[Bro] compressed file analyzer + docx files
Vlad Grigorescu
vladg at illinois.edu
Fri Jan 6 08:56:11 PST 2017
erik clark <philosnef at gmail.com> writes:
> Has anyone given any thought as to the possiblity of using a compressed
> file analyzer to open and detect embedded flash files in docx files, or
> macros in the same? I realize that that means we need a file analyzer
> first, but I have been thinking about alternate use cases for the analyzer,
> and this one sprung to mind...
Do you know what the format looks like? I took a crack at a zip file
analyzer a while back, but it turns out that the only authoritative data
is in the footer, so that doesn't work with incremental parsing.
--Vlad
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 800 bytes
Desc: not available
Url : http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20170106/3580447e/attachment.bin
More information about the Bro
mailing list