In this video, I show how to analyze a .doc malicious document using CyberChef only. This is possible, because the payload is a very long string that can be extracted without having to parse the structure of the .doc file with a tool like oledump.py.
I pasted the recipe on pastebin here.
Great content, Didier. I love CyberChef and it is always great to see how others approach when building recipes. Perhaps you did it a certain way for others to follow but if you double click on any item under Operations, it will add it to the Recipe and if you double click while it Is in the recipe, it removes it. Sometimes, drag and drop can be painful, and if you are adding to the end of the recipe, which generally the case, this should make things a little bit easier. Cheers.
Comment by FB — Tuesday 19 January 2021 @ 5:36
Thanks for the tip!
Comment by Didier Stevens — Thursday 21 January 2021 @ 8:58
[…] Didier StevensVideo: Maldoc Analysis With CyberChef […]
Pingback by Week 4 – 2021 – This Week In 4n6 — Sunday 24 January 2021 @ 3:44