tag:blogger.com,1999:blog-6803479147531086040.post7016356019000791584..comments2020-05-24T05:42:02.641-07:00Comments on tHEMbITS: Loffice - Analyzing malicious documents using WinDbgAnonymoushttp://www.blogger.com/profile/17658714840850871714noreply@blogger.comBlogger3125tag:blogger.com,1999:blog-6803479147531086040.post-30846665385817654222016-08-18T03:45:41.777-07:002016-08-18T03:45:41.777-07:00thanksthanksMotasem Hamdanhttps://www.blogger.com/profile/15043621836803436440noreply@blogger.comtag:blogger.com,1999:blog-6803479147531086040.post-68065942555661188952016-06-06T09:47:43.045-07:002016-06-06T09:47:43.045-07:00Glad that its of use. Do I understand you correctl...Glad that its of use. Do I understand you correctly about launching Powershell from Office documents? This is covered as launching Powershell from an Office macro would call CreateProcess. In such case you would get the commandline used for launching Powershell, such as the long base64-encoded Powershell script commonly seen.Anonymoushttps://www.blogger.com/profile/17658714840850871714noreply@blogger.comtag:blogger.com,1999:blog-6803479147531086040.post-78602319864749355672016-06-06T09:32:04.515-07:002016-06-06T09:32:04.515-07:00Thank you so much. This is exceptional useful. Hav...Thank you so much. This is exceptional useful. Have you think about office with Powershell command? can we use WinDbg in this case?peterhttps://www.blogger.com/profile/08942529259605567160noreply@blogger.com