Our Scenarios
forensics

Malicious Office Docs

Info

Analyzing Office documents is important when responding to actual or potential incidents, and knowing what to look for and how to find it is critical

What you will learn

After completing this scenario you will: - What are Office documents actually? - How they can be used to execute malicious code - How to find this malicious code without opening the documents

Technical Details

This scenario contains one virtual machine.

Pre-requisites

It's a good idea to install a tool that can analyze OLE objects. Some options are: - oledump https://blog.didierstevens.com/programs/oledump-py/ - oletools https://github.com/decalage2/oletools/wiki

Pre-reading

https://trailofbits.github.io/ctf/forensics/ [The part about Office docs] https://blog.didierstevens.com/programs/oledump-py/

  • MODESINGLEPLAYER
  • TYPECCL
  • DIFFICULTYEASY
  • TIME120 MINUTES
  • COST10 CRYSTALS
SHARE