I gave a free 4-hour workshop as part of the Hack-in-the-Box (HITB) CyberWeek (November 15th, 2020). The focus of this workshop was on analyzing malicious Word and Excel documents:
Malicious office documents continue to be an effective tool for threat actors to compromise their victims and gain access to an organization’s network. While these documents have been around for a while, malware authors continue to find effective ways of abusing functionality to minimize their detection. This year alone we have seen a resurgence of such techniques through the use of Excel 4 Macros and other creative ways to bypass detection. In this workshop, we will get hands-on with the latest Office-based threats to understand how they work, how to detect them and identify indicators of compromise. You will learn the tools and techniques to extract macros, tackle obfuscation and debug the code. This workshop will take you deep into malicious office documents and the tools required to analyze them so that you can better defend your organization and it’s users.
The entirety of this workshop can be found on YouTube: