 2018) - OLE is dead. Microsoft has decided (finally) that executables, scripts, etc. are a bad idea to embed within Microsoft Office documents. If you try to do this on an updated Windows system, attempting to execute the OLE will result in a security error preventing anything from running (default setting). Instead, this method can be adapted to be used with DDE execution through Excel. Coming soon: blog post explaining this.

Phishing engagements bring me both joy and heartache at the same time. Popping a shell on someones machine through a well crafted email just brings out all the feels (insert success kid meme). However, lately, it has become a headache as well. There are a plethora of different security solutions which block known payload signatures along with next generation AV which analyzes the payloads sent and flags for known bad behavior.

On a recent penetration test, I was tasked with conducting a phishing assessment with an objective of using “malicious” atta…

Latest Posts

We're Moving! (Site Under Construction)

GrrCon 2017 Presentation - Easy Ways to Make My Job Harder

Telerik RadAsyncUpload Arbitrary File Upload

Outlook SMB Email Plugin

Capturing Creds through Email and HTML Image Tags

Annual Security Training - Phishing Pretext

Job Applicant - Phishing Pretext