Word document analysis with oledump.py

It seems that macro based document are, again, used to spread malware. Even the Malware Protection Centre from Microsoft mentioned it recently. Seems like an old trick, but apparently works like a charm. Most probably users trust too much Office documents as they keep exchanging them…

Mutexes and malware analysis

There is many way to investigate malware and to “find evil” in an unknown executable. There will be situation where looking at a list of running processes won’t give you information to raise a red flag. You can always go deeper and perform more manual…

sysmon form sysinternals

Microsoft has released an updated version of the sysinternals tools recently. This update include a tool named: sysmon. You can find all details from the TechNet website by following this link: http://technet.microsoft.com/en-us/sysinternals/dn798348.aspx In short the tool will provides detailed information about process creations, network connections, and changes…

DFIR Challenge – ISSA 2013 – My Answers

Jack Crook has posted a new DFIR challenge a few days ago. Let’s have a look at the challenge and also to my answers. Obviously if you want to enjoy the challenge then don’t read this article, go on the challenge page, download what’s necessary…