From Word document to Ransomware? Investigate How Template Injection is Used to Execute Macros.

Описание к видео From Word document to Ransomware? Investigate How Template Injection is Used to Execute Macros.

Learn how to detect template injection in malicious documents.

🔥 FREE DOWNLOADABLE PDF - MALICIOUS DOCS QUICK REFERENCE
https://quickreference.thecyberyeti.c...

Template injection is a technique malware authors use to help bypass security. The concept is simple, create a non-macro enabled document that uses a template. This template can be hosted remotely and include macro content. When the macro-less document is distributed, it may appear benign to security products. However, when the user opens the document Microsoft will request the template. If the template contains macros, the user will be prompted to enable them and if they do... game over! Learn how this technique works, how to analyze the OOXML structure to find evidence of remote template abuse, and how this can lead to threats like ransomware.

Maldoc SHA256: ee02e5051243512ec5a1839afc6b304b55fb7f14ad43ae84d53eb315c9674103
Template SHA256: 1d9ddc7850fd9451d2c5d5cfed16de514a85f9ef285441fe53fec4ecc99f50e1
Ransomware SHA256: 0dd36a058705717a7d84622f9745b85277c37a07ad830a6648a01ef6e679324a

Cybersecurity, reverse engineering, malware analysis and ethical hacking content!
🎓 Courses on Pluralsight 👉🏻 https://www.pluralsight.com/authors/j...
🌶️ YouTube 👉🏻 Like, Comment & Subscribe!
🙏🏻 Support my work 👉🏻   / joshstroschein  
🌎 Follow me 👉🏻   / jstrosch  ,   / joshstroschein  
⚙️ Tinker with me on Github 👉🏻 https://github.com/jstrosch

0:52 Free Quick Reference Analyzing Malicious Documents PDF
1:14 Analyzing Stage 1 Word Document with OLEDUMP and OLEVBA
2:23 Identifying File Type with Detect-It-Easy
2:49 Exploring OOXML Document with 7-zip and Finding Template Injection
4:55 Analyzing the Macro-Enabled Template
5:48 Deobfuscating Macro Code
7:58 Executing the Ransomware
8:42 Prepping the VM to Run
9:22 The Ransomed VM

Комментарии

Информация по комментариям в разработке