Diaries by Keyword - SANS Internet Storm Center

Date	Author	Title
2019-08-15	Didier Stevens	Analysis of a Spearphishing Maldoc
2019-07-28	Didier Stevens	Video: Analyzing Compressed PowerShell Scripts
2019-07-06	Didier Stevens	Malicious XSL Files
2019-07-05	Didier Stevens	A "Stream O" Maldoc
2019-07-01	Didier Stevens	Maldoc: Payloads in User Forms
2019-05-28	Didier Stevens	Office Document & BASE64? PowerShell!
2019-05-01	Didier Stevens	VBA Office Document: Which Version?
2019-04-27	Didier Stevens	Quick Tip for Dissecting CVE-2017-11882 Exploits
2019-04-23	Didier Stevens	Malicious VBA Office Document Without Source Code
2019-03-31	Didier Stevens	Maldoc Analysis of the Weekend by a Reader
2019-03-25	Didier Stevens	"VelvetSweatshop" Maldocs: Shellcode Analysis
2019-03-23	Didier Stevens	"VelvetSweatshop" Maldocs
2019-03-17	Didier Stevens	Video: Maldoc Analysis: Excel 4.0 Macro
2019-03-16	Didier Stevens	Maldoc: Excel 4.0 Macros
2019-02-27	Didier Stevens	Maldoc Analysis by a Reader
2019-02-17	Didier Stevens	Video: Finding Property Values in Office Documents
2019-02-16	Didier Stevens	Finding Property Values in Office Documents
2019-02-11	Didier Stevens	Have You Seen an Email Virus Recently?
2019-02-10	Didier Stevens	Video: Maldoc Analysis of the Weekend
2019-02-09	Didier Stevens	Maldoc Analysis of the Weekend
2019-01-26	Didier Stevens	Video: Analyzing Encrypted Malicious Office Documents
2019-01-11	Didier Stevens	Quick Maldoc Analysis
2019-01-07	Didier Stevens	Analyzing Encrypted Malicious Office Documents
2019-01-02	Didier Stevens	Maldoc with Nonfunctional Shellcode
2018-12-29	Didier Stevens	Video: De-DOSfuscation Example
2018-12-17	Didier Stevens	Password Protected ZIP with Maldoc
2018-12-12	Didier Stevens	Yet Another DOSfuscation Sample
2018-12-03	Didier Stevens	Word maldoc: yet another place to hide a command
2018-11-26	Russ McRee	ViperMonkey: VBA maldoc deobfuscation
2018-11-23	Didier Stevens	Video: Dissecting a CVE-2017-11882 Exploit
2018-11-10	Didier Stevens	Video: CyberChef: BASE64/XOR Recipe
2018-11-02	Didier Stevens	TriJklcj2HIUCheDES decryption failed?
2018-10-16	Didier Stevens	CyberChef: BASE64/XOR Recipe
2018-10-13	Didier Stevens	Maldoc: Once More It's XOR
2018-10-01	Didier Stevens	Decoding Custom Substitution Encodings with translate.py
2018-09-30	Didier Stevens	When DOSfuscation Helps...
2018-08-25	Didier Stevens	Microsoft Publisher malware: static analysis
2018-08-05	Didier Stevens	Video: Maldoc analysis with standard Linux tools
2018-07-30	Didier Stevens	Malicious Word documents using DOSfuscation
2018-06-17	Didier Stevens	Encrypted Office Documents
2018-02-18	Didier Stevens	Finding VBA signatures in .docm files
2018-02-12	Didier Stevens	Analyzing compressed shellcode
2018-02-11	Didier Stevens	Finding VBA signatures in Word documents
2018-02-09	Didier Stevens	An autograph from the Dridex gang
2018-02-02	Xavier Mertens	Simple but Effective Malicious XLS Sheet
2018-01-28	Didier Stevens	Is this a pentest?
2018-01-20	Didier Stevens	An RTF phish
2018-01-15	Didier Stevens	Decrypting malicious PDFs with the key
2018-01-14	Didier Stevens	Peeking into Excel files
2018-01-02	Didier Stevens	PDF documents & URLs: video
2017-12-31	Didier Stevens	Analyzing TNEF files
2017-12-25	Didier Stevens	Dealing with obfuscated RTF files
2017-12-24	Didier Stevens	PDF documents & URLs: update
2017-12-23	Didier Stevens	Encrypted PDFs
2017-12-19	Xavier Mertens	Example of 'MouseOver' Link in a Powerpoint File
2017-12-18	Didier Stevens	Phish or scam? - Part 2
2017-12-17	Didier Stevens	Phish or scam? - Part 1
2017-12-09	Didier Stevens	Sometimes it's a dud
2017-11-06	Didier Stevens	Metasploit's Maldoc
2017-11-05	Didier Stevens	Extracting the text from PDF documents
2017-11-04	Didier Stevens	PDF documents & URLs
2017-09-10	Didier Stevens	It is a resume - Part 3
2017-08-20	Didier Stevens	It's Not An Invoice ...
2017-08-17	Xavier Mertens	Maldoc with auto-updated link
2017-08-10	Didier Stevens	Maldoc Analysis with ViperMonkey
2017-07-29	Didier Stevens	Maldoc Submitted and Analyzed
2017-07-28	Didier Stevens	Static Analysis of Emotet Maldoc
2017-07-15	Didier Stevens	Office maldoc + .lnk
2017-07-10	Didier Stevens	Basic Office maldoc analysis
2017-04-28	Xavier Mertens	Another Day, Another Obfuscation Technique
2017-04-23	Didier Stevens	Malicious Documents: A Bit Of News
2017-04-21	Xavier Mertens	Analysis of a Maldoc with Multiple Layers of Obfuscation
2017-03-05	Didier Stevens	Another example of maldoc string obfuscation, with extra bonus: UAC bypass
2017-02-26	Didier Stevens	CRA Maldoc Analysis
2016-12-24	Didier Stevens	Pinging All The Way
2016-12-10	Didier Stevens	Sleeping VBS Really Wants To Sleep
2016-12-05	Didier Stevens	Hancitor Maldoc Videos
2016-11-18	Didier Stevens	VBA Shellcode and Windows 10
2016-11-12	Didier Stevens	VBA Shellcode and EMET
2016-10-17	Didier Stevens	Maldoc VBA Anti-Analysis: Video
2016-10-16	Didier Stevens	Analyzing Office Maldocs With Decoder.xls
2016-10-15	Didier Stevens	Maldoc VBA Anti-Analysis
2016-09-26	Didier Stevens	VBA and P-code
2016-08-06	Didier Stevens	rtfdump
2016-07-30	Didier Stevens	rtfobj
2016-07-29	Didier Stevens	Malicious RTF Files
2016-07-19	Didier Stevens	Office Maldoc: Let's Focus on the VBA Macros Later...
2016-03-29	Didier Stevens	VBE: Encoded VBS Script
2016-02-21	Didier Stevens	Tip: Quick Analysis of Office Maldoc
2016-01-11	Didier Stevens	BlackEnergy .XLS Dropper
2015-12-26	Didier Stevens	Malfunctioning Malware
2015-11-21	Didier Stevens	Maldoc Social Engineering Trick
2015-09-19	Didier Stevens	Don't launch that file Adobe Reader!
2015-08-26	Didier Stevens	PDF + maldoc1 = maldoc2
2015-05-15	Didier Stevens	Another Maldoc? I'm Afraid So...
2015-05-09	Didier Stevens	Malicious Word Document: This Time The Maldoc Is A MIME File
2015-04-10	Didier Stevens	The Kill Chain: Now With Pastebin
2015-03-30	Didier Stevens	YARA Rules For Shellcode
2015-03-14	Didier Stevens	Maldoc VBA Sandbox/Virtualization Detection