Microsoft Office Offensive Tradecraft Training Course

Free Training Course: Microsoft Office Offensive Tradecraft for Red Teamers

We invite you to join us in a complimentary online training on offensive tradecraft

Monday, 22 January 2024

8:00 a.m. CT | 3:00 p.m. CET

Registration is closed due to extremely high demand.

If you did register in time, please note that your registration is not confirmed just yet. We will contact you once we’ve been able to process all requests – likely early 2024.

Get hands-on experience with this free training course from Outflank’s security researchers. Learn the latest Microsoft Office Offensive Tradecraft and how to embed these innovative techniques for MS Office abuse in your red teaming operations that go way beyond good old malicious macros.

In this 2 hour training, previously only available to attendees of x33fcon, Outflank team members Stan Hegt and Pieter Ceelen will share various practical examples of research presented at BlackHat, Troopers, and Brucon, as well as new and unpublished techniques.

We will discuss Microsoft Office security controls and recent developments such as Mark-of-the-Web in detail and will demonstrate how offensive techniques can be applied during red teaming operations. Participants will get hands-on experience with Microsoft Office techniques to gain initial access, for lateral movement, and long-term persistence. Having access to OST, our commercial offensive security toolset, is not required to participate in this course.

Training Outline

During the training we cover the following topics:

Intro to MS Office Security

  • Trust settings and decision flows, Mark-Of-The-Web, file types and formats, digital signatures in MS Office, macros and other “active content”

Getting In

  • Macro based techniques, add-ins, ActiveX, payloads without code execution

Getting Through

  • Trusted locations abuse, sideloading techniques: signed files and loldocs, lateral movement via MS Office data

Long-Term Persistence

  • MS Outlook backdoors, Office startup backdoors, abusing trust settings for persistence

Online Training and Lab Environment

Interested in joining this free training? Fill in the registration form.

Please note that space is limited! Priority will be given to attendees who register with their corporate email address and work in an offensive security role.

Advanced Offensive Tradecraft Under Your Fingertips?

This free training showcases many Office related techniques that you can do yourself with publicly available tools. To significantly speed up the time to deployment of these techniques, as well as keep you up to date with new tricks, the Outflank team licenses their offensive tools and tradecraft to other red teams via Outflank Security Tooling, an easy-to-use toolset for red teamers. Users of OST are regularly offered similar sessions on a variety of relevant red teaming topics. You can read more about Outflank Security Tooling, see some of the tools in action, or schedule an expert lead demo.

Other services

We provide you with the best experts and aim for the highest quality.

Security Tooling

OST is the toolkit
for your red team.

Red teaming and
attack simulation

Prepare your organisation
for real digital attacks.