We produced 2 videos for our blog post Analyzing an Office Maldoc with a VBA Emulator. The first video shows ViperMonkey in action: https://www.youtube.com/watch?v=jAUg2nrt4Fw The second video shows how to extract the EXE: https://www.youtube.com/watch?v=n5oRMmSdCr8
Analyzing an Office Maldoc with a VBA Emulator
Today we were informed of another maldoc sample. After a quick look, we were convinced that this sample would be a good candidate for Philippe Lagadec's VBA emulator ViperMonkey. The maldoc in a nutshell: when the spreadsheet is opened, the VBA code builds a long JScript script and then executes it. This script contains base64 code for …
Continue reading "Analyzing an Office Maldoc with a VBA Emulator"
PDF URIs
I was handed an interesting PDF document. It doesn't contain malicious code, yet it generates network traffic. Let me explain how this is achieved. Creating a PDF that makes a HTTP(S) connection to a website is easy. There's no need to use an exploit, not even JavaScript. You just have to use a URI object: …
Malicious Document Targets Belgian Users
In this blog post I want to show how a malicious document (maldoc) behaves and how it can be analyzed with free tools. A couple of weeks ago many users in Belgium received an e-mail, supposedly from a courier company, informing them that a package was waiting for them (article in Dutch). This is an example …
Testimonial of Stefaan Truijen
Hi, I'm Stefaan Truijen and in 2014-2015 I did my master thesis at the department of computer science at KULeuven. I assessed the susceptibility of modern web browsers to RAM scrapers in collaboration with NVISO. Security had always been one of my passions, so I was excited to get started. Writing a thesis is an …
Testimonial of Nick Van Haver
Hi, I'm Nick Van Haver and I want to reflect briefly on my master thesis which I have worked out in cooperation with NVISO and the Ghent University. NVISO helped me in many ways while providing me with a lot of freedom to choose the course of my thesis. They showed me a lot of …
Cyber Security Challenge Belgium 2015 – Solving the NVISO Lottery challenge
This is the fourth and final blog post in the Cyber Security Challenge Belgium 2015 (CSCBE) solutions series. This time, we're taking a look at one of the more programming oriented challenges: The NVISO Lottery. The NVISO Lottery The students were given the following info: "Come and throw away your money at the NViso Lottery!" …
Continue reading "Cyber Security Challenge Belgium 2015 – Solving the NVISO Lottery challenge"
Cyber Security Challenge Belgium 2015 – Solving the One Way challenge
This is the third blog post in the Cyber Security Challenge Belgium 2015 (CSCBE) solutions series. This time, we're taking on a very technical challenge: One Way. Data Extraction The challenge The following challenge description was given to the students: "We want our employees to be able to send us confidential information which only we …
Continue reading "Cyber Security Challenge Belgium 2015 – Solving the One Way challenge"
Cyber Security Challenge Belgium 2015 – Solving the Data Extraction challenge
This is the second blog post in the Cyber Security Challenge Belgium 2015 (CSCBE) solutions series. This time, we're taking a look at the Data Extraction challenge. Data Extraction The challenge The following challenge description was given to the students: "We messed up and contacted the wrong forensic department. They say they found data, but …
Continue reading "Cyber Security Challenge Belgium 2015 – Solving the Data Extraction challenge"
Cyber Security Challenge Belgium 2015 – Solving the SFTP challenge
Two weeks ago, we proudly organised the Cyber Security Challenge Belgium 2015 (CSCBE). The CSCBE was a typical Capture-The-Flag (CTF) competition aimed at students from universities and colleges all over Belgium. During the competition, teams of three or four students had to tackle different technical challenges in order to prove their skills. In the following …
Continue reading "Cyber Security Challenge Belgium 2015 – Solving the SFTP challenge"