Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: Video: Malformed .docm File SANS ISC InfoSec Forums

Participate: Learn more about our honeypot network
https://isc.sans.edu/honeypot.html

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
Video: Malformed .docm File

In diary entry "Obfuscated with a Simple 0x0A", Xavier discovers that a .docm file is a malformed ZIP file.

In the following video, I show how this file is malformed:

Didier Stevens
Senior handler
Microsoft MVP
blog.DidierStevens.com DidierStevensLabs.com

DidierStevens

498 Posts
ISC Handler
Apr 26th 2020

Sign Up for Free or Log In to start participating in the conversation!