Join us at hack.lu 2025 β Info & Registration
Duration: 90 min
Type: Workshop
Speakers: Didier Stevens
Abstract
Maybe you already attended a maldoc analysis workshop from Didier at the Hack.lu conference. Didier has delivered workshops on PDF, Office and RTF document analysis. These workshops were bottom-up: we first learn about the fundamentals, and gradually we make our way through ever more complex exercises.
This workshop is the other way around: we go top-down (and we cover PDF, Office and RTF in the same workshop). We donβt start with the fundamentals (they will come later during the exercises when necessary), but we start directly with exercise files that we first have to identify, and then decide how to proceed with the analysis.
We immediately start with real maldoc samples, and you learn how to triage the file and start the analysis. You will learn what tools to use depending on the type of maldoc, and what analysis strategy to follow. You will also be guided with custom decision trees designed for this workshop, that you can use later on in your professional practice.
And we will also cover some automation to perform batch analysis.
Description
Attendees will have to bring a laptop with Python.
They must be prepared to handle real malware, thus a virtual machine to perform the analysis in is recommended.
Windows, Linux and macOS are suitable.
Didier will perform the workshop inside a Windows VM.