- New IE 0-day in the wild
- A malicious word document with a VBA form - video
- A malicious word document with a VBA form
- Metasploit's Payload UUID
- Phishing PDFs with multiple links - Detection
- Phishing PDFs with multiple links - Animated GIF
- Phishing PDFs with multiple links
- "Error 19874: You must have Office Professional Edition to read this content, please upgrade your licence."
- Wireshark and USB
- Retrieving malware over Tor on Windows
- Analyzing MSI files
- Finding VBA signatures in .docm files
- Analyzing compressed shellcode
- Finding VBA signatures in Word documents
- An autograph from the Dridex gang
- Analyzing an HTA file: Update
- Analyzing an HTA file
- Comment your Packet Captures - Extra!
- Is this a pentest?
- HTTPS on every port?
- Retrieving malware over Tor
- An RTF phish
- Decrypting malicious PDFs with the key
- Peeking into Excel files
- PDF documents & URLs: video
- What is new?
- Analyzing TNEF files
- Dealing with obfuscated RTF files
- PDF documents & URLs: update
- Encrypted PDFs
- Phish or scam? - Part 2
- Phish or scam? - Part 1
- Sometimes it's a dud
- BTC Pickpockets
- Metasploit's Maldoc
- Extracting the text from PDF documents
- PDF documents & URLs
- PE files and debug info
- Remember ACE files?
- It's in the signature.
- Peeking into .msg files
- A strange JPEG file
- It is a resume - Part 3
- Analyzing JPEG files
- Malware analysis output sanitization
- It is a resume - Part 2
- It is a resume - Part 1
- Malware analysis: searching for dots
- It's Not An Invoice ...
- Sometimes it's just SPAM
- The Good Phishing Email
- Maldoc Analysis with ViperMonkey
- Maldoc Submitted and Analyzed
- Static Analysis of Emotet Maldoc
- Another .lnk File
- Malicious .iso Attachments
- Office maldoc + .lnk
- Basic Office maldoc analysis
- Selecting domains with random names
- PE Section Name Descriptions
- Malware and XOR - Part 2
- Malware and XOR - Part 1
- Malicious Documents: A Bit Of News
- Password History: Insights Shared by a Reader
- Domain Whitelisting With Alexa and Umbrella Lists - update
- Domain Whitelisting With Alexa and Umbrella Lists
- Another example of maldoc string obfuscation, with extra bonus: UAC bypass
- CRA Maldoc Analysis
- py2exe Decompiling - Part 2
- py2exe Decompiling - Part 1
- Pinging All The Way
- Sleeping VBS Really Wants To Sleep
- Hancitor Maldoc Videos
- Extracting Shellcode From JavaScript
- Update:ZIP With Comment
- ZIP With Comment
- VBA Shellcode and Windows 10
- VBA Shellcode and EMET
- Hancitor Maldoc Bypasses Application Whitelisting
- Maldoc VBA Anti-Analysis: Video
- Analyzing Office Maldocs With Decoder.xls
- Maldoc VBA Anti-Analysis
- Radare2: rahash2
- VBA and P-code
- .PUB Analysis
- rtfdump
- rtfobj
- Malicious RTF Files
- Python Malware - Part 4
- Practice ntds.dit File
- Office Maldoc: Let's Focus on the VBA Macros Later...
- Python Malware - Part 3
- Python Malware - Part 2
- Python Malware - Part 1
- VBS + VBE
- Handling Malware Samples
- VBE: Encoded VBS Script
- Tip: Quick Analysis of Office Maldoc
- Locky: JavaScript Deobfuscation
- Obfuscated MIME Files
- Sigcheck and VirusTotal for Offline Machine
- BlackEnergy .XLS Dropper
- A Tip For The Analysis Of MIME Files
- Failure Is An Option
- Malfunctioning Malware
- Use The Privilege
- Maldoc Social Engineering Trick
- Ransomware & Entropy: Your Turn -> Solution
- Ransomware & Entropy: Your Turn
- Ransomware & Entropy
- Don't launch that file Adobe Reader!
- Test File: PDF With Embedded DOC Dropping EICAR
- PDF + maldoc1 = maldoc2
- Sigcheck and virustotal-search
- Searching Through the VirusTotal Database
- Sigcheck and VirusTotal
- Autoruns and VirusTotal
- Process Explorer and VirusTotal
- Jump List Files Are OLE Files
- Working with base64
- A .BUP File Is An OLE File
- Analyzing Quarantine Files
- The EICAR Test File
- Another Maldoc? I'm Afraid So...
- Wireshark TCP Flags: How To Install On Windows Video
- Malicious Word Document: This Time The Maldoc Is A MIME File
- A Malicious Word Document Inside a PDF Document
- Handling Special PDF Compression Methods
- Memory Forensics Of Network Devices
- The Kill Chain: Now With Pastebin
- Wireshark TCP Flags
- VMware Product Updates Address Critical Information Disclosure Issue In JRE
- SSH Fingerprints Are Important
- YARA Rules For Shellcode
- Malicious XML: Matryoshka Edition
- From PEiD To YARA
- Maldoc VBA Sandbox/Virtualization Detection
- XML: A New Vector For An Old Trick
Threat Level: green
Handler on Duty: Johannes Ullrich
SANS ISC: ISC Handlers - SANS Internet Storm Center ISC Handlers
Questions? Feedback?
Use our contact form or
report bugs here
For interactive help and to chat with other users, try our Slack group.
Use our contact form or
report bugs here
For interactive help and to chat with other users, try our Slack group.
