Posted on 2022-10-03David Ledbetter
In this post, I want to cover an item called "CustomXMLParts". Trying to look up this term you can find variations on what it is. In short, it is an XML container to store arbitrary data to be used in the document. The intention for it appears to give the developer a way to change the formatting of the Office document that is not already available or add additional functionality.
Posted on 2022-09-21David Ledbetter
In this series of five files, we have seen the evolution of this loader implementing new forms of obfuscation in the VBA as well as the shellcode as they steadily progress. We see that it uses Excel as well as Word documents. Since the files are ‘Zipped” then there is not an easy way to build detections against the compressed file. You can’t use size for sections because of different compression ratios.
Posted on 2022-09-16Pedram Amini
You can’t throw a rock these days without hitting a security threat intelligence feed. There is a veritable cornucopia of feeds provided by security solution vendors, vendors who focus solely on security research and, of course, public / open source agencies. Here at InQuest, we harvest hundreds of internal/proprietary, public, and private 3rd party threat intel sources for insight into today's attack types including sophisticated malware, ransomware, phishing lures, scams, fraud and other forms of malicious content.
Posted on 2022-09-14Pedram Amini
For years we’ve known the game of truly stopping cyber attackers should be to collect every possible piece of data, organize it in a manner that man/machine can assimilate it, analyze it, separate signal from noise, and take corrective action without disrupting business continuity - all before calamity strikes. Let’s assume for a moment that we have this Utopian defense.
Posted on 2022-09-09Pedram Amini
Unless you live under a rock, you are well aware our industry is way short on cybersecurity workers. It’s been lamented for years and shows no signs of improvement. In fact, by one account, we’re short 3.5 million workers - we’ll be no further along even five years out. So what happens when there is a massive talent gap? Let’s look at our options. Well first, let’s just make it less attractive for attackers to play this game. That’s a fool’s errand.