Advanced VBA Macros Attack & Defence

Presented at Black Hat Europe 2019, Dec. 4, 2019, 3:40 p.m. (50 minutes)

In 2019, VBA macros are still heavily used to deliver malware, and new obfuscation techniques such as VBA Stomping implemented in EvilClippy allow attackers to deliver malicious payloads to end users without being detected. Luckily, analysis and detection tools are also progressing to address all the advanced attack techniques. This presentation will demonstrate some of the advanced attack techniques, and show how analysis and detection tools such as olevba have been recently improved to address the new challenges.


  • Philippe Lagadec - Mr, ESA - European Space Agency
    Philippe Lagadec has worked in InfoSec for large organizations since 2000 and is now employed at the European Space Agency. He is the author of the open source projects oletools, olefile, ViperMonkey, balbuzard, and ExeFilter. Personal interests: file formats and their security issues / use in malware, malware analysis, forensics, intrusion detection, correlation, machine learning, enterprise security system architecture, and developing python open source tools that are useful for the community. Speaker at CanSecWest, PacSec, EuSecWest, SSTIC and THC.


Similar Presentations: