Analyzing Password Protected Documents

Recently, there has been an upsurge of an attacker, defending malicious office documents that they send to their victims. In this article, we will explore several different tools and methodologies that can be used to analyze such files.

Methods and tools:
1. Copy Macros.
2. Re-Save Without Password.
3. Decrypt with MSOffice-Crypt & Analyze w/ olevba|ViperMonkey.
4. Simply Open w/ LibreOffice.

The author of the blog describes these methods and prefers the first method, as he calls himself – a command-line junkie. In conclusion makes recommendations. Have a nice study.

 

More.