How to Build Obfuscated Macros for your Next Social Engineering Campaign

Attention, pen testers: Are you looking to run a phishing campaign that puts your antivirus software to the test? Then this post is for you. In this post, I will guide you through how to build a malicious obfuscated macro in a Word document. I know you may be thinking that there are plenty of tools that generate Visual Basic for Applications (VBA) for macros, but many of these are either without any obfuscation or already have built-in automatic obfuscators and are often detected or removed by antivirus software. This post will demonstrate how to leverage different tools and techniques to create an obfuscated macro that evades antivirus software. This method will give you ideas on how to execute a social engineering campaign that really puts your people, not just your antivirus software, to the test.

Corey Gant

Corey is a Director with Focal Point’s national Data Privacy practice and has more than 12 years of experience in both leading and supporting governance, risk and compliance initiatives.

Ashlee Holt

Ashlee Holt is a Director in Focal Point’s Internal Audit Practice, bringing over 12 years of experience in managing and supporting the project planning and execution of dynamic audit initiatives.

Louise Lopez

Louise is the Chief Financial Officer for Focal Point, bringing over 25 years of experience in public accounting, budgeting and planning, and business operations.

How to Build a Cheap Active Directory Pen Test Lab in AWS Without Any Effort

The Problem Whether you're brand new to penetration testing or have some experience under your belt, you want to have a safe environment where you can learn and practice the use, exploitation, and remediation of vulnerable software and unsafe configurations without exposing yourself or your clients' systems and networks to unnecessary risks. You need a cheap environment that's easy to set up, access, and maintain, as well as to blow away and rebuild. One without licensing headaches that your entire team can access from anywhere, but still mimics a real enterprise Active Directory domain.

Eric Banta

Eric Banta serves as the Director of Business Development at Focal Point.

What Makes a Good Penetration Test?

As I speak with clients about their penetration testing needs, it has become increasingly clear to me that most organizations are still struggling to figure out what constitutes a good penetration test and how to buy one. Cars have been around long enough that, as a society, we’ve generally agreed upon the basic standards of what makes a good car and what to look for when purchasing a car. Reliability is important. Speed may matter to you depending on your goals. It most definitely should have headlights. Over the years, we’ve collectively agreed seatbelts are a requirement. But these universally agreed-upon standards don’t exist yet for penetration and security tests. While we may never settle on a standard set of requirements, it is important that your organization establishes its own standards that define what goals and requirements matter most of the time specifically to your organization. Part of my job as Director of Penetration Testing at Focal Point is to help companies ask the right questions as they shop for a penetration test. It shouldn’t be a surprise that our practice is largely formed by what we believe are the right answers to these questions. In order to understand what makes a good penetration test, we need to start with the goals of a penetration test. For many organizations, the goal is to simply complete a task and check a box. But better goals are to identify vulnerabilities to your organization and fully understand the impact of those vulnerabilities. Fulfilling those goals isn’t easy, but a good penetration test will help you get close. Let’s look at the qualities of a good penetration test and how they’ll help you discover and address critical risks to your business.

LCA Notices

This page houses LCA Notices. Current notices: LCA-DS LCA-NG
News Article

Focal Point Launches Digital Badging Program for Cybersecurity Professionals

Tampa, FL – Focal Point Data Risk, a leading data security firm, today announced the launch of its new digital badging…
New Search