Analyzing Malicious Office Documents with OLEDUMP

Microsoft office documents are a common vehicle used by malware authors to deliver malware. These documents, used for malicious purposes, are commonly referred to as maldocs. While there has been a variety of ways in which they have been used, one of the more prevalent is through the use of macros. Macros are written in Visual Basic for Applications (VBA), which is well documented on the Microsoft Developer Network (MSDN). This API allows malware authors to hook into life-cycle events of a document, such as AutoOpen, AutoClose and AutoExit (MSDN) in order to achieve code execution with minimal interaction from…

Read more

Introduction to Web Programming

Many of these videos are from an introduction to web development course I taught at Dakota State University. Since I no longer teach them, I figured it would be beneficial to provide them here – either as a resource to my current students or to anyone that is just curious and looking for this information. Keep in mind that many of these videos were recorded in the context of a class – so there may be discussion that references the specifics of that particular course and may feel out of place if you’re just watching a single video. Web Development…

Read more

Introduction to C Programming

Learning C This series of videos is from a computer science 2 course that used C for the programming language. This assumes the viewer is familiar with the basics of programming and builds off of that. The text used for this course can be found on Amazon. https://www.youtube.com/playlist?list=PLHJns8WZXCdvErvhlZXvpVIEKPfmDJt4z

Read more

Introduction to x86 Assembly

Many of these videos are from an introduction to assembly course I taught at Dakota State University. Since I no longer teach them, I figured it would be beneficial to provide them here – either as a resource to my current students or to anyone that is just curious and looking for this information. Keep in mind that many of these videos were recorded in the context of a class – so there may be discussion that references the specifics of that particular course and may feel out of place if you’re just watching a single video. Learning Assembly This…

Read more

ToorCon XX

I had the opportunity to give a talk on malware obfuscation techniques this weekend at ToorCon XX, my talk was titled “Following a Trail of Confusion”. Here is the abstract: Modern malware uses a wide variety of code obfuscation techniques to hide it’s true intentions and to avoid detection. In this talk, we’ll explore the latest in native code obfuscation techniques as well as a few techniques commonly used with interpreted languages. We will spend time discussing such methods as dynamically constructing import tables, hiding and using shellcode, packing, string obfuscation, use of virtual machines and other anti-analysis techniques. We’ll…

Read more