Références de l’article  » Macros – Le retour de la revanche « 

Retrouvez ici la liste des références qui accompagnent l’article « Macros – Le retour de la revanche » (p.20-28), publié dans MISC n°79 (numéro de mai-juin 2015)  :

 

 

 

[CHANTRY] From the Labs : VBA is definitely not dead – in fact, it’s undergoing a resurgence, 2014-09-17, https://nakedsecurity.sophos.com/2014/09/17/vba-injectors/

[MS-OVBA] Office VBA File Format Structure v3.2, Microsoft, 2014-10-30, http://msdn.microsoft.com/en-us/library/office/cc313094%28v=office.12%29.aspx

[OpenXML] OpenOffice / OpenDocument and MS Office 2007 / Open XML security, Philippe Lagadec, 2007-10, http://www.decalage.info/opendocument_openxml

[OLEDUMP] http://blog.didierstevens.com/programs/oledump-py/

[OLEVBA] http://www.decalage.info/python/olevba

[XMLSPAM] « Remittance advice » spam has a mystery XML attachment, Conrad Longmore, 2015-03-04, http://blog.dynamoo.com/2015/03/remittance-advice-spam-has-mystery-xml.html

[STEVENS] Excel Exercises in Style, Didier Stevens, 2008-10-23, http://blog.didierstevens.com/2008/10/23/excel-exercises-in-style/

[SANDBOX] VBA Maldoc : We Don’t Want No Stinkin Sandbox/Virtual PC, Didier Stevens, 2015-03-11, http://blog.didierstevens.com/2015/03/11/vba-maldoc-we-dont-want-no-stinkin-sandboxvirtual-pc/

[CANTU] Potential Danger Risks Involved with Microsoft Excel VBA – Password Sniffers Key Loggers etc., Alex Cantu, 2013-03-24, https://www.youtube.com/watch?v=u9g8wf3-_ys

[OFFICEPARSER] officeparser, John William Davison, https://github.com/unixfreak0037/officeparser

[OLEDUMP-CONTRIB] https://bitbucket.org/decalage/oledump-contrib

[OLEVBA_DOC] https://bitbucket.org/decalage/oletools/wiki/olevba

[SSVIEW] Structured Storage Viewer, http://www.mitec.cz/ssv.html

[RKITTEN] oledump analysis of Rocket Kitten – Guest Diary by Didier Stevens, https://isc.sans.edu/diary/19137

[DRIDEX] Banking Trojan DRIDEX Uses Macros for Infection, http://blog.trendmicro.com/trendlabs-security-intelligence/banking-trojan-dridex-uses-macros-for-infection/

[VAWTRAK] Vawtrak trojan spread through malicious Office macros, https://www.virusbtn.com/blog/2015/02_24.xml

[FIN4] FIN4 : Stealing Insider Information for an Advantage in Stock Trading ?, https://www.fireeye.com/blog/threat-research/2014/11/fin4_stealing_insid.html

[ROVNIX] ROVNIX Infects Systems with Password-Protected Macros, http://blog.trendmicro.com/trendlabs-security-intelligence/rovnix-infects-systems-with-password-protected-macros/

[OLETOOLS] http://www.decalage.info/python/oletools

[PYPARSING] http://pyparsing.wikispaces.com/