Threat Level: green Handler on Duty: Johannes Ullrich

SANS ISC: Diaries by Keyword - SANS Internet Storm Center Diaries by Keyword


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
Date Author Title
2018-06-17Didier StevensEncrypted Office Documents
2018-04-21Didier StevensA malicious word document with a VBA form - video
2018-04-16Didier StevensA malicious word document with a VBA form
2018-04-02Didier StevensPhishing PDFs with multiple links - Detection
2018-04-01Didier StevensPhishing PDFs with multiple links - Animated GIF
2018-03-31Didier StevensPhishing PDFs with multiple links
2018-03-24Didier Stevens"Error 19874: You must have Office Professional Edition to read this content, please upgrade your licence."
2018-02-18Didier StevensFinding VBA signatures in .docm files
2018-02-12Didier StevensAnalyzing compressed shellcode
2018-02-11Didier StevensFinding VBA signatures in Word documents
2018-02-09Didier StevensAn autograph from the Dridex gang
2018-02-02Xavier MertensSimple but Effective Malicious XLS Sheet
2018-01-28Didier StevensIs this a pentest?
2018-01-20Didier StevensAn RTF phish
2018-01-15Didier StevensDecrypting malicious PDFs with the key
2018-01-14Didier StevensPeeking into Excel files
2018-01-02Didier StevensPDF documents & URLs: video
2017-12-31Didier StevensAnalyzing TNEF files
2017-12-25Didier StevensDealing with obfuscated RTF files
2017-12-24Didier StevensPDF documents & URLs: update
2017-12-23Didier StevensEncrypted PDFs
2017-12-19Xavier MertensExample of 'MouseOver' Link in a Powerpoint File
2017-12-18Didier StevensPhish or scam? - Part 2
2017-12-17Didier StevensPhish or scam? - Part 1
2017-12-09Didier StevensSometimes it's a dud
2017-11-06Didier StevensMetasploit's Maldoc
2017-11-05Didier StevensExtracting the text from PDF documents
2017-11-04Didier StevensPDF documents & URLs
2017-09-10Didier StevensIt is a resume - Part 3
2017-08-20Didier StevensIt's Not An Invoice ...
2017-08-17Xavier MertensMaldoc with auto-updated link
2017-08-10Didier StevensMaldoc Analysis with ViperMonkey
2017-07-29Didier StevensMaldoc Submitted and Analyzed
2017-07-28Didier StevensStatic Analysis of Emotet Maldoc
2017-07-15Didier StevensOffice maldoc + .lnk
2017-07-10Didier StevensBasic Office maldoc analysis
2017-04-28Xavier MertensAnother Day, Another Obfuscation Technique
2017-04-23Didier StevensMalicious Documents: A Bit Of News
2017-04-21Xavier MertensAnalysis of a Maldoc with Multiple Layers of Obfuscation
2017-03-05Didier StevensAnother example of maldoc string obfuscation, with extra bonus: UAC bypass
2017-02-26Didier StevensCRA Maldoc Analysis
2016-12-24Didier StevensPinging All The Way
2016-12-10Didier StevensSleeping VBS Really Wants To Sleep
2016-12-05Didier StevensHancitor Maldoc Videos
2016-11-18Didier StevensVBA Shellcode and Windows 10
2016-11-12Didier StevensVBA Shellcode and EMET
2016-10-17Didier StevensMaldoc VBA Anti-Analysis: Video
2016-10-16Didier StevensAnalyzing Office Maldocs With Decoder.xls
2016-10-15Didier StevensMaldoc VBA Anti-Analysis
2016-09-26Didier StevensVBA and P-code
2016-08-06Didier Stevensrtfdump
2016-07-30Didier Stevensrtfobj
2016-07-29Didier StevensMalicious RTF Files
2016-07-19Didier StevensOffice Maldoc: Let's Focus on the VBA Macros Later...
2016-03-29Didier StevensVBE: Encoded VBS Script
2016-02-21Didier StevensTip: Quick Analysis of Office Maldoc
2016-01-11Didier StevensBlackEnergy .XLS Dropper
2015-12-26Didier StevensMalfunctioning Malware
2015-11-21Didier StevensMaldoc Social Engineering Trick
2015-09-19Didier StevensDon't launch that file Adobe Reader!
2015-08-26Didier StevensPDF + maldoc1 = maldoc2
2015-05-15Didier StevensAnother Maldoc? I'm Afraid So...
2015-05-09Didier StevensMalicious Word Document: This Time The Maldoc Is A MIME File
2015-04-10Didier StevensThe Kill Chain: Now With Pastebin
2015-03-30Didier StevensYARA Rules For Shellcode
2015-03-14Didier StevensMaldoc VBA Sandbox/Virtualization Detection