Threat Level: green Handler on Duty: Brad Duncan

SANS ISC: Diaries by Keyword Diaries by Keyword

Watch ISC TV. Great for NOCs, SOCs and Living Rooms: https://isctv.sans.edu

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
Date Author Title
2019-09-30Didier StevensMaldoc, PowerShell & BITS
2019-09-29Didier StevensEncrypted Maldoc, Wrong Password
2019-08-15Didier StevensAnalysis of a Spearphishing Maldoc
2019-07-28Didier StevensVideo: Analyzing Compressed PowerShell Scripts
2019-07-06Didier StevensMalicious XSL Files
2019-07-05Didier StevensA "Stream O" Maldoc
2019-07-01Didier StevensMaldoc: Payloads in User Forms
2019-05-28Didier StevensOffice Document & BASE64? PowerShell!
2019-05-01Didier StevensVBA Office Document: Which Version?
2019-04-27Didier StevensQuick Tip for Dissecting CVE-2017-11882 Exploits
2019-04-23Didier StevensMalicious VBA Office Document Without Source Code
2019-03-31Didier StevensMaldoc Analysis of the Weekend by a Reader
2019-03-25Didier Stevens"VelvetSweatshop" Maldocs: Shellcode Analysis
2019-03-23Didier Stevens"VelvetSweatshop" Maldocs
2019-03-17Didier StevensVideo: Maldoc Analysis: Excel 4.0 Macro
2019-03-16Didier StevensMaldoc: Excel 4.0 Macros
2019-02-27Didier StevensMaldoc Analysis by a Reader
2019-02-17Didier StevensVideo: Finding Property Values in Office Documents
2019-02-16Didier StevensFinding Property Values in Office Documents
2019-02-11Didier StevensHave You Seen an Email Virus Recently?
2019-02-10Didier StevensVideo: Maldoc Analysis of the Weekend
2019-02-09Didier StevensMaldoc Analysis of the Weekend
2019-01-26Didier StevensVideo: Analyzing Encrypted Malicious Office Documents
2019-01-11Didier StevensQuick Maldoc Analysis
2019-01-07Didier StevensAnalyzing Encrypted Malicious Office Documents
2019-01-02Didier StevensMaldoc with Nonfunctional Shellcode
2018-12-29Didier StevensVideo: De-DOSfuscation Example
2018-12-17Didier StevensPassword Protected ZIP with Maldoc
2018-12-12Didier StevensYet Another DOSfuscation Sample
2018-12-03Didier StevensWord maldoc: yet another place to hide a command
2018-11-26Russ McReeViperMonkey: VBA maldoc deobfuscation
2018-11-23Didier StevensVideo: Dissecting a CVE-2017-11882 Exploit
2018-11-10Didier StevensVideo: CyberChef: BASE64/XOR Recipe
2018-11-02Didier StevensTriJklcj2HIUCheDES decryption failed?
2018-10-16Didier StevensCyberChef: BASE64/XOR Recipe
2018-10-13Didier StevensMaldoc: Once More It's XOR
2018-10-01Didier StevensDecoding Custom Substitution Encodings with translate.py
2018-09-30Didier StevensWhen DOSfuscation Helps...
2018-08-25Didier StevensMicrosoft Publisher malware: static analysis
2018-08-05Didier StevensVideo: Maldoc analysis with standard Linux tools
2018-07-30Didier StevensMalicious Word documents using DOSfuscation
2018-06-17Didier StevensEncrypted Office Documents
2018-02-18Didier StevensFinding VBA signatures in .docm files
2018-02-12Didier StevensAnalyzing compressed shellcode
2018-02-11Didier StevensFinding VBA signatures in Word documents
2018-02-09Didier StevensAn autograph from the Dridex gang
2018-02-02Xavier MertensSimple but Effective Malicious XLS Sheet
2018-01-28Didier StevensIs this a pentest?
2018-01-20Didier StevensAn RTF phish
2018-01-15Didier StevensDecrypting malicious PDFs with the key
2018-01-14Didier StevensPeeking into Excel files
2018-01-02Didier StevensPDF documents & URLs: video
2017-12-31Didier StevensAnalyzing TNEF files
2017-12-25Didier StevensDealing with obfuscated RTF files
2017-12-24Didier StevensPDF documents & URLs: update
2017-12-23Didier StevensEncrypted PDFs
2017-12-19Xavier MertensExample of 'MouseOver' Link in a Powerpoint File
2017-12-18Didier StevensPhish or scam? - Part 2
2017-12-17Didier StevensPhish or scam? - Part 1
2017-12-09Didier StevensSometimes it's a dud
2017-11-06Didier StevensMetasploit's Maldoc
2017-11-05Didier StevensExtracting the text from PDF documents
2017-11-04Didier StevensPDF documents & URLs
2017-09-10Didier StevensIt is a resume - Part 3
2017-08-20Didier StevensIt's Not An Invoice ...
2017-08-17Xavier MertensMaldoc with auto-updated link
2017-08-10Didier StevensMaldoc Analysis with ViperMonkey
2017-07-29Didier StevensMaldoc Submitted and Analyzed
2017-07-28Didier StevensStatic Analysis of Emotet Maldoc
2017-07-15Didier StevensOffice maldoc + .lnk
2017-07-10Didier StevensBasic Office maldoc analysis
2017-04-28Xavier MertensAnother Day, Another Obfuscation Technique
2017-04-23Didier StevensMalicious Documents: A Bit Of News
2017-04-21Xavier MertensAnalysis of a Maldoc with Multiple Layers of Obfuscation
2017-03-05Didier StevensAnother example of maldoc string obfuscation, with extra bonus: UAC bypass
2017-02-26Didier StevensCRA Maldoc Analysis
2016-12-24Didier StevensPinging All The Way
2016-12-10Didier StevensSleeping VBS Really Wants To Sleep
2016-12-05Didier StevensHancitor Maldoc Videos
2016-11-18Didier StevensVBA Shellcode and Windows 10
2016-11-12Didier StevensVBA Shellcode and EMET
2016-10-17Didier StevensMaldoc VBA Anti-Analysis: Video
2016-10-16Didier StevensAnalyzing Office Maldocs With Decoder.xls
2016-10-15Didier StevensMaldoc VBA Anti-Analysis
2016-09-26Didier StevensVBA and P-code
2016-08-06Didier Stevensrtfdump
2016-07-30Didier Stevensrtfobj
2016-07-29Didier StevensMalicious RTF Files
2016-07-19Didier StevensOffice Maldoc: Let's Focus on the VBA Macros Later...
2016-03-29Didier StevensVBE: Encoded VBS Script
2016-02-21Didier StevensTip: Quick Analysis of Office Maldoc
2016-01-11Didier StevensBlackEnergy .XLS Dropper
2015-12-26Didier StevensMalfunctioning Malware
2015-11-21Didier StevensMaldoc Social Engineering Trick
2015-09-19Didier StevensDon't launch that file Adobe Reader!
2015-08-26Didier StevensPDF + maldoc1 = maldoc2
2015-05-15Didier StevensAnother Maldoc? I'm Afraid So...
2015-05-09Didier StevensMalicious Word Document: This Time The Maldoc Is A MIME File
2015-04-10Didier StevensThe Kill Chain: Now With Pastebin
2015-03-30Didier StevensYARA Rules For Shellcode
2015-03-14Didier StevensMaldoc VBA Sandbox/Virtualization Detection