Speaker Bio

Carrie Roberts is a red teamer turned blue at Walmart. She is now using her adversary simulation skills to improve detection and defense which has always been her ultimate goal. She obtained a master’s degree in Information Security Engineering (MSISE) from the SANS Technology Institute in 2015 and holds the GIAC Security Expert (GSE) Certification. Carrie is a frequent speaker at industry events and loves giving back to the InfoSec community.

Follow on Twitter @OrOneEqualsOne

Advanced Malware VBA Stomping – What’s New in 2019

12:20 - 12:50 p.m. CDT

Carrie Roberts and Kirk Sayre

There are powerful malicious document generation techniques that are effective at bypassing anti-virus detection. A technique which we call “VBA stomping” refers to destroying the VBA source code in a Microsoft Office document, leaving only a compiled version of the macro code known as p-code in the document file. Maldoc detection based only on the VBA source code fails in this scenario. Reverse engineering these documents presents significant challenges as well. Come find out what is new with VBA Stomping since our presentation on the topic last year.