Iron Castle Systems

Search

Skip to content

VMware
AWS
Powershell
Security
Projects
Misc.
Client Access
About

Search for:

Video: Analyzing Malicious OneNote Documents, (Sun, Feb 5th)

February 5, 2023 David Leave a comment

This post was originally published on this site

I recorded a video for my diary entry "Detecting (Malicious) OneNote Files".

It shows how I familiarized myzelf with the .one file format, enough to know how to extract embedded files, wrote a tool (onedump.py) and take a look at detection rules.

Didier Stevens
Senior handler
Microsoft MVP
blog.DidierStevens.com

(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.

Post navigation

Previous PostVMware Skyline Advisor Pro: What’s New February 2023 Next PostAPIs Used by Bots to Detect Public IP address, (Mon, Feb 6th)

Leave a Reply Cancel reply

You must be logged in to post a comment.

This site uses Akismet to reduce spam. Learn how your comment data is processed.

VMware

10gb network link does not achieve the best speed March 24, 2023
Missing_dependency_vibs error March 24, 2023
vSphere licensing basics March 24, 2023
VM linux server hosting NFS for shared RW datastore. Speed issue March 24, 2023
HW version 19 but OpenGL version is still 3.3, expected 4.0 March 24, 2023

SANS Security

ISC Stormcast For Friday, March 24th, 2023 https://isc.sans.edu/podcastdetail.html?id=8424, (Fri, Mar 24th) March 24, 2023
Cropping and Redacting Images Safely, (Thu, Mar 23rd) March 23, 2023
ISC Stormcast For Thursday, March 23rd, 2023 https://isc.sans.edu/podcastdetail.html?id=8422, (Thu, Mar 23rd) March 23, 2023
Windows 11 Snipping Tool Privacy Bug: Inspecting PNG Files, (Wed, Mar 22nd) March 22, 2023
ISC Stormcast For Wednesday, March 22nd, 2023 https://isc.sans.edu/podcastdetail.html?id=8420, (Wed, Mar 22nd) March 22, 2023

AWS

AWS Clean Rooms Now Generally Available — Collaborate with Your Partners without Sharing Raw Data March 21, 2023
AWS Week in Review – March 20, 2023 March 21, 2023
AWS Chatbot Now Integrates With Microsoft Teams March 16, 2023
Amazon Linux 2023, a Cloud-Optimized Linux Distribution with Long-Term Support March 15, 2023
Celebrate Amazon S3’s 17th birthday at AWS Pi Day 2023 March 14, 2023

Microsoft

Microsoft creates new opportunities for partners through AI offerings and expansion of Microsoft Cloud Partner Program March 22, 2023
Create images with your words – Bing Image Creator comes to the new Bing March 21, 2023
Breaking new ground in healthcare with the next evolution of AI March 20, 2023
Prompts for communicators using the new AI-powered Bing March 16, 2023
Introducing Microsoft 365 Copilot – your copilot for work March 16, 2023

Iron Castle Systems

Tag Cloud

AWS
Microsoft
Powershell
SANS
Security
Virtualization
VMware

Recent Posts

Cropping and Redacting Images Safely, (Thu, Mar 23rd) March 23, 2023
Windows 11 Snipping Tool Privacy Bug: Inspecting PNG Files, (Wed, Mar 22nd) March 22, 2023
AWS Clean Rooms Now Generally Available — Collaborate with Your Partners without Sharing Raw Data March 21, 2023
String Obfuscation: Character Pair Reversal, (Tue, Mar 21st) March 21, 2023
From Phishing Kit To Telegram… or Not!, (Mon, Mar 20th) March 20, 2023

Archives

Iron Castle System info@ironcastle.net Proudly powered by WordPress Theme - twentyfourteen

Manage Cookie Consent

To provide the best experiences, we use technologies like cookies to store and/or access device information. Consenting to these technologies will allow us to process data such as browsing behavior or unique IDs on this site. Not consenting or withdrawing consent, may adversely affect certain features and functions.

Functional Functional Always active

The technical storage or access is strictly necessary for the legitimate purpose of enabling the use of a specific service explicitly requested by the subscriber or user, or for the sole purpose of carrying out the transmission of a communication over an electronic communications network.

Preferences Preferences

The technical storage or access is necessary for the legitimate purpose of storing preferences that are not requested by the subscriber or user.

Statistics Statistics

The technical storage or access that is used exclusively for statistical purposes. The technical storage or access that is used exclusively for anonymous statistical purposes. Without a subpoena, voluntary compliance on the part of your Internet Service Provider, or additional records from a third party, information stored or retrieved for this purpose alone cannot usually be used to identify you.

Marketing Marketing

The technical storage or access is required to create user profiles to send advertising, or to track the user on a website or across several websites for similar marketing purposes.

Manage options Manage services Manage vendors Read more about these purposes

View preferences

{title} {title} {title}