Threat Level: green Handler on Duty: Xavier Mertens

SANS ISC: rtfdump - Internet Security | DShield SANS ISC InfoSec Forums


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
rtfdump

rtfdump is a tool I developed to help me analyze (malicious) RTF files. If you just want to extract embedded objects from RTF files, you can use rtfobj. But if you want to perform more analysis, you can use rtfdump. For example, it supports YARA rules.

To familiarize you with rtf files and their analysis, I made 3 videos.

An intro video.

A video analyzing RTF maldoc (MD5 07884483f95ae891845caf0d50ce507f) that contains an exploit for MS12-027 CVE-2012-0158.

And a video analyzing RTF maldoc (MD5 4483ad299158eb54f6ff58b5346a36ee) that contains an exploit for MS10-087 CVE-2010-3333.

Didier Stevens
Microsoft MVP Consumer Security
blog.DidierStevens.com DidierStevensLabs.com

DidierStevens

372 Posts
ISC Handler

Sign Up for Free or Log In to start participating in the conversation!