Archive for January, 2012

Direct shellcode execution in MS Office macros

Metasploit has for years supported encoding payloads into VBA code. (VBA, or Visual Basic for Applications, is the language that Microsoft Office macros are written in.) Macros are great for pentesters, since they don’t rely on a specific version, and they are a supported method of code execution that most people don’t realize and are […]


Windows API Function Definitions

All of them. Or at least a good chunk of ’em. Why? Because sometimes you just need to know what the parameters are for some obscure function. Download here: winapi.txt and enjoy.

No Comments