Performing Malware Analysis on Malicious Documents

By Tyler Hudak
Malicious documents have become a form of malware that all incident responders need to be able to analyze. This course will teach you how to analyze malicious Adobe PDF and Microsoft Office documents, along with any malicious scripts they contain.
Start FREE course
Play course overview
Course info
Rating
(30)
Level
Intermediate
Updated
Jan 23, 2018
Duration
2h 59m
Table of contents
Course Overview
Course Overview 2m
Introduction and Setting up Your Lab
Introduction 3m Malicious Document Analysis 4m Summary 1m Virtual Machine Setup 7m
Performing Document Analysis
Conclusion 1m Introduction 1m Malicious Document Analysis Scenario 1m Malware and Static Analysis Review 3m Metadata 2m Pattern Analysis and Yara 5m Static Analysis Demo 10m
Analyzing PDF Documents
Conclusion 1m Demo 11m Introduction 1m PDF Analysis and Tools 4m PDF Keywords 2m PDF Objects 3m String and Data Encoding and Filters 4m
Performing JavaScript Analysis
Conclusion 1m Demo 9m Example Malicious JavaScript 3m Introduction 1m JavaScript Analysis Tools 3m Script Analysis Indicators 3m Script Obfuscation 7m
PDF Lab
Introduction 2m PDF Analysis Lab 7m Summary 1m
Analyzing Office Documents
Demo 6m Introduction 1m Microsoft Office Open XML Format Analysis 4m Microsoft Office Structured Storage Format Analysis 4m Office Document Attacks and Analysis 2m Summary 2m
Performing VBA Script Analysis
Accessing Macros in Microsoft Word 2m Demo 8m Introduction 1m Summary 1m VBA Analysis and Tools 7m
Quickly Analyzing Malicious Documents
Demo 7m Introduction 1m Lazy Office Analyzer 4m Summary 1m Using Debuggers During Analysis 3m
Office Document Lab
Introduction 1m Office Document Analysis Lab: Executing the Document 3m Office Document Analysis Lab: Extracting Data 7m Summary 2m
Analyzing Malicious Documents Recap
Analysis Tools and Tips 3m Document Analysis Summary 2m Looking Forward 2m Malicious Scripts 2m
Description
Course info
Rating
(30)
Level
Intermediate
Updated
Jan 23, 2018
Duration
2h 59m
Description

Hiding malware within documents has become one the main methods attackers use to compromise systems. In this course, Performing Malware Analysis on Malicious Documents, you will learn how to look at documents to determine if they contain malware, and if so, what that malware does. First, you will explore how to analyze malicious Adobe PDF and Microsoft Office documents. Next, you will discover how attackers obfuscate scripts within malicious documents, and how you can defeat that obfuscation to determine the script’s purpose. Finally, you will dive into the tools required to perform this analysis safely and quickly. When you’re finished with this course, you will have the skills and knowledge needed to perform malware analysis on malicious documents.

About the author
Tyler Hudak
About the author

Tyler Hudak has more than 15 years of experience performing malware analysis, computer forensics, and incident response for multiple organizations. He loves sharing the knowledge he has gained on these topics in his presentations and classes!

More from the author
Setting Up a Malware Analysis Lab
Intermediate
1h 25m
Nov 21, 2019
Malware Analysis and Detection: Trickbot
Intermediate
1h 29m
Nov 15, 2019
Hunting for Fileless Malware
Intermediate
1h 40m
Dec 18, 2018
More courses by Tyler Hudak
Section Introduction Transcripts
Section Introduction Transcripts

Course Overview
Hi everyone. My name is Tyler Hudak, and welcome to my course, Performing Malware Analysis on Malicious Documents. I'm an incident responder that has a passion for analyzing malware in all its forms and have taught how to perform malware analysis for a number of years to hundreds of people. The number one topic I get requested to teach is analyzing malicious documents and with good reason. Documents are one of the primary ways attackers compromise systems with malware. In this course, we're going to learn how to analyze malicious documents to determine what they are doing to compromise a system. Some of the major topics that we'll cover include how to examine Adobe PDF and Microsoft Office documents, ways to get around malicious script obfuscation techniques, and the tools and techniques you can use to speed up your analysis. By the end of this course, you'll know how to safely determine if a document is malicious and how to figure out what it does to compromise a system. Before beginning the course, you should be familiar with basic malware analysis methodologies as taught in the Malware Analysis Fundamentals Pluralsight course. I hope you'll join me on this journey to learn how to analyze malicious documents with the Performing Malware Analysis on Malicious Documents course, at Pluralsight.

You're the smartest person in the room

PROVE IT

Your team won't just close the skills gap

THEY'LL HURDLE IT