Save 40% on Coursera Plus Annual

Class Central is learner-supported. When you buy through links on our site, we may earn an affiliate commission.

YouTube

LOLDocs - Sideloading in Signed Office Files

BruCON Security Conference via YouTube

Start learning Write review
Coursera Ad

40% Off Career-Building Certificates

Learn More → Datacamp Ad

AI Engineer - Learn how to integrate AI into software applications

Learn More →

Overview

Coursera Spring Sale
40% Off Coursera Plus Annual!
Grab it
Explore an innovative approach to phishing through "code side-loading in signed documents" in this 43-minute conference talk from BruCON Security Conference. Delve into the process of identifying vulnerabilities in Microsoft signed Office add-ins, with a focus on the Microsoft Analysis ToolPak Excel add-ins (.XLAM file type). Learn how attackers can exploit these vulnerabilities to embed malicious code without invalidating signatures, creating potential phishing scenarios. Discover the complexities involved in finding, exploiting, and weaponizing this class of vulnerabilities, as well as the challenges in implementing effective mitigations. Gain insights into the ongoing battle between increased security measures and evolving phishing techniques in the realm of Office documents.

Syllabus

07 - BruCON 0x0E - LOLDocs: Sideloading in Signed Office files - Pieter Ceelen & Dima van de Wouw

Taught by

BruCON Security Conference

Reviews

Start your review of LOLDocs - Sideloading in Signed Office Files

Start learning

Never Stop Learning.

Get personalized course recommendations, track subjects and courses with reminders, and more.

Sign up for free
Someone learning on their laptop while sitting on the floor.