12 Days of Defense - Day 1: PDF and Office Doc Malware IOC Extraction
Рет қаралды 28,976
Күн бұрынIn this video I show how to extract a malicious URL from a PDF without opening it, how to spot a weaponized Office document, and a method to quickly de-obfuscate PowerShell. Enjoy!
Links:
REMnux: www.remnux.org
PDF: app.any.run/ta...
Macro-enabled doc: hybrid-analysi...
===
My SANS Courses:
SEC450 - Blue Team Fundamentals: sans.org/sec450
MGT551 - Building and Leading Security Operations Centers: sans.org/mgt551
PDF Guide to Security Operations: www.sans.org/s...
Blueprint Podcast: sans.org/bluep...
Twitter: / sechubb
@AjitKumar-sy9cv 4 жыл бұрын
Thanks John Hubbard .. I like this approach of keeping the video short, focused, and taking away the initial setup requirement. Domain is also good.. pdf and doc are the two most carriers for malware.. !! Great.!!
@kaiser11 3 жыл бұрын
I just discovered this channel and... WOW it is gold. Nice info mate!
@cyberpanther5679 3 жыл бұрын
John! I learnt a lot from this session. Thank you so much
@zuberkariye2299 11 ай бұрын
This got be the best MA vid that i came across with for the first time! I hope you see this and create more vids like this!
@bairammamedov570 3 жыл бұрын
the BEST channel on Security area.
@mohamedsaidani8509 4 жыл бұрын
Thanks a lot Mr.Hubbard for this new kind of "free training" keep up
@ChrisDale 4 жыл бұрын
Loved the session John, keep it up! Cheers.
@Cybermonk3y 4 жыл бұрын
Thanks for the share @sechubb. Looking forward to the complete series.
@4ag2 4 жыл бұрын
Very interesting! Thanks for the initiative. Can't wait for next video.
@redbox360 3 жыл бұрын
Great content, SANS always my favorite learning on security
@miguelb.j.2089 4 жыл бұрын
thank you very much! it has been very instructive! I look forward to seeing the next one!
@khurramwzd 3 жыл бұрын
Thanks for sharing the Knowledge, I hope you will keep posting more sereires.
@getoutmore 2 жыл бұрын
Learned so much from this and absolutely Loved this. Thanks you!! I Wish there would be more good resources for this Out there to get started
@gitgudsec Жыл бұрын
this was awesome, really love these practical lab type instructionals. excited to dig into the rest - thanks john!
@thainetd1638 3 жыл бұрын
Great video, I will share in my channel. Please keep good work.
@andrewritchie1699 Жыл бұрын
Excellent video. Thank you.
@x0rZ15t 3 жыл бұрын
Magnificent work, thank you very much for this. Please keep up the good work!
@kapoof2 3 жыл бұрын
Wow. This was a ton of great information. Very entertaining and well explained as well. I want more!
@ravenbao3334 3 жыл бұрын
Can't believe this is free! But the GIAC courses you recommended are too expensive I have to say..
@rezamehrad8512 4 жыл бұрын
Thank you! Amazing! Waiting for the next ..
@HereDerPharao 4 жыл бұрын
Awesome video! This is very helpful. Thanks a lot.
@1UniverseGames 3 жыл бұрын
4:13, Sir what passwords did you used to open the file? I just did not understand it properly
@SecHubb 3 жыл бұрын
The standard password for malware files is “infected”.
@venuresu3742 3 жыл бұрын
Good explanation and valuable info. Thanks
@golgothus 3 жыл бұрын
Thanks for the video! Definitely pretty well made and really enjoyed the content, I'll be looking to see if my team / company will let us get a VM for remnux or another image which might be useful for anlaysis. Seems like there are some nice pre-loaded tools ready and available for investigations and analsysis.
@saisumanthsrivatsa6772 3 жыл бұрын
What is the process if any other malicious file is linked with PDF other than a malicious link
@vinyldown8490 Жыл бұрын
This is amazing! thank you a lot
@ΔημητρηςΤ-ζ7ω 4 жыл бұрын
Great informative video John!
@sgolota 2 жыл бұрын
thank you for your lessons!
@rckrs-jf8lb 3 жыл бұрын
Thanks for share your knowledge.
@StrongtotheCore 2 жыл бұрын
A great tutorial! Thanks.
@sreedeepcv866 3 жыл бұрын
Great video ,nice explanation
@Belthazor85 Жыл бұрын
Very good!!
@yasinaltunterim 3 жыл бұрын
thank you very much.
@FeliksTrzymalko 3 жыл бұрын
thank you sir!
@getoutmore 2 жыл бұрын
I'd give my right arm to BE able to attend the soc Course. Sadly I'm Not from us and its too expensive for me as a private Person.
@YourDailyHappyPill 3 жыл бұрын
Thanks a lot.
@mrpimpirikli3946 2 жыл бұрын
Super
@charanreddy8856 3 жыл бұрын
Is the process same for all word, pdf and excel files? Please help me, Thanks.
@SecHubb 3 жыл бұрын
No unfortunately it’s not all the same, but this does work in many cases. There are a number of ways of weaponizing documents and going over all of them would be a whole class in itself. Check out the tools built into the REMnux Linux distro at remnux.org to see a bunch of other ways of dissecting documents of various types.
@charanreddy8856 3 жыл бұрын
@@SecHubb Thanks for helping me John, looking forward to learn more from you
@mikedonovan5949 3 жыл бұрын
Has anyone had any luck downloading the remnux ova?
@adivasi6894 3 жыл бұрын
I didn't have any issues there, however I am stuck in the next video, installing Zeek.
@egalegalegal2176 4 жыл бұрын
LSD 😁
@ademkarakus83 3 жыл бұрын
Thank you so much
John Hubbard
Рет қаралды 11 М.
Я ОТ САКЕ
Рет қаралды 1,1 МЛН
John Hubbard
Рет қаралды 27 М.
Motasem Hamdan | Cyber Security & Tech
Рет қаралды 1 М.
The PC Security Channel
Рет қаралды 1,3 МЛН