Skip to content

Didier Stevens Videos

Search for:

Home
About
count.py

Didier Stevens Videos RSS

RSS - Posts

Search for:

Recent Posts

Simple Analysis Of A CVE-2021-40444 .docx Document
My YouTube Playlists
CyberChef: BASE85 Decoding
Adding BASE85 To base64dump.py
oledump Cheat Sheet

Recent Comments

	isodump.py \| Didier… on The Security Toolsmith (NVISO…
	Overview of Content… on Maldoc Analysis With Cybe…
	ZIP(EICAR File), Mem… on EICAR File, Memorized
	Overview of Content… on AutoCAD & VBA
	Overview of Content… on Analyzing .DWG Files With Embe…

Archives

Categories

howto
malware
my software
Science
technology
Uncategorized
video

Meta

Register
Log in
Entries feed
Comments feed
WordPress.com

Author: Didier Stevens

Decoding Cobalt Strike Traffic

Tools: parse-cs-http-traffic.py, 1768.py, pecheck.py and pybeacon.

ISC diary entry: Decoding Cobalt Strike Traffic

Comment

April 18, 2021April 18, 2021 Didier Stevens

YARA and CyberChef: ZIP

Tools: CyberChef.

ISC diary entry: YARA and CyberChef: ZIP

Comment

April 18, 2021 Didier Stevens

YARA and CyberChef

Tools: CyberChef.

ISC diary entry: YARA and CyberChef

Comment

April 18, 2021April 18, 2021 Didier Stevens

Finding Metasploit & Cobalt Strike URLs

Tools: metatool.py.

ISC diary entry: Finding Metasploit & Cobalt Strike URLs

Comment

March 21, 2021 Didier Stevens

oledump and YARA DDE Rules

Tools: oledump.py, YARA.

NVISO blog post: Detecting DDE in MS Office documents

ISC diary entry: DDE and oledump

Comment

February 21, 2021 Didier Stevens

tshark & Malware Analysis

Tools: Wireshark, base64dump.py, 1768.py.

ISC diary entry: Video: tshark & Malware Analysis

Comment

February 15, 2021 Didier Stevens

pdftool.py: Incremental Updates

Tool: pdftool.py

Blog posts: Solving a Little PDF Puzzle, Shoulder Surfing a Malicious PDF Author, New Tool: pdftool.py.

Comment

January 30, 2021January 31, 2021 Didier Stevens

Decoding a Payload Using a Dynamic XOR Key

Tool: XORSelection.1sc

Sample: 8f4654952833b7d7b7db02ca7cb6c2f6cb9c3c545dc51124b0f18588b3c4e1c0

Blog post: Update: XORSelection.1sc Version 6.0

If you want to skip the part explaining my script XORSelection, you can jump directly to the dynamic XOR-key explanation.

Comment

January 27, 2021January 28, 2021 Didier Stevens

Doc & RTF Malicious Document

Tools: strings.py, oledump.py, zipdump.py, re-search.py, rtfdump.py and shellcode emulator scdbg.

Samples: f84b3a056abcbcfd5976afe8776a35c5894b379e65c411ddc421941d3a2a4b8b, 5c3d12b29a1bb9fb775bb6d862a32ae8e89af943b6337c71fe2268dee70055e9

ISC diary entry: Doc & RTF Malicious Document

Comment

January 26, 2021 Didier Stevens

CyberChef: Analyzing OOXML Files for URLs

Tools: CyberChef

CyberChef Recipe: here

Sample: f84b3a056abcbcfd5976afe8776a35c5894b379e65c411ddc421941d3a2a4b8b

ISC diary entry: Doc & RTF Malicious Document

Comment

January 22, 2021January 22, 2021 Didier Stevens

Posts navigation

← Older posts

Newer posts →

Blog at WordPress.com.

Didier Stevens Videos

Blog at WordPress.com.

Loading Comments...

Write a Comment...

Email (Required)

Name (Required)

Website