Skip to content
/ SANSTHS2021 Public

Hunting Malicious Macros SANS Threathunting Summit 2021 Materials

40 stars 4 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

Antonlovesdnb/SANSTHS2021

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

8 Commits
Diagrams
Diagrams
 
 
Office Baseline
Office Baseline
 
 
SysmonConfigs
SysmonConfigs
 
 
Hunting Malicious Office Macros.pdf
Hunting Malicious Office Macros.pdf
 
 
QualifierQuery
QualifierQuery
 
 
README.md
README.md
 
 

Repository files navigation

Hunting Malicious Macros SANS Threathunting Summit 2021 Materials

This repo contains all materials from the Hunting Malicious Office Macros Presentation

  • The diagrams folder contains all the diagrams used in the slides

  • The Office Baseline folder contains a baseline of Word and Excel behavior when executing a normal non macro document in both TXT and EVTX format

  • The SysmonConfigs folder contains the three versions of the Sysmon configs highlighted during the presetnation

    • OfficeShush.xml
    • OfficeSus.xml
    • OfficeWatch.xml

  • The "Hunting Malicious Office Macros.pdf" is a PDF export of the slides used during the presention

About

Hunting Malicious Macros SANS Threathunting Summit 2021 Materials

Resources

Readme
Activity

Stars

40 stars

Watchers

5 watching

Forks

4 forks
Report repository

Releases

No releases published

Packages

No packages published