Explore an in-depth analysis of exploiting Excel Online in this Black Hat conference talk. Delve into the discovery and exploitation of an integer overflow vulnerability (CVE-2018-8331) in the fnConcatenate formula. Learn how Excel formulas can be chained together to achieve remote code execution on the Office Web Application server. Examine the challenges, constraints, and techniques involved in developing this exploit, including memory leaks, string manipulation, and formula analysis. Gain insights into the security implications for online applications and understand the unique perspective of the Microsoft Security Response Center. Discover the potential risks associated with malicious documents targeting online platforms and the complexities of attacking Office Web Application servers.