Discover and read the best of Twitter Threads about #hephaestus
Most recents (4)
VBA is a totally fair and balanced language and does not need nerfs at all =)
Enjoy some code that I have dug up from a certain vault and try to guess what the debug output says.
Cookies and #respect rewards
#obfuscation #homoglyph #infosec #nerfvba #hephaestus #cordyceps
Enjoy some code that I have dug up from a certain vault and try to guess what the debug output says.
Cookies and #respect rewards
#obfuscation #homoglyph #infosec #nerfvba #hephaestus #cordyceps
Debug.Output of the 2 cases above:
The reasoning for all of this fun stuff is the acceptable range of characters withing VBA variable space.
You can have not only homography issues within VBA but you can also have nonprintable characters (ie right to left change) as a valid variable name.
You can have not only homography issues within VBA but you can also have nonprintable characters (ie right to left change) as a valid variable name.
Alright #Infosec lets talk about #Hephaestus tool kit.
If you are unfamiliar it was a toolkit that @digbei & I started development in 2017 & got postponed due to my health (github.com/glinares/Offic…)
After I move this summer I will have some time to dig it back up & continue 1/N
If you are unfamiliar it was a toolkit that @digbei & I started development in 2017 & got postponed due to my health (github.com/glinares/Offic…)
After I move this summer I will have some time to dig it back up & continue 1/N
@digbei Office exploitation has change for the better since those 2 years & checking out some of my code I see that AMSI has done good work to detect & deter a lot of development (good job @secbughunter & his team)
However #Hephaestus will change in order to adapt to this.
However #Hephaestus will change in order to adapt to this.
@digbei @secbughunter The toolkit will focus on being a bridge for other tools that are used to gain initial access.
Post exploitation #Hephaestus will have modules to do tasks thru Office such as recon, persistence, code exec, code tunneling, etc.
Post exploitation #Hephaestus will have modules to do tasks thru Office such as recon, persistence, code exec, code tunneling, etc.
Now that my health is stable again, I will be resuming the development of the #Hephaestus project with a few new additions I would like to share.
For those who missed it the Hephaestus project was originally presented at #Hushcon in 2017: github.com/glinares/Offic…
For those who missed it the Hephaestus project was originally presented at #Hushcon in 2017: github.com/glinares/Offic…
Microsoft in the last year has done quite a few great features to enhance Office security and the overall posture of Office based exploits seem to be lower than a year ago.
However with this I am pivoting a bit on how #Hephaestus will be used and leveraged in #Redteam events
However with this I am pivoting a bit on how #Hephaestus will be used and leveraged in #Redteam events
#Hephaestus will be a 2nd phase tool that will allow an operator to exploit a system using Microsoft Office components as sort of a puppet. Think of how many tools use Powershell in order to compromise systems and stay persistent and gather system info.
After nearly a year and a half of dealing with various symptoms & health issues; I finally got diagnosed with #Fibromyalgia last week.
I knew nothing about this disease until about 3 weeks ago.
And for quite some time I was seeing a doctor who did not believe it existed.
I knew nothing about this disease until about 3 weeks ago.
And for quite some time I was seeing a doctor who did not believe it existed.
From the commercials on TV you just think it is some chronic pain disorder.
Let me tell you, it is anything but just pain.
No one tells you of the irreparable damage it causes to your memory and concetration - known as fibro-fog.
They also dont tell you of the chronic fatigue
Let me tell you, it is anything but just pain.
No one tells you of the irreparable damage it causes to your memory and concetration - known as fibro-fog.
They also dont tell you of the chronic fatigue
Ever get that odd feeling where a word doesn't look right? And you stare at it and you know its right, but it looks odd and strangely alien to you?
Imagine that, but for entire subject matters. And it comes randomly. It can last seconds, hours, days.
It has been a struggle.
Imagine that, but for entire subject matters. And it comes randomly. It can last seconds, hours, days.
It has been a struggle.
