In this video I show you how to extract a malicious URL from a PDF without opening it, how to spot a weaponized Office document, and a method to quickly de-blur PowerShell. To enjoy!

Left:
– REMnux: https://www.remnux.org
-PDF: https://app.any.run/tasks/0bf96bc2-041b-4918-9440-4fce9b160ae7/#
– Macros enabled document: https://hybrid-analysis.com/sample/0aee2350aab11b452b864426d7e7f5735b06ed55c09429f0e0ab38015b8771ee?environmentId=100
===
My SANS courses:
– SEC450 – Blue Team Basics: https://sans.org/sec450
– MGT551 – Building and Leading Security Operations Centers: https://sans.org/mgt551

PDF Security Operations Guide: https://www.sans.org/security-resources/posters/cyber-defense/guide-security-operations-260
Blueprint Podcast: https://sans.org/blueprint-podcast
Twitter: https://twitter.com/SecHubb

Please take the opportunity to connect and share this video with your friends and family if you find it helpful.