Amr Elkhawas

Threat Researcher at Avira

Security Attacks and Solutions

Session Title | A 27-year-old feature coming back to haunt us.

Office documents.. although the use of these files is inevitable, the changing dynamic of the files are making it more and more attractive to attackers everywhere. First, the use of VBA Macros to arm these files; enabling them to act as a first stage downloader and when that vector was thwarted by antivirus companies, the age of exploit-based office malware emerged. Nonetheless, prevention of these attacks are now covered by most antiviruses but it has been recently observed that hackers are using new techniques to leverage their attacks. These techniques are not based on an exploit or vulnerability but rather a feature that is over 27 years old. This feature is called Excel 4.0 (XLM macros).

Watch Video

  • Amr is an experienced security consultant, holding a Master's degree from Nile University in Information Security and his main topics of research are Digital Forensics and Malware Analysis. He is currently working as a Threat Researcher at Avira.