Analyzing an Office Maldoc with a VBA Emulator

Today we wereĀ informed of another maldoc sample. After a quick look, we wereĀ convinced that this sample would be a good candidate for Philippe Lagadec's VBA emulator ViperMonkey. The maldoc in a nutshell: when the spreadsheet is opened, the VBA code builds a long JScript script and then executes it. This script contains base64 code for …

Malicious Document Targets Belgian Users

In this blog post I want to show how a malicious document (maldoc) behaves and how it can be analyzed with free tools. A couple of weeks ago many users in Belgium received an e-mail, supposedly from a courierĀ company, informing them that a package was waiting for them (article in Dutch). This is an example …

Testimonial of Stefaan Truijen

Hi, I'm Stefaan Truijen and in 2014-2015 I did my master thesis at the department of computer science at KULeuven. I assessed the susceptibility of modern web browsers to RAM scrapers in collaboration with NVISO. Security had always been one of my passions, so I was excited to get started. Writing a thesis is an …

Cyber Security Challenge Belgium 2015 – Solving the NVISO Lottery challenge

This is the fourth and final blog post in the Cyber Security Challenge Belgium 2015 (CSCBE) solutions series. This time, we're taking a look at one of the more programming oriented challenges: The NVISO Lottery. The NVISO Lottery The students were given the following info: "Come and throw away your money at the NViso Lottery!" …

Cyber Security Challenge Belgium 2015 – Solving the One Way challenge

This is the third blog post in the Cyber Security Challenge Belgium 2015 (CSCBE) solutions series. This time, we're taking on a very technical challenge: One Way. Data Extraction The challenge The following challenge description was given to the students: "We want our employees to be able to send us confidential information which only we …

Cyber Security Challenge Belgium 2015 – Solving the Data Extraction challenge

This is the second blog post in the Cyber Security Challenge Belgium 2015 (CSCBE) solutions series. This time, we're taking a look at the Data Extraction challenge. Data Extraction The challenge The following challenge description was given to the students: "We messed up and contacted the wrong forensic department. They say they found data, but …

Cyber Security Challenge Belgium 2015 – Solving the SFTP challenge

Two weeks ago, we proudly organised the Cyber Security Challenge Belgium 2015 (CSCBE). The CSCBE was a typical Capture-The-Flag (CTF) competition aimed at students from universities and colleges all over Belgium. During the competition, teams of three or four students had to tackle different technical challenges in order to prove their skills. In the following …