One Article Review
| Source |  SANS Institute |
|---|---|
| Identifiant | 7063 |
| Date de publication | 2016-08-06 15:05:26 (vue: 2016-08-06 15:05:26) |
| Titre | rtfdump, (Sat, Aug 6th) |
| Texte | rtfdump is a tool I developed to help me analyze (malicious) RTF files. If you just want to extract embedded objects from RTF files, you can use rtfobj. But if you want to perform more analysis, you can use rtfdump. For example, it supports YARA rules.To familiarize you with rtf files and their analysis, I made 3 videos.An intro video.A video analyzing RTF maldoc (MD5 07884483f95ae891845caf0d50ce507f) that contains an exploit for MS12-027 CVE-2012-0158.And a video analyzing RTF maldoc (MD5 4483ad299158eb54f6ff58b5346a36ee) that contains an exploit for MS10-087 CVE-2010-3333.Didier StevensMicrosoft MVP Consumer Securityblog.DidierStevens.com |
| Envoyé | Oui |
| Condensat | 0158 027 07884483f95ae891845caf0d50ce507f 087 2010 2012 3333 4483ad299158eb54f6ff58b5346a36ee 6th analysis analyze analyzing attribution aug but can center com commons consumer contains creative cve developed didier didierstevens didierstevenslabs edu embedded example exploit extract familiarize files from help https://isc internet intro just license made maldoc malicious md5 more ms10 ms12 mvp noncommercial objects perform rtf rtfdump rtfobj rules sans sat securityblog states stevensmicrosoft storm supports tool united use video videos want yara |
| Tags | |
| Stories | |
| Notes | |
| Move | 
|
L'article ne semble pas avoir été repris aprés sa publication.
L'article ne semble pas avoir été repris sur un précédent.