This repo contains all materials from the Hunting Malicious Office Macros Presentation
-
The diagrams folder contains all the diagrams used in the slides
-
The Office Baseline folder contains a baseline of Word and Excel behavior when executing a normal non macro document in both TXT and EVTX format
-
The SysmonConfigs folder contains the three versions of the Sysmon configs highlighted during the presetnation
- OfficeShush.xml
- OfficeSus.xml
- OfficeWatch.xml
-
The "Hunting Malicious Office Macros.pdf" is a PDF export of the slides used during the presention