Ask questionsolevba+mraptor: add suspicious keywords
check all the keywords mentioned in https://www.countercept.com/blog/dechaining-macros-and-evading-edr
Answer
questions
decalage2
Other keywords: https://twitter.com/gabriele_pippi/status/1276181417270169600 other two code execution methods on Shell.Application object:
ShellApplication.NameSpace("C:\Windows\system32") Set Item = objFolder.ParseName("cmd.exe") Item.InvokeVerbEx ("open") Set Item = objFolder.ParseName("notepad.exe") Item.InvokeVerbEx ("open")
Related questions
No questions were found.
