Methods for analyzing malicious Office documents presented at REcon 2008

by Bruce Dang,

URL : http://www.recon.cx/2008/a/bruce_dang/recon08_final.zip

Summary : In the last couple years, there has been a lot of press coverage on targeted attacks and Office documents; however, there is a lack of technical information on these attacks (i.e., attack and defense mechanisms). This talk aims to provide:
1) methods for parsing Office documents;
2) structure of a malicious Office document;
3) techniques of analyzing malicious Office documents; and
4) techniques to detect the malicious documents on the wire.