Are you analyzing malicious office documents that your users dutifully send to you daily, or are you satisfied with just throwing it on VirusTotal and hoping for the best? In this talk I'll discuss why you should be manually analyzing ALL documents that make it through your email filters. You don't need a full time malware analyst to just do some cursory investigation. In this talk I'll show you how to analyze malicious office docs so you can quickly triage the threat. Are you blocking the delivery URLs? Does your A/V detect the second stage? Was this a targeted attack to your organization or just a shotgun blast that you got caught in? I will present a methodology for getting quick information from the document, share some tools I've found which make the job easier, and introduce some quick wins to decrease your overall malware volume.
Doug Burns is the swiss army knife of infosec folks. Lots of abilities, but doesn't perform any of them as well as a specialist in the field. He holds several industry certifications and is currently pursuing a Master's in Cybersecurity and Information Assurance. He has worked for everything from Fortune 100 companies down to a 20 person ISP and everything in between. Primary interests lie in malware analysis, red teaming and security awareness.