:fish: PoC of a VBA macro spawning a process with a spoofed parent and command line.
This repository contains an example of a VBA macro spawning a process with a spoofed parent and command line. Companion blog post: Building an Office macro to spoof parent processes and command line arguments
Click for full size.
The 32-bit initial PoC was written and tested by myself, on Windows 10 with Office Professional Plus 2016, version 1902.
The 64-bit version is a contribution brought by @py7hagoras.
The size of the original command line stored in originalCli
needs to be greater than the size of the real one stored in cmdStr
You are solely responsible for the use you make of this PoC. I assume no liability for any misuse or damage caused by this program.