
FalconFriday — Catching more macros— 0xFF0A
In this year’s final FalconFriday we revisit the possibly most loved and hated feature of both attackers and defenders: MS Office macros. We’ll provide 2 hunts for macros that are downloaded using the browser and are spawning child processes. As a Christmas bonus, we have some ideas for you to enhance those queries even further.
Cross post from medium.com, please read the full article here:
https://medium.com/falconforce/falconfriday-catching-more-macros-0xff0a-ec8273ab115a
Direct link to our Github page: