pts2024

Analysing malicious documents and files with oletools
2024-07-05, 09:55–10:30 (Europe/Paris), Amphitheater

oletools is an open-source project developed since 2012 to analyse MS Office documents and also any files with the OLE/CFB format (Compound File Binary), especially for malware analysis. oletools is used by many blue teamers, and it has also been integrated into a large number of malware analysis tools, platforms and online services.
In this talk I will demonstrate how to use oletools to analyse recent malware samples. I will also present new features developed this year to analyse MSI and MSIX installers, and the specific file format identification algorithm in the ftguess tool.

See also: Slides

Senior cybersecurity and R&D engineer at Quarkslab since 2023. Previously cybersecurity engineer at ESA, NATO and DGA.
Author of open-source projects oletools, ViperMonkey, olefile, balbuzard and exefilter.