- Malware How Malicious Code Can Run in Microsoft Office Documents
Microsoft Office documents can execute malicious code through VBA macros (requiring social engineering to enable), exploit payloads targeting Office vulnerabilities, embedded Flash objects, or...
- Cloud Using Free Windows XP Mode as a VMware Virtual Machine
Microsoft's free Windows XP Mode, downloadable for Windows 7 Professional/Enterprise/Ultimate, can be imported into VMware Workstation or Player instead of Virtual PC. The process provides a...
- Incident Response Incident Response on 64-Bit Windows Using 32-Bit Tools
Windows' WOW64 File System Redirector transparently redirects 32-bit tools accessing System32 to SysWOW64, causing forensic investigators to examine the wrong files without realizing it. Stick to...
- Tools Extracting Malicious Flash Objects from PDFs Using SWF Mastah
SWF Mastah by Brandon Dixon extracts malicious Flash objects from PDFs in one step, using the PDF X-RAY framework and Peepdf. It can handle complex PDF files even when pdf-parser fails to locate or...
- Malware Assigning Descriptive Names to Malware - Why and How?
Security researchers assign descriptive names to high-profile malware based on file names, registry keys, or embedded strings—whoever coins the name that sticks gets bragging rights. Duqu was named...
- Incident Response The Adversarial Cycle of Computer Attacks and Defenses
The adversarial cycle has four phases: Attack (unfettered), Detect (forming response), Defense (attack rendered ineffective), and Mutate (attacker adapts). Defenders shorten Attack/Detect through...