Tools: 1768.py, cs-decrypt-metadata.py
Blog posts: Update: 1768.py Version 0.0.9, Update: cs-decrypt-metadata.py Version 0.0.2
howto
Decrypting Cobalt Strike Traffic With Keys Extracted From Process Memory
Cobalt Strike: Decrypting C2 Traffic With A “Leaked” Private Key
Network capture: 2021-02-02 – QUICK POST: HANCITOR INFECTION WITH FICKER STEALER, COBALT STRIKE, & NETSUPPORT RAT
Tools: cs-decrypt-metadata.py, cs-parse-http-traffic.py, 1768.py
Blog posts: Cobalt Strike: Using Known Private Keys To Decrypt Traffic – Part 1, Cobalt Strike: Using Known Private Keys To Decrypt Traffic – Part 2, Decrypting Cobalt Strike Traffic With a “Leaked” Private Key
CVE-2021-40444 Maldocs: Extracting URLs
Strings Analysis: VBA & Excel4 Maldoc
Tools: CyberChef
Sample: 2013496fe5524988c28357245d684cdca787b47c0b3b16cae20b3222977d769b
ISC Diary Entry: Strings Analysis: VBA & Excel4 Maldoc
Simple Analysis Of A CVE-2021-40444 .docx Document
CyberChef: BASE85 Decoding
ssdeep Python Example Based On My Templates
In this video, I show how to create your own tool based on my Python Templates.
The tool I created is ssdeep.py, essentially a wrapper for the ppdeep Python module.
ssdeep.py allows you to create fuzzy hashes, and compare them.
ssdeep_V0_0_1.zip (https)MD5: 32FD610D858E91BC009845E105ED87C3
SHA256: 02EA18EF0139B54D8A06AA0D3E7E2B0E2934E3675C453759E3DA3CC4F936F0A2
Cobalt Strike & DNS – Part 1
Tools: cs-dns-stager.py, base64dump.py and 1768.py
Capture file: https://www.malware-traffic-analysis.net/2021/05/21/index2.html
ISC diary entry: Video: Cobalt Strike & DNS – Part 1
The Security Toolsmith (NVISO Brown Bag 2021)
At NVISO, we do webinars over lunchtime. We call them “brown bags”.
In this brown bag, I talk about the development of my free, open source tools. As an example, I explain how to make your own tool to analyze ISO files using my templates.
Didier Stevens Videos 