Awesome blog by one of my team members! Really neat tradecraft involving AV evasion with malicious macro docs. Lots of neat in memory workings 😎
depthsecurity.com/blog/obfus… Hey everyone I created a new blog post about obfuscating macro enabled word docs to bypass common EDRs. Let me know what you think!