In this post I’ll describe an approach on how to leverage Excel to dump dynamically created Shellcode from a Macro. I’m always looking for new challenges for our team that they can solve in slow times. During my research I stumbled upon a nice sample in @0xffff0800 malware archive (Find […]
As people quite frequently ask me how I triage potentially malicious Microsoft Office documents, I decided to run through a quick analysis here. Our specimen for that tutorial is a word document out of the malware collection published by @0xffff0800 on http://iec56w4ibovnb4wc.onion (URL might change. Check current address at 0day.coffee). @0xffff0800 attributes the […]
