Hello, welcome to the Tuesday, May 12, 2020 edition of the Sands and the Storm Center's Stormcast.

My name is Johannes Ulrich.

Entertainment recording from Jacksonville, Florida.

The DA today took a look at a new to him tool, XLM macro, the obfuscator.

This tool allows you to, as the name implies, de-obvious skate XLM or Excel4 macros by actually

implementing sort of an emulator for these Excel for macros and executing a limited subset

of their functionality, helping you with de-obfuscating them without actually executing any sort

of the malicious code.

So thanks to Dissect Malibur for making this tool available for free on GitHub.

And then I did a quick walkthrough through a LinkedIn fission attempt.

No, I don't see a lot

of fishing attempts coming in via

LinkedIn. Typically, they come in

from a compromised account

that's then being used to essentially

spam their connections.

A couple interesting things about this was

that first of all, the

directory with the original

fishing kit was exposed. so that allowed me to download

the fishing kit. And then also to take a look at the logs that actually logged who fell

for the fish. Now, didn't log any email address and passwords. They're being sent to the attacker's

...