Skip to content

Didier Stevens Videos

Search for:

Home
About
count.py

Didier Stevens Videos RSS

RSS - Posts

Search for:

Recent Posts

YARA Rules for Office Maldocs
Obfuscated Maldoc: Reversed BASE64
Decrypting Cobalt Strike Metadata Without and With Malleable C2 Instructions
Decrypting Cobalt Strike Traffic With Keys Extracted From Process Memory
Phishing ZIP With Malformed Filename

Recent Comments

	isodump.py \| Didier… on The Security Toolsmith (NVISO…
	Overview of Content… on Maldoc Analysis With Cybe…
	ZIP(EICAR File), Mem… on EICAR File, Memorized
	Overview of Content… on AutoCAD & VBA
	Overview of Content… on Analyzing .DWG Files With Embe…

Archives

Categories

howto
malware
my software
Science
technology
Uncategorized
video

Meta

Register
Log in
Entries feed
Comments feed
WordPress.com

YARA Rules for Office Maldocs

Tools: oledump.py, zipdump.py

ISC diary entries: Simple YARA Rules for Office Maldocs, YARA Rule for OOXML Maldocs: Less False Positives

Comment

November 27, 2021 Didier Stevens

Obfuscated Maldoc: Reversed BASE64

Sample: a9490d94cf547e27dcc0d52dc72e74e7

Tools: oledump.py, zipdump.py, xmldump.py, translate.py, base64dump.py

ISC Diary entry: Obfuscated Maldoc: Reversed BASE64

Comment

November 23, 2021 Didier Stevens

Decrypting Cobalt Strike Metadata Without and With Malleable C2 Instructions

Tools: 1768.py, cs-decrypt-metadata.py

Blog posts: Update: 1768.py Version 0.0.9, Update: cs-decrypt-metadata.py Version 0.0.2

Comment

November 23, 2021 Didier Stevens

Decrypting Cobalt Strike Traffic With Keys Extracted From Process Memory

Tools: 1768.py, cs-extract-key.py, cs-parse-http-traffic.py

ISC diary entry: Decrypting Cobalt Strike Traffic With Keys Extracted From Process Memory

Comment

November 7, 2021 Didier Stevens

Phishing ZIP With Malformed Filename

Tool: zipdump.py

ISC diary entries: Reader Malware: ZIP/HTML Phish, Phishing ZIP With Malformed Filename, Video: Phishing ZIP With Malformed Filename

Comment

October 31, 2021 Didier Stevens

Cobalt Strike: Decrypting C2 Traffic With A “Leaked” Private Key

Network capture: 2021-02-02 – QUICK POST: HANCITOR INFECTION WITH FICKER STEALER, COBALT STRIKE, & NETSUPPORT RAT

Tools: cs-decrypt-metadata.py, cs-parse-http-traffic.py, 1768.py

Blog posts: Cobalt Strike: Using Known Private Keys To Decrypt Traffic – Part 1, Cobalt Strike: Using Known Private Keys To Decrypt Traffic – Part 2, Decrypting Cobalt Strike Traffic With a “Leaked” Private Key

Comment

October 31, 2021 Didier Stevens

CVE-2021-40444 Maldocs: Extracting URLs

Samples: ed2b9e22aef3e545814519151528b2d11a5e73d1b2119c067e672b653ab6855a and 679bbe0c50754853978a3a583505ebb99bce720cf26a6aaf8be06cd879701ff1

Tools: zipdump.py, re-search.py and xmldump.py

ISC diary entry: Simple Analysis Of A CVE-2021-40444 .docx Document

Comment

October 4, 2021 Didier Stevens

Strings Analysis: VBA & Excel4 Maldoc

Tools: CyberChef

Sample: 2013496fe5524988c28357245d684cdca787b47c0b3b16cae20b3222977d769b

ISC Diary Entry: Strings Analysis: VBA & Excel4 Maldoc

Comment

October 2, 2021 Didier Stevens

Simple Analysis Of A CVE-2021-40444 .docx Document

Samples: ed2b9e22aef3e545814519151528b2d11a5e73d1b2119c067e672b653ab6855a and 679bbe0c50754853978a3a583505ebb99bce720cf26a6aaf8be06cd879701ff1

Tools: zipdump.py, re-search.py and xmldump.py

ISC diary entry: Simple Analysis Of A CVE-2021-40444 .docx Document

Comment

September 19, 2021 Didier Stevens

My YouTube Playlists

I started to create YouTube playlists for my videos.

Comment

August 19, 2021August 18, 2021 Didier Stevens

Posts navigation

← Older posts

Blog at WordPress.com.

Didier Stevens Videos

Blog at WordPress.com.

Follow Following
- Didier Stevens Videos
- Already have a WordPress.com account? Log in now.

Loading Comments...

Write a Comment...

Email (Required)

Name (Required)

Website