Skip to content

Didier Stevens Videos

  • Home
  • About
  • count.py

Didier Stevens Videos RSS

  • RSS - Posts

Recent Posts

  • oledump and YARA DDE Rules
  • tshark & Malware Analysis
  • pdftool.py: Incremental Updates
  • Decoding a Payload Using a Dynamic XOR Key
  • Doc & RTF Malicious Document

Recent Comments

Overview of Content… on Maldoc Analysis With Cybe…
ZIP(EICAR File), Mem… on EICAR File, Memorized
Overview of Content… on AutoCAD & VBA
Overview of Content… on Analyzing .DWG Files With Embe…
Overview of Content… on Encrypted Sextortion PDFs

Archives

  • February 2021
  • January 2021
  • December 2020
  • November 2020
  • October 2020
  • July 2020
  • June 2020
  • May 2020
  • April 2020
  • March 2020
  • February 2020
  • January 2020
  • December 2019
  • September 2019
  • July 2019
  • May 2019
  • March 2019
  • February 2019
  • January 2019
  • December 2018
  • September 2018
  • August 2018
  • July 2018
  • June 2018
  • December 2017
  • August 2017
  • July 2017
  • June 2017
  • May 2017
  • April 2017
  • March 2017
  • December 2016
  • November 2016
  • October 2016
  • July 2016
  • May 2016
  • December 2015
  • November 2015
  • October 2015
  • September 2015
  • August 2015
  • July 2015
  • June 2015
  • May 2015
  • April 2015
  • March 2015
  • February 2015
  • January 2015
  • December 2014
  • November 2014
  • October 2014
  • September 2014
  • August 2014
  • July 2014

Categories

  • howto
  • malware
  • my software
  • Science
  • technology
  • Uncategorized
  • video

Meta

  • Register
  • Log in
  • Entries feed
  • Comments feed
  • WordPress.com

malware

oledump and YARA DDE Rules

Tools: oledump.py, YARA.

NVISO blog post: Detecting DDE in MS Office documents

ISC diary entry: DDE and oledump

Comment
February 21, 2021 Didier Stevens

tshark & Malware Analysis

Tools: Wireshark, base64dump.py, 1768.py.

ISC diary entry: Video: tshark & Malware Analysis

Comment
February 15, 2021 Didier Stevens

Decoding a Payload Using a Dynamic XOR Key

Tool: XORSelection.1sc

Sample: 8f4654952833b7d7b7db02ca7cb6c2f6cb9c3c545dc51124b0f18588b3c4e1c0

Blog post: Update: XORSelection.1sc Version 6.0

If you want to skip the part explaining my script XORSelection, you can jump directly to the dynamic XOR-key explanation.

Comment
January 27, 2021January 28, 2021 Didier Stevens

Doc & RTF Malicious Document

Tools: strings.py, oledump.py, zipdump.py, re-search.py, rtfdump.py and shellcode emulator scdbg.

Samples: f84b3a056abcbcfd5976afe8776a35c5894b379e65c411ddc421941d3a2a4b8b, 5c3d12b29a1bb9fb775bb6d862a32ae8e89af943b6337c71fe2268dee70055e9

ISC diary entry: Doc & RTF Malicious Document

Comment
January 26, 2021 Didier Stevens

CyberChef: Analyzing OOXML Files for URLs

Tools: CyberChef

CyberChef Recipe: here

Sample: f84b3a056abcbcfd5976afe8776a35c5894b379e65c411ddc421941d3a2a4b8b

ISC diary entry: Doc & RTF Malicious Document

 

Comment
January 22, 2021January 22, 2021 Didier Stevens

Maldoc Analysis With CyberChef

Tools: CyberChef

Sample: 969ff75448ea54feccc0d5f652e00172af8e1848352e9a5877d705fc97fa0238

ISC diary entry: Maldoc Analysis With CyberChef

1 Comment
January 10, 2021 Didier Stevens

Analyzing FireEye Maldocs

Tools: oledump.py, numbers-to-string.py

Sample: 41b70737fa8dda75d5e95c82699c2e9b

ISC diary entry: Analyzing FireEye Maldocs

 

Comment
December 20, 2020 Didier Stevens

Decrypting With translate.py

Tools: base64dump.py, translate.py

Blog post: Decrypting With translate.py

ISC diary entry: Decrypting PowerShell Payloads (video)

Example script: https://pastebin.com/QUGiWTHj

 

Comment
November 30, 2020 Didier Stevens

Cracking Maldoc VBA Project Passwords

Tools: oledump.py

Blog post: Cracking VBA Project Passwords

ISC Diary Entry: Cracking Maldoc VBA Project Passwords

Comment
July 24, 2020July 31, 2020 Didier Stevens

YARA’s BASE64 Strings

ISC Diary Entry: YARA’s BASE64 Strings

Comment
July 2, 2020July 1, 2020 Didier Stevens

Posts navigation

← Older posts
Blog at WordPress.com.
Didier Stevens Videos
Blog at WordPress.com.
Cancel

 
Loading Comments...
Comment
    ×