Phishing: .SLK Excel
This lab is based on findings by @StanHacked - see below references for more info.
Weaponization
Create an new text file, put the the below code and save it as .slk file:
demo.slk
Note that the shell.cmd refers to a simple nc reverse shell batch file:
c:\shell.cmd
Execution
Once the macro warning is dismissed, the reverse shell pops as expected:
Since the file is actually a plain text file, detecting/triaging malicious intents are made easier.
Bonus
Note that the payload file could be saved as a .csv - note the additional warning though:
References
PreviousPhishing: Embedded Internet ExplorerNextPhishing: Replacing Embedded Video with Bogus Payload
Last updated