How to detect malicious documents exploiting the MS Office vulnerability CVE-2026-21509

olefile (formerly OleFileIO_PL) is a Python package to parse, read and write Microsoft OLE2 files (also called Structured Storage, Compound File Binary Format or Compound Document File Format), such as Microsoft Office 97-2003 documents, vbaProject.bin in MS Office 2007+ files, Image Composer and FlashPix files, Outlook MSG files, StickyNotes, several Microscopy file formats, McAfee antivirus quarantine files, etc....

all my presentations and articles about cyber security

python-oletools is a package of python tools to analyze Microsoft OLE2 files (also called Structured Storage, Compound File Binary Format or Compound Document File Format), such as Microsoft Office documents or Outlook messages, mainly for malware analysis, forensics and debugging. It is based on my olefile parser. ...

If you want to test or use ExeFilter on Windows but you cannot or you do not want to install a Python interpreter, Portable ExeFilter is a simple solution. You just need to unzip it in any folder on a hard drive or a USB stick and it should run anywhere....

Presentation at Black Hat Europe 2019, about malicious VBA Macros and recent advances in the attack and defense sides....

olefile (formerly OleFileIO_PL) is a Python package to parse, read and write Microsoft OLE2 files (also called Structured Storage, Compound File Binary Format or Compound Document File Format), such as Microsoft Office 97-2003 documents, vbaProject.bin in MS Office 2007+ files, Image Composer and FlashPix files, Outlook MSG files, StickyNotes, several Microscopy file formats, McAfee antivirus quarantine files, etc....

Sometimes I need to use pip, git, twine and PyCharm behind a proxy, and I have to look up how to configure them. Here's a quick cheat sheet:pipThe proxy needs to be provided on the command line each time you run pip, as follows:pip install --proxy http://proxyserver:port <package>If you need authentication:pip install --proxy http://user:password@proxyserver:port <package>gitThe proxy can be set in the configuration using this command:...