| 2023-05-07 | Didier Stevens | Quickly Finding Encoded Payloads in Office Documents |
| 2023-02-05 | Didier Stevens | Video: Analyzing Malicious OneNote Documents |
| 2023-02-01 | Didier Stevens | Detecting (Malicious) OneNote Files |
| 2022-09-24 | Didier Stevens | Maldoc Analysis Info On MalwareBazaar |
| 2022-09-16 | Didier Stevens | Word Maldoc With CustomXML and Renamed VBAProject.bin |
| 2022-09-10 | Guy Bruneau | Phishing Word Documents with Suspicious URL |
| 2022-09-09 | Didier Stevens | Maldoc With Decoy BASE64 |
| 2022-09-04 | Didier Stevens | Video: VBA Maldoc & UTF7 (APT-C-35) |
| 2022-08-29 | Didier Stevens | Update: VBA Maldoc & UTF7 (APT-C-35) |
| 2022-08-16 | Didier Stevens | VBA Maldoc & UTF7 (APT-C-35) |
| 2022-07-10 | Guy Bruneau | Excel 4 Emotet Maldoc Analysis using CyberChef |
| 2022-06-12 | Didier Stevens | Quickie: Follina, RTF & Explorer Preview Pane |
| 2022-06-06 | Didier Stevens | "ms-msdt" RTF Maldoc Analysis: oledump Plugins |
| 2022-06-05 | Didier Stevens | Analysis Of An "ms-msdt" RTF Maldoc |
| 2022-05-02 | Didier Stevens | Detecting VSTO Office Files With ExifTool |
| 2022-04-24 | Didier Stevens | Analyzing a Phishing Word Document |
| 2022-04-17 | Didier Stevens | Video: Office Protects You From Malicious ISO Files |
| 2022-04-16 | Didier Stevens | Office Protects You From Malicious ISO Files |
| 2022-04-10 | Didier Stevens | Video: Method For String Extraction Filtering |
| 2022-04-09 | Didier Stevens | Method For String Extraction Filtering |
| 2022-03-30 | Didier Stevens | Quickie: Parsing XLSB Documents |
| 2022-03-27 | Didier Stevens | Video: Maldoc Cleaned by Anti-Virus |
| 2021-11-28 | Didier Stevens | Video: YARA Rules for Office Maldocs |
| 2021-11-23 | Didier Stevens | YARA Rule for OOXML Maldocs: Less False Positives |
| 2021-11-14 | Didier Stevens | Video: Obfuscated Maldoc: Reversed BASE64 |
| 2021-10-03 | Didier Stevens | Video: CVE-2021-40444 Maldocs: Extracting URLs |
| 2021-09-25 | Didier Stevens | Video: Strings Analysis: VBA & Excel4 Maldoc |
| 2021-09-25 | Didier Stevens | Strings Analysis: VBA & Excel4 Maldoc |
| 2021-09-22 | Didier Stevens | An XML-Obfuscated Office Document (CVE-2021-40444) |
| 2021-09-19 | Didier Stevens | Video: Simple Analysis Of A CVE-2021-40444 .docx Document |
| 2021-09-18 | Didier Stevens | Simple Analysis Of A CVE-2021-40444 .docx Document |
| 2021-06-28 | Didier Stevens | CFBF Files Strings Analysis |
| 2021-02-28 | Didier Stevens | Maldocs: Protection Passwords |
| 2021-02-23 | Jan Kopriva | Qakbot in a response to Full Disclosure post |
| 2021-02-22 | Didier Stevens | Unprotecting Malicious Documents For Inspection |
| 2021-02-21 | Didier Stevens | DDE and oledump |
| 2021-01-24 | Didier Stevens | Video: Doc & RTF Malicious Document |
| 2021-01-23 | Didier Stevens | CyberChef: Analyzing OOXML Files for URLs |
| 2021-01-18 | Didier Stevens | Doc & RTF Malicious Document |
| 2021-01-10 | Didier Stevens | Maldoc Analysis With CyberChef |
| 2021-01-09 | Didier Stevens | Maldoc Strings Analysis |
| 2020-12-24 | Xavier Mertens | Malicious Word Document Delivering an Octopus Backdoor |
| 2020-12-15 | Didier Stevens | Analyzing FireEye Maldocs |
| 2020-11-22 | Didier Stevens | Quick Tip: Extracting all VBA Code from a Maldoc - JSON Format |
| 2020-10-31 | Didier Stevens | More File Selection Gaffes |
| 2020-10-26 | Didier Stevens | Excel 4 Macros: "Abnormal Sheet Visibility" |
| 2020-08-31 | Didier Stevens | Finding The Original Maldoc |
| 2020-08-29 | Didier Stevens | Malicious Excel Sheet with a NULL VT Score: More Info |
| 2020-08-19 | Xavier Mertens | Example of Word Document Delivering Qakbot |
| 2020-08-16 | Didier Stevens | Small Challenge: A Simple Word Maldoc - Part 3 |
| 2020-08-02 | Didier Stevens | Small Challenge: A Simple Word Maldoc |
| 2020-07-12 | Didier Stevens | Maldoc: VBA Purging Example |
| 2020-06-12 | Xavier Mertens | Malicious Excel Delivering Fileless Payload |
| 2020-06-01 | Didier Stevens | XLMMacroDeobfuscator: An Update |
| 2020-05-24 | Didier Stevens | Zloader Maldoc Analysis With xlm-deobfuscator |
| 2020-04-26 | Didier Stevens | Video: Malformed .docm File |
| 2020-04-18 | Guy Bruneau | Maldoc Falsely Represented as DOCX Invoice Redirecting to Fake Apple Store |
| 2020-04-06 | Didier Stevens | Password Protected Malicious Excel Files |
| 2020-04-05 | Guy Bruneau | Maldoc XLS Invoice with Excel 4 Macros |
| 2020-04-04 | Didier Stevens | New Bypass Technique or Corrupt Word Document? |
| 2020-03-29 | Didier Stevens | Obfuscated Excel 4 Macros |
| 2020-03-09 | Didier Stevens | Malicious Spreadsheet With Data Connection and Excel 4 Macros |
| 2020-02-24 | Didier Stevens | Maldoc: Excel 4 Macros and VBA, Devil and Angel? |
| 2020-02-23 | Didier Stevens | Maldoc: Excel 4 Macros in OOXML Format |
| 2020-01-09 | Xavier Mertens | Quick Analyzis of a(nother) Maldoc |
| 2019-12-22 | Didier Stevens | Extracting VBA Macros From .DWG Files |
| 2019-12-16 | Didier Stevens | Malicious .DWG Files? |
| 2019-12-14 | Didier Stevens | (Lazy) Sunday Maldoc Analysis: A Bit More ... |
| 2019-12-09 | Didier Stevens | (Lazy) Sunday Maldoc Analysis |
| 2019-08-15 | Didier Stevens | Analysis of a Spearphishing Maldoc |
| 2019-07-28 | Didier Stevens | Video: Analyzing Compressed PowerShell Scripts |
| 2019-07-06 | Didier Stevens | Malicious XSL Files |
| 2019-07-05 | Didier Stevens | A "Stream O" Maldoc |
| 2019-07-01 | Didier Stevens | Maldoc: Payloads in User Forms |
| 2019-05-28 | Didier Stevens | Office Document & BASE64? PowerShell! |
| 2019-05-01 | Didier Stevens | VBA Office Document: Which Version? |
| 2019-04-27 | Didier Stevens | Quick Tip for Dissecting CVE-2017-11882 Exploits |
| 2019-04-23 | Didier Stevens | Malicious VBA Office Document Without Source Code |
| 2019-03-31 | Didier Stevens | Maldoc Analysis of the Weekend by a Reader |
| 2019-03-25 | Didier Stevens | "VelvetSweatshop" Maldocs: Shellcode Analysis |
| 2019-03-23 | Didier Stevens | "VelvetSweatshop" Maldocs |
| 2019-03-17 | Didier Stevens | Video: Maldoc Analysis: Excel 4.0 Macro |
| 2019-03-16 | Didier Stevens | Maldoc: Excel 4.0 Macros |
| 2019-02-27 | Didier Stevens | Maldoc Analysis by a Reader |
| 2019-02-17 | Didier Stevens | Video: Finding Property Values in Office Documents |
| 2019-02-16 | Didier Stevens | Finding Property Values in Office Documents |
| 2019-02-11 | Didier Stevens | Have You Seen an Email Virus Recently? |
| 2019-02-10 | Didier Stevens | Video: Maldoc Analysis of the Weekend |
| 2019-02-09 | Didier Stevens | Maldoc Analysis of the Weekend |
| 2019-01-26 | Didier Stevens | Video: Analyzing Encrypted Malicious Office Documents |
| 2019-01-11 | Didier Stevens | Quick Maldoc Analysis |
| 2019-01-07 | Didier Stevens | Analyzing Encrypted Malicious Office Documents |
| 2019-01-02 | Didier Stevens | Maldoc with Nonfunctional Shellcode |
| 2018-12-29 | Didier Stevens | Video: De-DOSfuscation Example |
| 2018-12-17 | Didier Stevens | Password Protected ZIP with Maldoc |
| 2018-12-12 | Didier Stevens | Yet Another DOSfuscation Sample |
| 2018-12-03 | Didier Stevens | Word maldoc: yet another place to hide a command |
| 2018-11-26 | Russ McRee | ViperMonkey: VBA maldoc deobfuscation |
| 2018-11-23 | Didier Stevens | Video: Dissecting a CVE-2017-11882 Exploit |
| 2018-11-10 | Didier Stevens | Video: CyberChef: BASE64/XOR Recipe |
| 2018-11-02 | Didier Stevens | TriJklcj2HIUCheDES decryption failed? |
| 2018-10-16 | Didier Stevens | CyberChef: BASE64/XOR Recipe |
| 2018-10-13 | Didier Stevens | Maldoc: Once More It's XOR |
| 2018-10-01 | Didier Stevens | Decoding Custom Substitution Encodings with translate.py |
| 2018-09-30 | Didier Stevens | When DOSfuscation Helps... |
| 2018-08-25 | Didier Stevens | Microsoft Publisher malware: static analysis |
| 2018-08-05 | Didier Stevens | Video: Maldoc analysis with standard Linux tools |
| 2018-07-30 | Didier Stevens | Malicious Word documents using DOSfuscation |
| 2018-06-17 | Didier Stevens | Encrypted Office Documents |
| 2018-02-02 | Xavier Mertens | Simple but Effective Malicious XLS Sheet |
| 2018-01-28 | Didier Stevens | Is this a pentest? |
| 2018-01-20 | Didier Stevens | An RTF phish |
| 2018-01-02 | Didier Stevens | PDF documents & URLs: video |
| 2017-12-31 | Didier Stevens | Analyzing TNEF files |
| 2017-12-25 | Didier Stevens | Dealing with obfuscated RTF files |
| 2017-12-24 | Didier Stevens | PDF documents & URLs: update |
| 2017-12-23 | Didier Stevens | Encrypted PDFs |
| 2017-12-19 | Xavier Mertens | Example of 'MouseOver' Link in a Powerpoint File |
| 2017-12-18 | Didier Stevens | Phish or scam? - Part 2 |
| 2017-12-17 | Didier Stevens | Phish or scam? - Part 1 |
| 2017-12-09 | Didier Stevens | Sometimes it's a dud |
| 2017-11-06 | Didier Stevens | Metasploit's Maldoc |
| 2017-11-05 | Didier Stevens | Extracting the text from PDF documents |
| 2017-11-04 | Didier Stevens | PDF documents & URLs |
| 2017-09-10 | Didier Stevens | It is a resume - Part 3 |
| 2017-08-20 | Didier Stevens | It's Not An Invoice ... |
| 2017-08-17 | Xavier Mertens | Maldoc with auto-updated link |
| 2017-08-10 | Didier Stevens | Maldoc Analysis with ViperMonkey |
| 2017-07-29 | Didier Stevens | Maldoc Submitted and Analyzed |
| 2017-07-28 | Didier Stevens | Static Analysis of Emotet Maldoc |
| 2017-07-15 | Didier Stevens | Office maldoc + .lnk |
| 2017-07-10 | Didier Stevens | Basic Office maldoc analysis |
| 2017-04-28 | Xavier Mertens | Another Day, Another Obfuscation Technique |
| 2017-04-23 | Didier Stevens | Malicious Documents: A Bit Of News |
| 2017-04-21 | Xavier Mertens | Analysis of a Maldoc with Multiple Layers of Obfuscation |
| 2017-03-05 | Didier Stevens | Another example of maldoc string obfuscation, with extra bonus: UAC bypass |
| 2017-02-26 | Didier Stevens | CRA Maldoc Analysis |
| 2016-12-24 | Didier Stevens | Pinging All The Way |
| 2016-12-10 | Didier Stevens | Sleeping VBS Really Wants To Sleep |
| 2016-12-05 | Didier Stevens | Hancitor Maldoc Videos |
| 2016-11-18 | Didier Stevens | VBA Shellcode and Windows 10 |
| 2016-11-12 | Didier Stevens | VBA Shellcode and EMET |
| 2016-10-17 | Didier Stevens | Maldoc VBA Anti-Analysis: Video |
| 2016-10-16 | Didier Stevens | Analyzing Office Maldocs With Decoder.xls |
| 2016-10-15 | Didier Stevens | Maldoc VBA Anti-Analysis |
| 2016-09-26 | Didier Stevens | VBA and P-code |
| 2016-08-06 | Didier Stevens | rtfdump |
| 2016-07-30 | Didier Stevens | rtfobj |
| 2016-07-29 | Didier Stevens | Malicious RTF Files |
| 2016-07-19 | Didier Stevens | Office Maldoc: Let's Focus on the VBA Macros Later... |
| 2016-03-29 | Didier Stevens | VBE: Encoded VBS Script |
| 2016-02-21 | Didier Stevens | Tip: Quick Analysis of Office Maldoc |
| 2016-01-11 | Didier Stevens | BlackEnergy .XLS Dropper |
| 2015-12-26 | Didier Stevens | Malfunctioning Malware |
| 2015-11-21 | Didier Stevens | Maldoc Social Engineering Trick |
| 2015-09-19 | Didier Stevens | Don't launch that file Adobe Reader! |
| 2015-08-26 | Didier Stevens | PDF + maldoc1 = maldoc2 |
| 2015-05-15 | Didier Stevens | Another Maldoc? I'm Afraid So... |
| 2015-05-09 | Didier Stevens | Malicious Word Document: This Time The Maldoc Is A MIME File |
| 2015-04-10 | Didier Stevens | The Kill Chain: Now With Pastebin |
| 2015-03-30 | Didier Stevens | YARA Rules For Shellcode |
| 2015-03-14 | Didier Stevens | Maldoc VBA Sandbox/Virtualization Detection |
