Monday, September 14, 2009

OffVis 1.1 now available

A quick update on OffVis as September's toolsmith on the same topic begins to arrive in ISSA Journal subscriber's mailboxes.
MSRC Engineering Security Research & Defense has released OffVis 1.1, along with a detailed and insightful video (best viewed with IE) on the OLESS Office legacy binary file format.
The new release includes bug fixes, enhancements, and additional detected CVEs.
Download OffVis 1.1, watch the video, and read the article if you spend any time analyzing Office malware.
Cheers. | digg | Submit to Slashdot

Please support the Open Security Foundation (OSVDB)

1 comment:

Les Potter XALNIX said...

OffVis 1.1 is a nice tool, but has anyone yet reported the bug relating to the MiniFat? In a sample file I have, the MiniFat spans two sectors, namely 14 and 54. The Parser properly displays the first 128 MiniFat sector numbers but then gets confused there after. It tries to use sector 15 instead of 54.

toolsmith #133 - Anomaly Detection & Threat Hunting with Anomalize

When, in October and November 's toolsmith posts, I redefined DFIR under the premise of D eeper F unctionality for I nvestigators in R ...