Skip to content

Didier Stevens Videos

Search for:

Home
About
count.py

Didier Stevens Videos RSS

RSS - Posts

Search for:

Recent Posts

Extracting Information From “logfmt” Files With CyberChef
PNG + mimikatz.exe
PNG Analysis
Analysis of a Malicious HTML File (QBot)
Grep & Tail -f With Notepad++

Recent Comments

	Mike Michalko on James Webb JPEG With Malw…
	isodump.py \| Didier… on The Security Toolsmith (NVISO…
	Overview of Content… on Maldoc Analysis With Cybe…
	ZIP(EICAR File), Mem… on EICAR File, Memorized
	Overview of Content… on AutoCAD & VBA

Archives

Categories

howto
malware
my software
Networking
Science
technology
Uncategorized
video

Meta

Register
Log in
Entries feed
Comments feed
WordPress.com

Month: November 2021

YARA Rules for Office Maldocs

Tools: oledump.py, zipdump.py

ISC diary entries: Simple YARA Rules for Office Maldocs, YARA Rule for OOXML Maldocs: Less False Positives

Comment

November 27, 2021 Didier Stevens

Obfuscated Maldoc: Reversed BASE64

Sample: a9490d94cf547e27dcc0d52dc72e74e7

Tools: oledump.py, zipdump.py, xmldump.py, translate.py, base64dump.py

ISC Diary entry: Obfuscated Maldoc: Reversed BASE64

Comment

November 23, 2021 Didier Stevens

Decrypting Cobalt Strike Metadata Without and With Malleable C2 Instructions

Tools: 1768.py, cs-decrypt-metadata.py

Blog posts: Update: 1768.py Version 0.0.9, Update: cs-decrypt-metadata.py Version 0.0.2

Comment

November 23, 2021 Didier Stevens

Decrypting Cobalt Strike Traffic With Keys Extracted From Process Memory

Tools: 1768.py, cs-extract-key.py, cs-parse-http-traffic.py

ISC diary entry: Decrypting Cobalt Strike Traffic With Keys Extracted From Process Memory

Comment

November 7, 2021 Didier Stevens

Blog at WordPress.com.

Follow Following
- Didier Stevens Videos
- Already have a WordPress.com account? Log in now.