Presented at Bsides Manchester 2017
Demo of overlooked built in functionality that can be used to bypass Cisco Ironport, Symantec email security cloud, McAfee email gateway and Clearswift email gateways
16. Object Linking and Embedding
(OLE) is a proprietary technology
developed by Microsoft that allows
embedding and linking to
documents and other objects.
205. Conclusion: My theory and practical
experience was that AV vendors are
looking at the templates rather than
the shellcode itself.
https://www.blackhillsinfosec.com/modifying-
metasploit-x64-template-for-av-evasion/