(Not) All She Wrote (Part 2): Rigged Office Documents (Part 2)

Hello paranoids   Following the previous post, i am now going to overview the analysis process for exploits within Office documents. You see, while with PDFs, you have a format and a reader (e.g. Adobe reader), with Office you have lots of acceptable formats and a reader. For instance, Word 2013 is capable of handling … Continue reading (Not) All She Wrote (Part 2): Rigged Office Documents (Part 2)

Advertisements

(Not) All She Wrote (Part 2): Rigged Office Documents (Part 1)

Hello paranoids  Continuing our crusade through the world of malicious documents and following the previous  post, i will now describe the approach for Office Documents. One of the great things about these is that now we have a means to debug malicious code which makes the job easier. Once more, i will start by overviewing the … Continue reading (Not) All She Wrote (Part 2): Rigged Office Documents (Part 1)

You allowed this remember?: Bypassing Office Macro Warnings by Leveraging Office’s Poor Memory

Hello paranoids   A couple of days ago i have come across a peculiar behaviour involving Office macros.  You are probably familiar with the "Enable Content" warning whenever you open a document containing a macro. In order to avoid asking the end-user for permission every time he opens the same document, the warning is disabled (i.e. … Continue reading You allowed this remember?: Bypassing Office Macro Warnings by Leveraging Office’s Poor Memory