[APAC] Dissecting How Follina Tricks Word Into Running Arbitrary Code

Presented by

Brian Coulson, Dan Kaiser, and Randy Franklin Smith

About this talk

In this webinar, you’ll see how Follina works starting with an innocently looking Word “document” that has no macros. Thankfully this particular zero-day is patched. We will also discuss strategic methods for dealing with the risk of Office documents and all the other highly functional content users open and process every day. As just one example of the defense scenarios we will explore is the highly effective method of analyzing parent-child processes. But there’s plenty of other detection controls to consider. Threat researchers Brian Coulson and Dan Kaiser, from LogRhythm, will be joining me and they will take us through the detection mitigations they have developed for Follina and we’ll discuss how to extend them to as yet undiscovered attacks.

Related topics:

More from this channel

Upcoming talks (3)
On-demand talks (208)
Subscribers (68542)
LogRhythm helps busy and lean security operations teams save the day—day after day. There’s a lot riding on the shoulders of security professionals—the reputation and success of their company, the safety of citizens and organizations across the globe, the security of critical resources—the weight of protecting the world. LogRhythm helps lighten this load. The company is on the frontlines defending against many of the world’s most significant cyberattacks and empowers security teams to navigate an ever-changing threat landscape with confidence. As allies in the fight, LogRhythm combines a comprehensive and flexible security operations platform, technology partnerships, and advisory services to help SOC teams close the gaps.