Malicious office documents continue to be an effective tool for threat actors to compromise their victims and gain access to an organization’s network. While these documents have been around for a while, malware authors continue to find effective ways of abusing functionality to minimize their detection. This year alone we have seen a resurgence of such techniques through the use of Excel 4 Macros and other creative ways to bypass detection. In this workshop, we will get hands-on with the latest Office-based threats to understand how they work, how to detect them and identify indicators of compromise. You will learn the tools and techniques to extract macros, tackle obfuscation and debug the code. This workshop will take you deep into malicious office documents and the tools required to analyze them so that you can better defend your organization and it’s users.
Lab: Analyzing an Emotet Dropper
Lab: Dynamic Analysis
Lab: Reversing Excel-based Malware
Lab: Tracing Windows API and Extracting Shellcode
Josh is an experienced malware analyst and reverse engineer and has a passion for sharing his knowledge with others. He is an accomplished trainer, providing training in the aforementioned subject areas at BlackHat, DerbyCon, Toorcon, Hack-In-The-Box, Suricon, and other public and private venues.
Josh is an Assistant Professor of Cyber Security at Dakota State University where he teaches malware analysis and reverse engineering, He is also the Director of Training for OISF, an author on Pluralsight, and a threat researcher for Bromium/HP.