![]() It’s probably a good idea to create a new PST rather than merge it all into your actual Outlook, but for testing purposes whatever works. What this means for our analysis is that we need to add the OutlookSpy add on (and enable it in Preferences), and then import the email into Outlook. ![]() This add-on for Outlook will allow you to view the hidden secrets stored within. The downside of this is that we don’t necessarily know what the streams actually represent, which is why we want to use a tool that presents our the headers with their correct names.Įnter OutlookSpy. As we know it’s an OLE file, we can use OLE parsing tools, such as Didier Stevens oledump to extract out specific streams (it even has a specific MSG plugin). We can read more about the MSG format specification here. MSG format, which we know to be an OLE file. In some instances they even truncate the headers, so YMMV. Unfortunately, the limitation here is that the free tools that I’ve played with generally don’t show you the extended MAPI headers. I opened the email with Mailraider Pro, which worked fine for viewing the contents, attachment, and the email headers. Please let me know if there’s a way to do this without Outlook! If you'd like to play along, the challenge has been archived here I tried to do this one with entirely free tools again, but there’s a minor caveat that you do need access to Outlook to get the full MSG parsing experience. This week we’ve been given an MSG file containing correspondence between two colleagues. Back for week 2 of the Metaspike weekly CTF.
0 Comments
Leave a Reply. |