Josh StroscheinFeb 11, 20211 minHow-To: Installing Oledump in WindowsIn this video, we’ll look into installing OLEDUMP in Microsoft Windows. Microsoft office documents are a common vehicle used by malware...
Josh StroscheinJan 6, 20211 minCreating an IDA Python Plugin for Static XOR String DeobfuscationIn this video, we’ll explore a recent XLS document that drops and executes a DLL using RUNDLL32. The DLL is small and only used to...
Josh StroscheinDec 2, 20201 minEmotet Maldoc Analysis – Embedded DLL and CertUtil for Base64 DecodingOn 11/10/2020, AnyRun posted an Emotet maldoc that utilized CertUtil to decode a DLL payload that was used for unpacking and running the...