Analyzing Office documents is important when responding to actual or potential incidents, and knowing what to look for and how to find it is critical
What you will learn
After completing this scenario you will: - What are Office documents actually? - How they can be used to execute malicious code - How to find this malicious code without opening the documents
This scenario contains one virtual machine.
It's a good idea to install a tool that can analyze OLE objects. Some options are: - oledump https://blog.didierstevens.com/programs/oledump-py/ - oletools https://github.com/decalage2/oletools/wiki
https://trailofbits.github.io/ctf/forensics/ [The part about Office docs] https://blog.didierstevens.com/programs/oledump-py/
- TIME120 MINUTES
- COST10 CRYSTALS