FalconFriday — Catching more macros — 0xFF0A


FalconFriday — Catching more macros — 0xFF0A

In this year’s final FalconFriday we revisit the possibly most loved and hated feature of both attackers and defenders: MS Office macros. We’ll provide 2 hunts for macros that are downloaded using the browser and are spawning child processes. As a Christmas bonus, we have some ideas for you to enhance those queries even further.

Cross post from medium.com, please read the full article here:


Direct link to our Github page: