This cheat sheet outlines tips and tools for reverse-engineering malicious documents, such as Microsoft Office (DOC, XLS, PPT) and Adobe Acrobat (PDF) files.
General Approach
1. Locate potentially malicious embedded code.-------------------------
2. Extract suspicious code segments from the file.
3. If relevant, disassemble and/or debug shellcode.
4. If relevant, deobfuscate and examine code.
5. Understand next steps in the infection chain.
Check for the link above for the full details...very good information.
No comments:
Post a Comment