Today I created a test word document with a macro that tries to reverse connect out to a C2 server controlled by me. The idea was to use it to test our firewall's capability to inspect protocols on certain ports.
I was positive that this would fail, but provide us good data for designing alerts.
It did not fail. Full reverse shell with very little indication on our firewalls.
Guess what I'm doing tomorrow? 😓