Reversing Malicious Office Document (Macro) Emotet(?)
103 بار بازدید -
6 سال پیش
-
OLEVBA - https://github.com/decalage2/oletools/wiki/olevba
1:58 -
OLEVBA - https://github.com/decalage2/oletools/wiki/olevba
1:58 - Extract Macro with olevba
2:40 - ExifTool to examine Document Metadata (Comments used in Macro)
3:48 - Examining Macro Code
4:21 - Using Python to explan Right(left))
7:20 - Opening ProcMon
9:07 - Why you should be careful when executing portions of "bad code"
9:55 - Viewing Macro's in Word and DeObfuscating by changing Shell to Print
12:17 - Start of Obfuscated Powershell (after de-base64)
13:21 - Malicious Powershell Code
16
6 سال پیش
در تاریخ 1397/11/16 منتشر شده
است.
103
بـار بازدید شده