Office documents have proven a reliable means of distributing malware. While not a new problem in the industry, they continue to plague the enterprise. In this talk we’ll discuss how to break apart a malicious document – inspect macros, identify the use of embedded objects and discuss social engineering aspects to ensure delivery. We will analyze the details of recent attack trends such as the use of PowerShell, process hollowing and application whitelist bypasses, shellcode, encrypted payloads and embedded content. We will also explore techniques used by malicious documents that do not rely on macros and even samples targeting OS X. This will be a fast-paced talk that will prepare you to deal with any malicious document.
The following topics will be covered: