I published the following diary on isc.sans.edu: “XLSB Files: Because Binary is Stealthier Than XML“:
In one of his last diaries, Brad mentioned an Excel sheet named with a .xlsb extension. Now, it was my turn to find one… What’s the magic behind this file extension? “XLS” means that we are facing an Excel sheet and “B” means that we have a binary workbook file. Within the current Microsoft office files format, data are stored in XML. In this case, they are stored in binary. For Microsoft Office, to open a normal or binary file is the same… but for an attacker, the plus-value is the increased level of obfuscation! Indeed, it’s more difficult to extract interesting information like… [Read more]