0xdeadbeefJERKY / Office-DDE-Payloads

Collection of scripts and templates to generate Office documents embedded with the DDE, macro-less command execution technique.
MIT License
629 stars 153 forks source link

Conditional payload execution #7

Open v-p-b opened 6 years ago

v-p-b commented 6 years ago

I'm wondering if conditional execution primitives could be integrated to this tool - they are pretty useful for bypassing sandboxes/nextgen protections:

https://blog.silentsignal.eu/2017/12/05/conditional-dde/

0xdeadbeefJERKY commented 6 years ago

I'll have to do a bit more research and testing before integrating this into the tool, but the technique seems promising. You're obviously limited in the conditions that can be implemented, but nonetheless can improve OPSEC. Additionally, you can leverage the tool's obfuscation technique to host an Office file remotely containing the values you want to check against within the conditional statements. Thanks for bringing this to my attention!