Bosses love Excel, Hackers too.

Presented at DEF CON 19 (2011), Aug. 5, 2011, 6 p.m. (50 minutes)

Remote applications published in companies are around us in the cloud. In this talk we are going to add ICA and Terminal Server Apps to fingerprinting process, automating data analysis using FOCA. It will allow attacker to fingerprinting internal software, internal networks and combine the info in PTR Scanning, evil-grade attacks and command execution trough Excel files. In the end, we are going to play with a tricky feature in security policies about remote excel that will allow hackers to bypass macro restrictions.

Presenters:

  • Juan Garrido / Silverhack as Juan Garrido "Silverhack"
    Juan Garrido "Silverhack" is a forensics professional who had been working as security consultant the last seven years. He is the writer of two books about Forensic Analysis in Windows Environments and actually works as security consultant in Informatica 64.
  • Chema Alonso
    Chema Alonso is a Security Consultant with Informatica64, a Madrid-based security firm. Chema holds respective Computer Science and System Engineering degrees from Rey Juan Carlos University and Universidad Polit├ęcnica de Madrid. During his more than six years as a security professional, he has consistently been recognized as a Microsoft Most Valuable Professional (MVP). Chema is a frequent speaker at industry events (Microsoft Technet / Security Tour, AseguraIT) and has been invited to present at information security conferences worldwide including Black Hat Briefings, Defcon, Ekoparty and RootedCon - He is a frequent contributor on several technical magazines in Spain, where he is involved with state-of-the-art attack and defense mechanisms, web security, general ethical hacking techniques and FOCA, the meta-data extraction tool which he co-authors. Twitter: @chemaalonso

Links: