1.1 KiB
1.1 KiB
ReMnux
Tools
Peepdf
- Extracting JS from PDF using config file into
js_from_pdf.js
echo 'extract js > js_from_pdf.js' > extract_js.conf
peepdf -s extract_js.conf <file.pdf>
vmonkey
- Detects malicious VBasic code in documents.
vmonkey <file.doc>
Packaged Binaries
- Can be identified via entropy or loaded libs
Volatility
- Cheat sheet
- Basic Info, find OS profile
volatility -f <file.iso> imageinfo
volatility -f <file.iso> kdbgscan
- Process list
volatility -f <file.iso> --profile <OSprofile> pslist
- List dlls
volatility -f <file.iso> --profile <OSprofile> dlllist -p <PID>
- Last accessed dir
volatility -f <file.iso> --profile <OSprofile> shellbags