This content is open to everyone — sign in to save your progress, earn points, and unlock module exams.
Topic 4.3 of Malicious Web & Document Files
How attackers deliver malicious payloads through legitimate-looking HTML files that assemble the payload inside the browser, bypassing perimeter filters. Covers the technique, NOBELIUM and Lazarus campaigns, and defender visibility gaps.
By the end of this topic, you will
Quadrant 1 · e-Tutorial
Video content coming soon.
Quadrant 2 · e-Content
Quadrant 3 · Web Resources
Downloadable reference material
External links
Microsoft: HTML Smuggling — NOBELIUM Campaign
Microsoft's primary documentation of NOBELIUM using HTML smuggling to deliver ISO-based payloads in 2021.
Elastic: HTML Smuggling Detection
Technical breakdown of HTML smuggling mechanics with detection rule examples.
CyberChef
Use From Base64 + Magic to decode the embedded payload from a smuggling sample.
Quadrant 4 · Self-Assessment
Malicious Web & Document Files
Covers drive-by download attacks, JavaScript de-obfuscation, malicious PDF analysis, RTF exploitation, and Microsoft Office macro malware.
REMA Complete Assessment
A comprehensive 120-question assessment covering the entire Reverse Engineering and Malware Analysis curriculum: malware taxonomy and reverse engineering fundamentals, static and dynamic analysis, reversing malicious code, malicious web and document files, in-depth analysis of packed and fileless malware, and self-defending malware techniques.