Email-borne documents are still the easiest way into an enterprise, so an analyst must tear them apart quickly and safely. In this module, you first learn the anatomy of PDFs, objects, actions, and embedded JavaScript, then tackle a historic yet instructive Adobe Reader exploit, carving out the payload byte-by-byte. Shifting to Office files, you explore how VBA macros, enumerate suspicious modules, and trace obfuscated code that injects shellcode straight into memory. By the end, you’ll wield a toolkit and workflow for spotting, extracting, and neutralising malicious document payloads long before a victim can click “Enable Content.”