Posts

This article describes the PDF file format, related security issues and useful resources. [WORK IN PROGRESS] ...

Presentation at the Toulouse Hacking Convention 2017 (3rd March 2017) about Malicious VBA Macros: what they can do, how to analyze them, and how we can detect and block them before they hit end-users. Updated on the 24th August 2017 for the International Cyber Security Summer School.

iodeflib is a python library to create, parse and edit cyber incident reports using the IODEF v1 XML format (RFC 5070). ...

When developing tools related to MS Office files such as olefile and oletools, it is often necessary to test them on many different samples of various types and sizes. It is quite easy to find malicious samples using malwr.com, hybrid-analysis.com and VirusTotal, just to name a few (see my previous post about that topic). However, finding and downloading a large number of legitimate files is a different challenge. Here are some tips to do it: ...

"Would it be possible to add a method to olefile that returns bytes that are appended to an OLE file? I have a sample that has encoded EXE appended." When Didier Stevens asked me that question some time ago, I thought it would be easy, a matter of minutes. Indeed, the OLE format (aka Microsoft Compound File Binary Format) is structured and well specified in MS-CFB. ...

Voici une liste de tous les articles et présentations que j'ai publiés jusqu'ici dans le domaine de la sécurité informatique. ...

Here is the list of open-source Python projects that I am maintaining or contributing to. ...

This article presents several tools that can be used to extract VBA Macros source code from MS Office Documents, for malware analysis and forensics. It also provides an overview of how VBA Macros are stored. ...