A Logo

Feel free to include my content in your page via my
RSS feed

Help Irongeek.com pay for
bandwidth and research equipment:

Subscribestar or Patreon

Search Irongeek.com:

Affiliates:
Irongeek Button
Social-engineer-training Button

Help Irongeek.com pay for bandwidth and research equipment:

paypalpixle


Malicious Office Doc Analysis for EVERYONE! - Doug Burns Derbycon 2016 (Hacking Illustrated Series InfoSec Tutorial Videos)

Malicious Office Doc Analysis for EVERYONE!
Doug Burns
Derbycon 2016

Are you analyzing malicious office documents that your users dutifully send to you daily, or are you satisfied with just throwing it on VirusTotal and hoping for the best? In this talk I'll discuss why you should be manually analyzing ALL documents that make it through your email filters. You don't need a full time malware analyst to just do some cursory investigation. In this talk I'll show you how to analyze malicious office docs so you can quickly triage the threat. Are you blocking the delivery URLs? Does your A/V detect the second stage? Was this a targeted attack to your organization or just a shotgun blast that you got caught in? I will present a methodology for getting quick information from the document, share some tools I've found which make the job easier, and introduce some quick wins to decrease your overall malware volume.

Doug Burns is the swiss army knife of infosec folks. Lots of abilities, but doesn't perform any of them as well as a specialist in the field. He holds several industry certifications and is currently pursuing a Master's in Cybersecurity and Information Assurance. He has worked for everything from Fortune 100 companies down to a 20 person ISP and everything in between. Primary interests lie in malware analysis, red teaming and security awareness.

Doug = @dougsec

Back to Derbycon 2016 video list

Printable version of this article

15 most recent posts on Irongeek.com:


If you would like to republish one of the articles from this site on your webpage or print journal please contact IronGeek.

Copyright 2020, IronGeek
Louisville / Kentuckiana Information Security Enthusiast