Millions of technology professionals use our tools to help diagnose and resolve a wide range of infrastructure issues. MxToolbox supports global Internet operations by providing free, fast, and accurate network diagnostic and lookup tools.
Urlscan.io - Website scanner for suspicious and malicious URLs. It lets you see what’s happening on your network at a microscopic level and is the de facto (and often de jure) standard across many commercial and non-profit enterprises, government agencies, and educational institutions.
Wireshark is the world’s foremost and widely-used network protocol analyzer. ExifTool is a platform-independent Perl library plus a command-line application for reading, writing, and editing meta information in a wide variety of files. oleobj is a Python script and module to parse OLE objects and files stored into various MS Office file formats (doc, xls, ppt, docx, xlsx, pptx, etc). Word, Excel), to detect VBA Macros, extract their source code in clear text, and detect security-related patterns such as auto-executable macros, suspicious VBA keywords used by malware, anti-sandboxing, and anti-virtualization techniques, and potential IOCs (IP addresses, URLs, executable filenames, etc). 
olevba is a script to parse OLE and OpenXML files such as MS Office documents (e.g.oletools - python tools to analyze MS OLE2 files (Structured Storage, Compound File Binary Format) and MS Office documents, for malware analysis, forensics, and debugging.peepdf is a Python tool to explore PDF files to find out if the file can be harmful or not.Example: python2.7 pdf-parser.py file_name.PdfParser, a standalone PHP library, provides various tools to extract data from a PDF file.
PEframe is an open source tool to perform static analysis of malware executables and malicious MS Office documents. Dynamic analysis is done during the execution or opening the file/code. Static analysis is done without the execution or opening the file/code. Often instead of very malicious links, and induce the user to click on something. PDF files can be used to execute JavaScript, download files, access URLs, and execute commands. From a security point of view files of the types DOC, DOCX, XLS, XLSX, and XLSM, have a common issue, they can contain macros which are embedded scripts that are executed inside the file. Files that contains in their internal structure malicious actions that could compromise an environment, account, workstation, server, or user will receive the file. For this first one, I'll briefly introduce some crucial topics to ease the understanding of the analysis process. 
My objective with this series of articles is to show an analysis of examples of malicious files that I presented during my lecture on BSides-Vitória 2022.
0 kommentar(er)
