[SANS ISC] Video: Simple Analysis Of A CVE-2021-40444 .docx Document, (Sun, Sep 19th)

I created a video for the analysis I described in my last diary entry “Simple Analysis Of A CVE-2021-40444 .docx Document“.

I also cover another sample in that video, that is a bit harder to analyze (and has much lower detection rates on VT).

Remark that I always make sure that you can find the samples I analyze on Malware Bazaar too.

And here is the InQuest blog post I mention in the video: “Microsoft MSHTML Remote Code Execution Vulnerability“.

The tools I use in this video: zipdump.py, re-search.py and xmldump.py.

 

Didier Stevens
Senior handler
Microsoft MVP
blog.DidierStevens.com

(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.

Source: Read More (SANS Internet Storm Center, InfoCON: green)

You might be interested in …

[SecurityWeek] ProtonMail (Wrongly?) Criticized for Disclosing User IP to Authorities

All posts, Security Week

Blaming ProtonMail misses important lessons of the case, as request from authorities ticked the necessary requirements under Swiss law read more Source: Read More (SecurityWeek RSS Feed)

Read More

[SANS ISC] ISC Stormcast For Monday, December 6th, 2021 https://isc.sans.edu/podcastdetail.html?id=7782, (Mon, Dec 6th)

All posts, Sans-ISC

(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License. Source: Read More (SANS Internet Storm Center, InfoCON: green)

Read More

[TheRecord] Acer confirms second security breach this year

A spokesperson for Taiwanese computer maker Acer has confirmed today that the company suffered a second security breach this year after hackers advertised the sale of more than 60 GB of data on an underground cybercrime forum. Supposedly containing customer details and login information for Indian retailers and distributors, the data was shared on RAID, […]

Read More

Leave a Reply

Your email address will not be published.

This site uses Akismet to reduce spam. Learn how your comment data is processed.