Summary: The video discusses a method for identifying shell code entry points within an RTF document exploiting CVE-2017-11882. Using various analysis tools, the presenter demonstrates how to extract and analyze shell code and identify its entry point, leading to the extraction of useful strings that may indicate malicious activity.
Keypoints:
- The video focuses on analyzing an RTF document containing shell code related to CVE-2017-11882.
- Utilizes tools such as HxD and RTF OBS for examining the document’s content and structure.
- Identifies potential entry points for the shell code by searching for call instructions with relative offsets.
- Demonstrates the process of creating a PE file from the shell code for easier analysis.
- Confirms the shell code’s execution path by using a debugger to observe changes post-exploitation.
- Extracts strings indicating potential download URLs and file paths from the shell code.
- Discusses the challenges of setting up environments to test old vulnerabilities due to software availability.
- Encourages viewers to engage by liking, subscribing, and sharing their thoughts in the comments.
Youtube Video: https://www.youtube.com/watch?v=aV5lI3QtExw
Youtube Channel: Dr Josh Stroschein – The Cyber Yeti
Video Published: Thu, 30 Jan 2025 19:00:01 +0000