Methods for analyzing malicious Office documents

Presented at REcon 2008, June 13, 2008, 11:30 a.m. (60 minutes)

In the last couple years, there has been a lot of press coverage on targeted attacks and Office documents; however, there is a lack of technical information on these attacks (i.e., attack and defense mechanisms). This talk aims to provide: 1) methods for parsing Office documents; 2) structure of a malicious Office document; 3) techniques of analyzing malicious Office documents; and 4) techniques to detect the malicious documents on the wire.

Presenters:

• Bruce Dang
  Bruce Dang is a Security Software Engineer in the Secure Windows Initiative group (SWI) at Microsoft; his daily responsibilities include helping customers and dealing with software vulnerabilities. Prior to joining Microsoft, he performed incident response, malware analysis, and tools development for large companies.

Links:

• https://recon.cx/2008/speakers.html#office
• https://infocon.org/cons/REcon/REcon 2008/REcon 2008 videos/Bruce Dang-Methods for analyzing malicious Office documents.mp4
• https://recon.cx/2008/a/bruce_dang/recon08_final.zip

Similar Presentations:

• DerbyCon 6.0 Recharge (2016) / Malicious Office Doc Analysis for EVERYONE!
• DerbyCon 8.0 Evolution (2018) / The MS Office Magic Show
• BruCON 0x08 (2016) / Analyzing Malicious Office Documents Workshop