Finding Usernames with Burp Extensions

What Does this Extension Do? This is a relatively simple Burp extension that I created a while back to learn more about how to actually create extensions. The functionality is straight-forward: it parses the HTML looking for email addresses. Additionally, it can generate usernames from the list of emails found. The ideal use case is when an website (or organization) uses first.last@organization.com format – as some combination of the first and last name will also serve as their username. For example, jane.doe@example.com may have the following usernames: jane.doe jdoe doej doe You can find a demonstration of this extension in…

Read more

Anti-Analysis in an Office Document

Please note: This was a blog post I originally authored for Bromium. Due to changes in how they host their blog content, it has fallen into the archives and become somewhat difficult to find. I’m posting this content here mainly as an archive. Office documents have been a favorite method of distribution for malware authors for several years. While most malware authors go to great lengths to hide the intention of their macros through obfuscation, it is seldom that I’ve encountered macros that also exhibit anti-analysis techniques. I recently examined an office document that contained such capabilities. You can find…

Read more

Identifying a User Form in an Office Document

In this post, we will be looking into ways to identify and analyze the presence of a user form in an office document. As I discussed in a previous post, user forms are often used to store resources needed by the malware author such as scripts (PowerShell, VBS), shellcode and strings. We will be using OLEDUMP to assist in our analysis and by the end of this post, you will be able to identify and trace the usage of user forms and their objects throughout macro code. For this analysis, we will be looking at the following malicious office document….

Read more

Analyzing Malicious Office Documents with OLEDUMP

Microsoft office documents are a common vehicle used by malware authors to deliver malware. These documents, used for malicious purposes, are commonly referred to as maldocs. While there has been a variety of ways in which they have been used, one of the more prevalent is through the use of macros. Macros are written in Visual Basic for Applications (VBA), which is well documented on the Microsoft Developer Network (MSDN). This API allows malware authors to hook into life-cycle events of a document, such as AutoOpen, AutoClose and AutoExit (MSDN) in order to achieve code execution with minimal interaction from…

Read more

Introduction to Web Programming

Many of these videos are from an introduction to web development course I taught at Dakota State University. Since I no longer teach them, I figured it would be beneficial to provide them here – either as a resource to my current students or to anyone that is just curious and looking for this information. Keep in mind that many of these videos were recorded in the context of a class – so there may be discussion that references the specifics of that particular course and may feel out of place if you’re just watching a single video. Web Development…

Read more