250k points Registered user
There are various approaches to detecting weaponized documents.
Approaches to detecting weaponized documents:
Heuristics that evaluate the macros or Visual Basic Scripts in the document, as part of static analysis by using a file scanner.
Behavior monitoring of the file being executed in a sandbox or emulator.
Lockdown tools that prevent the use of PowerShell WScript, CScript, and so on.
Context-aware run time behavior monitoring, that can detect a malicious combination of activity, like a when a word document from an email is opened, it runs WScript or PowerShell to download and install another executable.
However, while testing, it is important to understand how the attack was blocked, as much as finding out if the attack was blocked.
Get access to your account and question