Author: Didier Stevens
YARA Registry Scanner
RegistryScanner-beta.zip (https)
MD5: 5D05A681A5F3C51B61EE1D73BF76286B
SHA256: 6117206A039DA6248167506EA7AC42262F2AF58D2864EF11AEF433C77397D5FF
oledump With Plugins: Malicious Word Document Analysis
oledump_V0_0_2.zip (https)
MD5: B493FAB9AC85749D49C4E1843BE19961
SHA256: 27386E61E0B4744EB9363040649B53488DA9139B7C33AFAC6E329F8C777DAD1B
Excel: Privilege Escalation (CVE-2014-4113 MS14-058) & Mimikatz
Excel: Example of Privilege Escalation – CVE-2014-4113 MS14-058
Malicious Word Document Analysis
I’m showing how to analyze a malicious Word document (macro malware) without Microsoft technology.
Here is the regular expression I used: “((ChrW\(\d+\)(\s*&\s*)?)+)”.
Cisco ROMMON Priv Mode
Showing on a Cisco IOS router how to break into ROMMON, goto to priv mode, dump and alter memory and cause a system crash.
PDF Creation – Public Tools
As a preview to an upcoming video on creating PDFs with my private tools, here is a video showing my public tools.
count.py
A tool to count.
count_v0_1_0.zip (https)
MD5: B96B5ECF9361D44D9366071C9C07FF86
SHA256: 102F346529F34C0EF932ADC3D3CF003ADBA2DFCD8BCE23DBF36425A555345DB5
oledump.py beta
After Tweeting about a new tool I’m working on to analyze MS Office files, some people expressed interest in testing the tool. So here is a beta.
oledump-beta.zip (https)
MD5: 6B2F81410C9DB409E55A05AEB2E8342B
SHA256: E80244C87E11E516F5D7245224828BA15C4079EFE16582FE785D6E307C04B657
Didier Stevens Videos 