[SANS ISC] Video: Simple Analysis Of A CVE-2021-40444 .docx Document, (Sun, Sep 19th)

I created a video for the analysis I described in my last diary entry “Simple Analysis Of A CVE-2021-40444 .docx Document“.

I also cover another sample in that video, that is a bit harder to analyze (and has much lower detection rates on VT).

Remark that I always make sure that you can find the samples I analyze on Malware Bazaar too.

And here is the InQuest blog post I mention in the video: “Microsoft MSHTML Remote Code Execution Vulnerability“.

The tools I use in this video: zipdump.py, re-search.py and xmldump.py.

 

Didier Stevens
Senior handler
Microsoft MVP
blog.DidierStevens.com

(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.

Source: Read More (SANS Internet Storm Center, InfoCON: green)

You might be interested in …

[SecurityWeek] At Least 30,000 Internet-Exposed Exchange Servers Vulnerable to ProxyShell Attacks

All posts, Security Week

Tens of thousands of internet-exposed Microsoft Exchange servers appear to be affected by the ProxyShell vulnerabilities, and they could get compromised at any moment considering that threat actors are already scanning the web for vulnerable devices. read more Source: Read More (SecurityWeek RSS Feed)

Read More

[ZDNet] Hackers target Kubernetes to steal data and processing power. Now the NSA has tips to protect yourself

All posts, ZDNet

Top causes of compromises include supply chain risks, malicious attacks, and insider threats. Source: Read More (Latest topics for ZDNet in Security)

Read More

[TheRecord] RansomClave project uses Intel SGX enclaves for ransomware attacks

Academics have developed a proof-of-concept ransomware strain that uses highly secure Intel SGX enclaves to hide and keep encryption keys safe from the prying eyes of security tools. Named RansomClave, the project was developed by Alpesh Bhudia, Daniel O’Keeffe, Daniele Sgandurra, and Darren Hurley-Smith, all four from the University of London. “A typical ransomware attack lifecycle […]

Read More

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.