Forum Discussion

Bronze I

24 days ago

Incident Response: Suspicious Email – Part 2 -Help Needed.

Hi, I'm currently trying to complete this lab but I'm stuck on step 10. I have tried to use the different tools at hand but I'm struggling to extract the VBA and getting the binaries for it. Any hel...

help & support

immersive labs

Sw33p

Bronze I

23 days ago

Hi there I managed to solve that Step by manually getting all the "DataDump" Decimalnumbers into one separate file then proceeding to change the Decimals to ASCII. With that you'll get a new file with partially readable Text.
I created a Pythonscript to change the Decimals to ASCII but I suspect oletools has the capability for this aswell, however I'm unfamiliar with them so I just scripted something. Maybe there is further oletools Labs which could provide the necessary background info.
Before this I used olevba to extract the Information of the Binary file.

Forum Discussion

Incident Response: Suspicious Email – Part 2 -Help Needed.

Featured Places

Help & Support Forum

Related Content

Incident Response and Forensics for EC2: Preparation

Incident Response: Suspicious Email – Part 3

Incident Response: Suspicious Email – Part 2

Incident Response Suspicious Email Part 2 last Question

Incident Response: P2 - stuck on Q11

Recent Discussions

Privilege Escalation: Windows – Automated Enumeration

Elastic Data Ingest: Ep.2 – Filebeat

Web server brute force authentication: Ep. 1 - Compromising an account

Google Cloud Basics: Ep.7 – Demonstrate Your Skills - Task 10

Credential Access: Using Hydra