Macro-less Code Exec in MSWord

This blog post was to release first public information about abusing DDE in Microsoft Word to gain remote code execution, without the need of macros.

 DefCon 25: Demystifying Windows Kernel Exploitation by Abusing GDI Objects

The talk is about Windows kernel exploitation by abusing GDI objects to gain Elevation of Privileges, and releasing a new GDI object abuse technique by using GDI Palettes. Specifically, MS16-098 affecting Windows 8.1 x64 bits, exploited by abusing Bitmap objects, and MS17-017 affecting Windows 7 SP1 x86, exploited by abusing GDI Palette objects.

 The TRITON Won’t Protect You From Our Punches

Abusing ForcePoint TRITON (DLP) to exfiltrate data and gain full C2C communications through its logic.