Analyzing Shellcode with SCLauncher
Customizing FakeNet-NG's Default Web Root
Identifying UserForms with Oledump and Olevba
OneNote Malware: Hidden Payloads in Page Versions
Anti-Analysis in JavaScript Executed by Windows Script Host (WSH)
Locating DLL Name from the Process Environment Block (PEB)
Exploring the Process Environment Block (PEB) with WinDbg
Maldoc Uses Template Injection for Macro Execution
How-To: Installing Oledump in Windows
Creating an IDA Python Plugin for Static XOR String Deobfuscation
Emotet Maldoc Analysis – Embedded DLL and CertUtil for Base64 Decoding
Excel 4 Macros – Get.Workspace Reference
Removing Passwords from VBA Projects
Maldoc drops DLL and executes via ExecuteExcel4Macro
Maldoc uses Windows API to perform process hollowing
Maldoc uses RC4 to hide PowerShell script, retrieves payload from DNS TXT record
Disabling Teredo IPv6 Tunnelling
Malware Analysis – Triaging Emotet (Fall 2019)
How to Disable Microsoft Error Reporting
Disabling Network Connectivity Status Indicator (NCSI)