Skip to content

Didier Stevens Videos

Search for:

Home
About
count.py

Didier Stevens Videos RSS

RSS - Posts

Search for:

Recent Posts

Decoding Obfuscated BASE64 Statistically
RTF & ms-msdt & Preview Pane
Maldoc .DOCX MSDT Inside Sandbox
Office Protects You From Malicious ISO Files
Method For String Extraction Filtering

Recent Comments

	isodump.py \| Didier… on The Security Toolsmith (NVISO…
	Overview of Content… on Maldoc Analysis With Cybe…
	ZIP(EICAR File), Mem… on EICAR File, Memorized
	Overview of Content… on AutoCAD & VBA
	Overview of Content… on Analyzing .DWG Files With Embe…

Archives

Categories

howto
malware
my software
Networking
Science
technology
Uncategorized
video

Meta

Register
Log in
Entries feed
Comments feed
WordPress.com

Author: Didier Stevens

YARA’s Console Module

Tools: YARA release candidate 1 for version 4.2.0

ISC Diary Entry: YARA’s Console Module

Comment

March 9, 2022March 9, 2022 Didier Stevens

YARA Rules for Office Maldocs

Tools: oledump.py, zipdump.py

ISC diary entries: Simple YARA Rules for Office Maldocs, YARA Rule for OOXML Maldocs: Less False Positives

Comment

November 27, 2021 Didier Stevens

Obfuscated Maldoc: Reversed BASE64

Sample: a9490d94cf547e27dcc0d52dc72e74e7

Tools: oledump.py, zipdump.py, xmldump.py, translate.py, base64dump.py

ISC Diary entry: Obfuscated Maldoc: Reversed BASE64

Comment

November 23, 2021 Didier Stevens

Decrypting Cobalt Strike Metadata Without and With Malleable C2 Instructions

Tools: 1768.py, cs-decrypt-metadata.py

Blog posts: Update: 1768.py Version 0.0.9, Update: cs-decrypt-metadata.py Version 0.0.2

Comment

November 23, 2021 Didier Stevens

Decrypting Cobalt Strike Traffic With Keys Extracted From Process Memory

Tools: 1768.py, cs-extract-key.py, cs-parse-http-traffic.py

ISC diary entry: Decrypting Cobalt Strike Traffic With Keys Extracted From Process Memory

Comment

November 7, 2021 Didier Stevens

Phishing ZIP With Malformed Filename

Tool: zipdump.py

ISC diary entries: Reader Malware: ZIP/HTML Phish, Phishing ZIP With Malformed Filename, Video: Phishing ZIP With Malformed Filename

Comment

October 31, 2021 Didier Stevens

Cobalt Strike: Decrypting C2 Traffic With A “Leaked” Private Key

Network capture: 2021-02-02 – QUICK POST: HANCITOR INFECTION WITH FICKER STEALER, COBALT STRIKE, & NETSUPPORT RAT

Tools: cs-decrypt-metadata.py, cs-parse-http-traffic.py, 1768.py

Blog posts: Cobalt Strike: Using Known Private Keys To Decrypt Traffic – Part 1, Cobalt Strike: Using Known Private Keys To Decrypt Traffic – Part 2, Decrypting Cobalt Strike Traffic With a “Leaked” Private Key

Comment

October 31, 2021 Didier Stevens

CVE-2021-40444 Maldocs: Extracting URLs

Samples: ed2b9e22aef3e545814519151528b2d11a5e73d1b2119c067e672b653ab6855a and 679bbe0c50754853978a3a583505ebb99bce720cf26a6aaf8be06cd879701ff1

Tools: zipdump.py, re-search.py and xmldump.py

ISC diary entry: Simple Analysis Of A CVE-2021-40444 .docx Document

Comment

October 4, 2021 Didier Stevens

Strings Analysis: VBA & Excel4 Maldoc

Tools: CyberChef

Sample: 2013496fe5524988c28357245d684cdca787b47c0b3b16cae20b3222977d769b

ISC Diary Entry: Strings Analysis: VBA & Excel4 Maldoc

Comment

October 2, 2021 Didier Stevens

Simple Analysis Of A CVE-2021-40444 .docx Document

Samples: ed2b9e22aef3e545814519151528b2d11a5e73d1b2119c067e672b653ab6855a and 679bbe0c50754853978a3a583505ebb99bce720cf26a6aaf8be06cd879701ff1

Tools: zipdump.py, re-search.py and xmldump.py

ISC diary entry: Simple Analysis Of A CVE-2021-40444 .docx Document

Comment

September 19, 2021 Didier Stevens

Posts navigation

← Older posts

Newer posts →

Blog at WordPress.com.

Didier Stevens Videos

Blog at WordPress.com.

Follow Following
- Didier Stevens Videos
- Already have a WordPress.com account? Log in now.

Loading Comments...

Write a Comment...

Email (Required)

Name (Required)

Website