Analyzing a malicious Excel file with oledump.py

Some time ago, I came across a video of Didier Stevens in my Twitter TL. In that video, he was using a tool called oledump.py to analyze MS Office files. Since I watched the video, I have been looking forward to using it with a…

Microcorruption challenge II

Here we go with the second round of Microcorruption writeups. Reykjavik (35 points). Lockitall LOCKIT PRO r a.03 ______________________________________________________________________ User Manual: Lockitall LockIT Pro, rev a.03 ______________________________________________________________________ OVERVIEW – Lockitall developers have implemented military-grade on-device encryption to keep the password secure. – This lock is…

Microcorruption challenge I

Some days ago, I found a link to Matasano’s Microcorruption Challenge. This is a set of challenges focused mainly on Reversing and Exploiting of embedded devices. Something I found really cool about this challenge was that, even if it’s a RE challenge, you don’t need…

analPE.py – A script to spot anomalies in PE files

After writing the previous post, I started developing a quick script to spot anomalies inside a PE file. In addition to the things I already wrote about, I added a couple of extra anomalies to the script: Entry point falling out of the .text section….

Quick reference guide to PE Files in IH

This post is just a bunch of quick notes for PE analysis while handling an incident. It may be modified in the future if I find something else I consider interesting to include. I have added some reference links where you can find more in-depth…