The obfuscated payload of a maldoc submitted by a reader can be quickly extracted with the “strings method” I explained in diary entry “Quickie: String Analysis is Still Useful”.
Article Link: https://isc.sans.edu/diary/rss/26648
The obfuscated payload of a maldoc submitted by a reader can be quickly extracted with the “strings method” I explained in diary entry “Quickie: String Analysis is Still Useful”.
Article Link: https://isc.sans.edu/diary/rss/26648