Skip to content

Didier Stevens Videos

Search for:

Home
About
count.py

Didier Stevens Videos RSS

RSS - Posts

Search for:

Recent Posts

Reversing A Network Protocol
Extracting Information From “logfmt” Files With CyberChef
PNG + mimikatz.exe
PNG Analysis
Analysis of a Malicious HTML File (QBot)

Recent Comments

	Mike Michalko on James Webb JPEG With Malw…
	isodump.py \| Didier… on The Security Toolsmith (NVISO…
	Overview of Content… on Maldoc Analysis With Cybe…
	ZIP(EICAR File), Mem… on EICAR File, Memorized
	Overview of Content… on AutoCAD & VBA

Archives

Categories

howto
malware
my software
Networking
Science
technology
Uncategorized
video

Meta

Create account
Log in
Entries feed
Comments feed
WordPress.com

howto

Maldoc: non-ASCII VBA Identifiers

Tools: oledump.py

Sample: f0deca3a062a057b45bd075aef290b9bd88180c4f72743c29907dc3b934121d8

ISC diary entry: Maldoc: non-ASCII VBA Identifiers

Comment

July 24, 2022 Didier Stevens

Decoding Obfuscated BASE64 Statistically

Sample: 402a722d58368018ffb78eda78280a3f1e6346dd8996b4e4cd442f30e429a5cf

Tools: strings.py, base64dump.py, re-search.py, byte-stats.py

ISC Diary Entry: Decoding Obfuscated BASE64 Statistically

Comment

June 18, 2022 Didier Stevens

Method For String Extraction Filtering

Tools: zipdump.py, strings.py and myjson-filter.py.

ISC diary entry: Method For String Extraction Filtering

Comment

April 10, 2022April 10, 2022 Didier Stevens

curl, json & jo

ISC diary entries: curl 7.82.0 Adds –json Option, jo

Comment

April 10, 2022 Didier Stevens

Maldoc Cleaned by Anti-Virus

Tools: oledump.py, OLETemplate.bt, 010 Editor

ISC Diary Entry: Maldoc Cleaned by Anti-Virus

Sample: 0f609e43fa76afd4e2e916acb2ab54cc8fce64750ec372f716b42f34db3da0ce

Comment

March 27, 2022 Didier Stevens

Quick & Dirty Shellcode Analysis – CVE-2017-11882

Tools: oledump.py, xorsearch, scdbg

ISC Diary Entry: A Good Old Equation Editor Vulnerability Delivering Malware

Sample: c82724520ee5ffbcc6ee13c76d004aa903c2f70c93c505df87fe46e5e8cc53a9

Comment

March 9, 2022 Didier Stevens

MSBuild & Cobalt Strike

Tools: base64dump.py, translate.py, 1768.py, pecheck.py

ISC Diary Entry: Attackers are abusing MSBuild to evade defenses and implant Cobalt Strike beacons

Comment

March 9, 2022 Didier Stevens

YARA’s Console Module

Tools: YARA release candidate 1 for version 4.2.0

ISC Diary Entry: YARA’s Console Module

Comment

March 9, 2022March 9, 2022 Didier Stevens

YARA Rules for Office Maldocs

Tools: oledump.py, zipdump.py

ISC diary entries: Simple YARA Rules for Office Maldocs, YARA Rule for OOXML Maldocs: Less False Positives

Comment

November 27, 2021 Didier Stevens

Obfuscated Maldoc: Reversed BASE64

Sample: a9490d94cf547e27dcc0d52dc72e74e7

Tools: oledump.py, zipdump.py, xmldump.py, translate.py, base64dump.py

ISC Diary entry: Obfuscated Maldoc: Reversed BASE64

Comment

November 23, 2021 Didier Stevens

Posts navigation

← Older posts

Newer posts →

Blog at WordPress.com.

Didier Stevens Videos

Blog at WordPress.com.

Subscribe Subscribed
- Didier Stevens Videos
- Already have a WordPress.com account? Log in now.

Loading Comments...

Write a Comment...

Email (Required)

Name (Required)

Website