I created a video for the analysis I described in my last diary entry "Simple Analysis Of A CVE-2021-40444 .docx Document". I also cover another sample in that video, that is a bit harder to analyze (and has much lower detection rates on VT). Remark that I always make sure that you can find the samples I analyze on Malware Bazaar too. And here is the InQuest blog post I mention in the video: "Microsoft MSHTML Remote Code Execution Vulnerability". The tools I use in this video: zipdump.py, re-search.py and xmldump.py.
Didier Stevens |
DidierStevens 638 Posts ISC Handler Sep 19th 2021 |
Thread locked Subscribe |
Sep 19th 2021 7 months ago |
Sign Up for Free or Log In to start participating in the conversation!