Analyzing Malicious Documents Cheat Sheet by Lenny Zeltser. This cheat sheet outlines tips and tools for reverse-engineering malicious documents, such as Microsoft Office (DOC, XLS, PPT) and Adobe Acrobat (PDF) files. General Approach Locate potentially malicious embedded code, such as shellcode, VBA macros, or JavaScript. Extract suspicious code segments from the file. If relevant, disassemble and/or debug shellcode. If relevant, deobfuscate and examine JavaScript, ActionScript, or VB macro code.
Microsoft Office Binary File Format Notes Structured Storage (OLE SS) defines a file system inside the binary Microsoft Office file. Data can be “storage” (folder) and “stream” (file). Excel stores data inside the “workbook” stream. PowerPoint stores data inside the “PowerPoint Document” stream. Word stores data inside various streams. Tools for Analyzing Microsoft Office Files OfficeMalScanner locates shellcode and VBA macros from MS Office (DOC, XLS, and PPT) files. pyOLEScanner.py can examine and decode some aspects of malicious binary Office files. ShareThis. Securing Debian Manual - Introduction.
[ previous ] [ Contents ] [ 1 ] [ 2 ] [ 3 ] [ 4 ] [ 5 ] [ 6 ] [ 7 ] [ 8 ] [ 9 ] [ 10 ] [ 11 ] [ 12 ] [ A ] [ B ] [ C ] [ D ] [ E ] [ F ] [ G ] [ H ] [ next ] One of the hardest things about writing security documents is that every case is unique.
Two things you have to pay attention to are the threat environment and the security needs of the individual site, host, or network. For instance, the security needs of a home user are completely different from a network in a bank. While the primary threat a home user needs to face is the script kiddie type of cracker, a bank network has to worry about directed attacks. Additionally, the bank has to protect their customer's data with arithmetic precision. Note that this manual only covers issues relating to software. This document just gives an overview of what you can do to increase the security of your Debian GNU/Linux system. 1.1 Authors The current maintainer of this document is Javier Fernández-Sanguino Peña.
Svn co. Manuel de sécurisation de Debian - Introduction.