Welcome to the new Woodmann RCE Messageboards Regroupment
Please be patient while the rest of the site is restored.

To all Members of the old RCE Forums:
In order to log in, it will be necessary to reset your forum login password ("I forgot my password") using the original email address you registered with. You will be sent an email with a link to reset your password for that member account.

The old vBulletin forum was converted to phpBB format, requiring the passwords to be reset. If this is a problem for some because of a forgotten email address, please feel free to re-register with a new username. We are happy to welcome old and new members back to the forums! Thanks.

All new accounts are manually activated before you can post. Any questions can be PM'ed to Kayaker.

Obfuscated shellcode inside a malicious RTF document

All the collected blog posts from the members of our community, and some others
(i.e. both from <a href="http://www.woodmann.com/forum/blog.php">local</a> and external blogs, please let us know about any good external ones to import!). Feel free to discuss/comment any blog post in here.
Locked
My Infected Computer
Posts: 25
Joined: Sun Jun 16, 2013 5:42 pm
Contact:

Obfuscated shellcode inside a malicious RTF document

Post by My Infected Computer »

There are some nice tutorials about malicious Office documents around the web, but as far as I’ve seen so far I dealt an unusual *method to hide the shellcode. Great tools like OfficeMalScanner and others are unable to handle this particular scenario, so here is the story of my adventure inside this RTF file. The […]Image

http://zairon.wordpress.com/2014/03/06/ ... -document/
Locked