Description: In this video Matt Graeber talking about Parsing Binary File Formates with Powershell
Why parse binary file formats?
Malware Analysis You needs the ability to compare a malicious/malformed file against known good files. Fuzzing You want to generate thousands or millions of malformed files of a certain format in order to stress test or find vulnerabilities in programs that open that particular file format. Curiosity you simply want to gain an understanding of how a piece of software interprets a particular file format.
Why use PowerShell to parse binary file formats?
Once parsed, file formats can be represented as objects Objects can be inspected, analyzed, and/or manipulated with ease. Its output can be passed to other functions/cmdlets/scripts for further processing. Automation! Once a parser is written, you can analyze a large number of file formats, quickly perform analysis, and gather statistics on a large collection of files. Example: You could analyze all known good file formats on a clean system, take a baseline of known good and use that as a heuristic to determine if an unknown file is potentially malicious or malformed.
Slide : -http://www.exploit-monday.com/2013/03/ParsingBinaryFileFormatsWithPowerShell.html
Tags: powershell , binary , malware , analysis ,
Disclaimer: We are a infosec video aggregator and this video is linked from an external website. The original author may be different from the user re-posting/linking it here. Please do not assume the authors to be same without verifying.