BlackLeaf is a software intended for pentesting and/or monitoring, not for any illegal purpose. BlackLeaf comprises of several components. The user-mode dll component is the only one that has to be present on the target's machine. To achieve this goal, the dll should be installed by any mean, including:

• Manual modification of the registry and hard disk ( requires physical access)
• Remote installation by using a specially developed program that silently drops and runs all the required components (this program is included)

We can see in the picture above that, once the BlackLeaf client ( a single dll ) has been installed on the target's machine , it sends -in real-time - every document opened in Microsoft Word to a remote server.

BlackLeaf supports HTTPS for sending the documents,it's highly recomendable to use this option. A valid Certificate is not needed at all.



BlackLeaf demo from Ruben on Vimeo.

Download high-resolution demo video ( 62 mb )

Download whitepaper

Features:

• Point-and-click configuration.
• Works on Word XP, 2003 and 2007.
• Works on 2000, XP , 2003 , 2008, Vista and Windows 7
• You just need a web hosting where the files will be uploaded.
• Bypasses Word's password protection.You receive the document unprotected.
• Bypasses Kaspersky IS 2009, Symantec Norton 360 2.0 and McAfee IS 2009 among others...
• Files are identified by a customizable identification number to distinguish their source.
• Obtains the exact location from where the document was opened.
• Requires admin privileges.