Kwelwild Posted April 5, 2013 Report Posted April 5, 2013 Description: In this video Matt Graeber talking about Parsing Binary File Formates with PowershellWhy parse binary file formats?Malware Analysis You needs the ability to compare a malicious/malformed file against known good files. Fuzzing You want to generate thousands or millions of malformed files of a certain format in order to stress test or find vulnerabilities in programs that open that particular file format. Curiosity you simply want to gain an understanding of how a piece of software interprets a particular file format.Why use PowerShell to parse binary file formats?Once parsed, file formats can be represented as objects Objects can be inspected, analyzed, and/or manipulated with ease. Its output can be passed to other functions/cmdlets/scripts for further processing. Automation! Once a parser is written, you can analyze a large number of file formats, quickly perform analysis, and gather statistics on a large collection of files. Example: You could analyze all known good file formats on a clean system, take a baseline of known good and use that as a heuristic to determine if an unknown file is potentially malicious or malformed.Slide : -http://www.exploit-monday.com/2013/03/ParsingBinaryFileFormatsWithPowerShell.htmlDisclaimer: We are a infosec video aggregator and this video is linked from an external website. The original author may be different from the user re-posting/linking it here. Please do not assume the authors to be same without verifying.Original Source: Sursa: Parsing Binary File Formats With Powershell Quote
