This cheat sheet outlines tips and tools for reverse-engineering malicious documents, such as Microsoft Office (DOC, XLS, PPT) and Adobe Acrobat (PDF) files.
General Approach
1-Locate potentially malicious embedded code, such as shellcode, VBA macros, or JavaScript.
2-Extract suspicious code segments from the file.
3-If relevant, disassemble and/or debug shellcode.
4-If relevant, deobfuscate and examine JavaScript, ActionScript, or VB macro code.
5-Understand next steps in the infection chain.
Full article:http://zeltser.com/reverse-malware/analyzing-malicious-documents.html
Source: http://isc.sans.org
AbheLink Black or White ? Copyright © 2011-2012 | Powered by Blogger
0 comments:
Post a Comment
mohon saran dan komentar teman² semua