Analyzing Malicious Office Documents

Presented at BruCON 0x08 (2016), Oct. 28, 2016, 10:30 a.m. (120 minutes).

In this workshop (2 hours), I explain how to use the tools (oledump, emldump, YARA rules, …) I developed to analyze (malicious) Microsoft Office documents. I have around 30 exercises that explain step by step how to analyze malicious office documents with my Python tools. Microsoft Office is not required for the analysis.

Presenters:

• Didier Stevens
  Didier Stevens (Microsoft MVP Consumer Security, SANS ISC Handler, Wireshark Certified Network Analyst, CISSP, GSSP-C, GCIA, GREM, MCSD .NET, MCSE/Security, MCITP Windows Server 2008, RHCT, CCNP Security, OSWP) is an IT Security Consultant (Contraste Europe) currently working at a large Belgian financial corporation. Didier started his own company in 2012 to provide IT security training services (http://DidierStevensLabs.com). You can find his open source security tools on his IT security related blog at http://blog.DidierStevens.com.

Links:

• https://brucon0x082016.sched.com/event/8YC8/analyzing-malicious-office-documents
• https://brucon0x082016.sched.com/event/8kM7/analyzing-malicious-office-documents

Similar Presentations:

• REcon 2008 / Methods for analyzing malicious Office documents
• DerbyCon 8.0 Evolution (2018) / The MS Office Magic Show
• DerbyCon 6.0 Recharge (2016) / Malicious Office Doc Analysis for EVERYONE!