A Deep Dive Into Malicious Documents
Hack In The Box Security Conference via YouTube
AI, Data Science & Cloud Certificates from Google, IBM & Meta
Live Online Classes in Design, Coding & AI — Small Classes, Free Retakes
Overview
Google, IBM & Meta Certificates – 40% Off
One plan covers every Professional Certificate on Coursera.
Unlock All Certificates
Dive deep into the world of malicious documents in this comprehensive conference talk from HITB2018AMS CommSec. Explore the anatomy of attacks leveraging Office documents, learn to analyze macros using Oledump and the Office IDE, and master debugging techniques. Uncover macro obfuscation methods and their use of Windows API, while understanding the social engineering aspects that ensure successful delivery. Examine the use of forms to store secondary content, including embedded executables and shellcode. Discover techniques for staging and executing shellcode, with a focus on process hollowing. Investigate macro utilization of PowerShell and VB Scripts, and explore creative ways to deobfuscate code. Learn about code execution without macros and attacks targeting OSX. Gain insights into the prevalence of Office documents in malware distribution attacks and prepare yourself to tackle any malicious document encountered in the wild.
Syllabus
Intro
Social Engineering and MACROS
Basic Concept of Operations
oledump
Office IDE
Debugging
Runtime Analysis
Sometimes Encounter Passwords
Social Engineering abounds
Embedded Content
Obfuscation
Windows API
Shellcode
process hollowing - DEMO
powershell
Taught by
Hack In The Box Security Conference