Methods for analyzing malicious Office documents presented at REcon 2008

by Bruce Dang,


Summary : In the last couple years, there has been a lot of press coverage on targeted attacks and Office documents; however, there is a lack of technical information on these attacks (i.e., attack and defense mechanisms). This talk aims to provide:
1) methods for parsing Office documents;
2) structure of a malicious Office document;
3) techniques of analyzing malicious Office documents; and
4) techniques to detect the malicious documents on the wire.