Hey there everyone. Just passing by to explain what each "Security" value means. In general, the "Security" field in the metadata of a Microsoft Office document is related to the level of protection/restrictions applied to the file. Below are the values and the meaning of each: - - - - - - - - - - - - - - - 0 - No security applied. The document is open without any restrictions. 1 - Password-protected for opening. A password is required to open the document. 2 - Password-protected for modifications. A password is needed to edit the document, but it can be viewed without one. 3 - Password-protected for both opening and modifications. Requires different passwords to open and modify. 4 - Read-only recommended. The document suggests opening in read-only mode, but it’s not enforced. 5 - Password-protected for opening + Read-only recommended. Requires a password to open, and suggests read-only mode. 6 - Password-protected for modifications + Read-only recommended. Editing requires a password, and it suggests read-only mode. 7 - Password-protected for both opening and modifications + Read-only recommended. Passwords are required for both actions, and it suggests read-only mode. 8 - Encrypted document. The file is protected with encryption, usually with password protection. 9 - Password-protected for opening + Encrypted. Requires a password to open, and the file is encrypted. 10 - Password-protected for modifications + Encrypted. Editing requires a password, and the file is encrypted. 11 - Password-protected for both opening and modifications + Encrypted. Full security with encryption. 12 - Read-only recommended + Encrypted. The document suggests read-only mode and is encrypted. 13 - Password-protected for opening + Read-only recommended + Encrypted. Requires a password to open, suggests read-only, and is encrypted. 14 - Password-protected for modifications + Read-only recommended + Encrypted. Editing requires a password, suggests read-only, and is encrypted. 15 - Password-protected for both opening and modifications + Read-only recommended + Encrypted. The document has all security features enabled. - - - - - - - - - - - - - - - Cheers :)

This is a good primer for maldocs analysis, and I didn't know about olevba which is really useful, but I think that it is a bit of a miss the way you skip over certain things without more explanation. XLM macros are making a "come back" and you brush past them, why not do a very brief explanation of what they are - "these are older macros from Excel V4.0 (and earlier?) using a specific language. They are sometimes used as an alternative to VBA because some modern email hygiene has all but forgotten about them, they are stored in a worksheet which is usually hidden". At least that gives some context as to why that section is there in the tool. Also your explanation of chr(101) - you "guessed" what the letter is, fairly easy when its a file extension but how do students know what it is when it isn't "easy" or "obvious". Looking at a more complicated second example would have helped reinforce the principle and directing them to an ASCII conversion table or a simple bash command would have delivered further context and learning. You don't even explain what the chr() thing is doing... it is holding a numeric representation (in decimal here) of an ASCII character, these can be converted in several ways: Look at an ASCII conversion table - type "man ascii" without the quotes, to print one in a Linux terminal use a command such as - echo 43 | awk '{ printf "%d -- > %c ", $1, $1 }' - change the value 43 for the number in the brackets of chr() Just some thoughts, we all have different views, I hope mine don't offend.

awesome thank

Hello. How do I install xorsearch and olemeta on my machine

I think the security tag it's meant to be that this document isn't secure or it has malicious scripts maybe, but I'am not so sure about it.

Great tutorial, thank you!

Thanks

Very good video

nice thanks

I believe the Security is saying if the document is protected or not...the file, not the folder...I could be wrong so, don't take that and run.