Reversing Malicious Office Document (Macro) Emotet(?)
OLEVBA - https://github.com/decalage2/oletools/wiki/olevba
1:58 - Extract Macro with olevba
2:40 - ExifTool to examine Document Metadata (Comments used in Macro)
3:48 - Examining Macro Code
4:21 - Using Python to explan Right(left))
7:20 - Opening ProcMon
9:07 - Why you should be careful when executing portions of "bad code"
9:55 - Viewing Macro's in Word and DeObfuscating by changing Shell to Print
12:17 - Start of Obfuscated Powershell (after de-base64)
13:21 - Malicious Powershell Code
15:15 - Upload to VirusTotal
16:51 - Looking at process explorer
20:21 - Looking at Wireshark
What You'll Learn
Reverses a malicious Office document using olevba and ExifTool
Watch on YouTube ↗
(saves to browser)
Sign in to unlock AI tutor explanation · ⚡30
Playlist
Uploads from IppSec · IppSec · 10 of 60
1
2
3
4
5
6
7
8
9
▶
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
HHC2016 - Analytics
IppSec
HackTheBox - October
IppSec
HackTheBox - Arctic
IppSec
HackTheBox - Brainfuck
IppSec
HackTheBox - Bank
IppSec
HackTheBox - Joker
IppSec
HackTheBox - Lazy
IppSec
Camp CTF 2015 - Bitterman
IppSec
HackTheBox - Devel
IppSec
Reversing Malicious Office Document (Macro) Emotet(?)
IppSec
HackTheBox - Granny and Grandpa
IppSec
HackTheBox - Pivoting Update: Granny and Grandpa
IppSec
HackTheBox - Optimum
IppSec
HackTheBox - Charon
IppSec
HackTheBox - Sneaky
IppSec
HackTheBox - Holiday
IppSec
HackTheBox - Europa
IppSec
Introduction to tmux
IppSec
HackTheBox - Blocky
IppSec
HackTheBox - Nineveh
IppSec
HackTheBox - Jail
IppSec
HackTheBox - Blue
IppSec
HackTheBox - Calamity
IppSec
HackTheBox - Shrek
IppSec
HackTheBox - Mirai
IppSec
HackTheBox - Shocker
IppSec
HackTheBox - Mantis
IppSec
HackTheBox - Node
IppSec
HackTheBox - Kotarak
IppSec
HackTheBox - Enterprise
IppSec
HackTheBox - Sense
IppSec
HackTheBox - Minion
IppSec
VulnHub - Sokar
IppSec
VulnHub - Pinkys Palace v2
IppSec
HackTheBox - Inception
IppSec
Vulnhub - Trollcave 1.2
IppSec
HackTheBox - Ariekei
IppSec
HackTheBox - Flux Capacitor
IppSec
HackTheBox - Jeeves
IppSec
HackTheBox - Tally
IppSec
HackTheBox - CrimeStoppers
IppSec
HackTheBox - Fulcrum
IppSec
HackTheBox - Chatterbox
IppSec
HackTheBox - Falafel
IppSec
How To Create Empire Modules
IppSec
HackTheBox - Nightmare
IppSec
HackTheBox - Nightmarev2 - Speed Run/Unintended Solutions
IppSec
HackTheBox - Bart
IppSec
HackTheBox - Aragog
IppSec
HackTheBox - Valentine
IppSec
HackTheBox - Silo
IppSec
HackTheBox - Rabbit
IppSec
HackTheBox - Celestial
IppSec
HackTheBox - Stratosphere
IppSec
HackTheBox - Poison
IppSec
HackTheBox - Canape
IppSec
HackTheBox - Olympus
IppSec
HackTheBox - Sunday
IppSec
HackTheBox - Fighter
IppSec
HackTheBox - Bounty
IppSec
Related AI Lessons
⚡
⚡
⚡
⚡
Web3 Navigates Rising Cyber Threats Amidst Emerging Development Opportunities
Dev.to AI
The Fight For Decision Advantage 3D Physical Security Has Arrived
Forbes Innovation
Anthropic Built Mythos then pulled back. I’d Been Building the Same Idea since before and…
Medium · Cybersecurity
CVE-2026-42824 SearchLeak: How M365 Copilot Became a One-Click Data Exfiltration Tool
Dev.to AI
Chapters (12)
1:58
Extract Macro with olevba
2:40
ExifTool to examine Document Metadata (Comments used in Macro)
3:48
Examining Macro Code
4:21
Using Python to explan Right(left))
7:20
Opening ProcMon
9:07
Why you should be careful when executing portions of "bad code"
9:55
Viewing Macro's in Word and DeObfuscating by changing Shell to Print
12:17
Start of Obfuscated Powershell (after de-base64)
13:21
Malicious Powershell Code
15:15
Upload to VirusTotal
16:51
Looking at process explorer
20:21
Looking at Wireshark
🎓
Tutor Explanation
DeepCamp AI