olefile (formerly OleFileIO_PL) is a Python package to parse, read and write Microsoft OLE2 files (also called Structured Storage, Compound File Binary Format or Compound Document File Format), such as Microsoft Office 97-2003 documents, vbaProject.bin in MS Office 2007+ files, Image Composer and FlashPix files, Outlook MSG files, StickyNotes, several Microscopy file formats, McAfee antivirus quarantine files, etc. ...
all my presentations and articles about cyber security
python-oletools is a package of python tools to analyze Microsoft OLE2 files (also called Structured Storage, Compound File Binary Format or Compound Document File Format), such as Microsoft Office documents or Outlook messages, mainly for malware analysis, forensics and debugging. It is based on my olefile parser. ...
Presentation at Black Hat Europe 2019, about malicious VBA Macros and recent advances in the attack and defense sides. ...
Presentation at the Toulouse Hacking Convention 2017 (3rd March 2017) about Malicious VBA Macros: what they can do, how to analyze them, and how we can detect and block them before they hit end-users. Updated on the 24th August 2017 for the International Cyber Security Summer School.
iodeflib is a python library to create, parse and edit cyber incident reports using the IODEF v1 XML format (RFC 5070). ...
Here is the list of open-source Python projects that I am maintaining or contributing to. ...
Since 2014, malicious macros are coming back. And their success in recent campaigns demonstrates that it is still an effective way to deliver malware, sixteen years after Melissa. This is a presentation that I gave to the SSTIC symposium in June 2015, translated to English. It explains what malicious macros can do, how their code can be obfuscated, and some of the anti-analysis tricks observed in recent cases. Then it shows several tools that can be used to analyze macros, including oledump and olevba. ...