Land, Configure Microsoft Office, Persist

One software product that red teamers will almost certainly find on any compromised workstation is Microsoft Office. This talk discussed the ways that native functionality within Office can be abused to obtain persistence.

A wide range of techniques for abusing various add-in mechanisms were covered. Each persistence technique was discussed in terms of its relative advantages and disadvantages for red teamers. In particular, with regards to their complexity to deploy, privilege requirements, and applicability to Virtual Desktop Infrastructure (VDI) environments which hinder the use of many traditional persistence techniques.

The talk finished with approaches to the detection and prevention of these persistence techniques.