Kirk Sayre, Dynamic Defense Engineer at Walmart

Kirk Sayre is a member of the dynamic defense engineering team at Walmart where he focuses on the detection and analysis of malicious MS Office documents. Kirk is one of the primary maintainers of ViperMonkey, a VBA macro emulator utility. Prior to Walmart, Kirk performed cybersecurity research at Oak Ridge National Lab (ORNL) where he was one of the primary developers of a tool for automating the reverse engineering of malware. Kirk is the author of several patents based on this work. Outside of cybersecurity, Kirk has worked on projects ranging from weapons control systems, medical devices, web applications, corporate software engineering training and software design tools. Kirk’s educational background includes a PhD in Computer Science from the University of Tennessee where his research centered around using statistical methods to improve the testing of software.

Follow on Twitter @bigmacjpg

Advanced Malware VBA Stomping – What’s New in 2019

12:20 - 12:50 p.m. CDT

Carrie Roberts and Kirk Sayre

There are powerful malicious document generation techniques that are effective at bypassing anti-virus detection. A technique which we call “VBA stomping” refers to destroying the VBA source code in a Microsoft Office document, leaving only a compiled version of the macro code known as p-code in the document file. Maldoc detection based only on the VBA source code fails in this scenario. Reverse engineering these documents presents significant challenges as well. Come find out what is new with VBA Stomping since our presentation on the topic last year.