Skip to content

Didier Stevens Videos

Search for:

Home
About
count.py

Didier Stevens Videos RSS

RSS - Posts

Search for:

Recent Posts

The Security Toolsmith (NVISO Brown Bag 2021)
Lua CSV Wireshark Dissector
Decoding Cobalt Strike Traffic
YARA and CyberChef: ZIP
YARA and CyberChef

Recent Comments

	isodump.py \| Didier… on The Security Toolsmith (NVISO…
	Overview of Content… on Maldoc Analysis With Cybe…
	ZIP(EICAR File), Mem… on EICAR File, Memorized
	Overview of Content… on AutoCAD & VBA
	Overview of Content… on Analyzing .DWG Files With Embe…

Archives

Categories

howto
malware
my software
Science
technology
Uncategorized
video

Meta

Register
Log in
Entries feed
Comments feed
WordPress.com

malware

Decoding Cobalt Strike Traffic

Tools: parse-cs-http-traffic.py, 1768.py, pecheck.py and pybeacon.

ISC diary entry: Decoding Cobalt Strike Traffic

Comment

April 18, 2021April 18, 2021 Didier Stevens

Finding Metasploit & Cobalt Strike URLs

Tools: metatool.py.

ISC diary entry: Finding Metasploit & Cobalt Strike URLs

Comment

March 21, 2021 Didier Stevens

oledump and YARA DDE Rules

Tools: oledump.py, YARA.

NVISO blog post: Detecting DDE in MS Office documents

ISC diary entry: DDE and oledump

Comment

February 21, 2021 Didier Stevens

tshark & Malware Analysis

Tools: Wireshark, base64dump.py, 1768.py.

ISC diary entry: Video: tshark & Malware Analysis

Comment

February 15, 2021 Didier Stevens

Decoding a Payload Using a Dynamic XOR Key

Tool: XORSelection.1sc

Sample: 8f4654952833b7d7b7db02ca7cb6c2f6cb9c3c545dc51124b0f18588b3c4e1c0

Blog post: Update: XORSelection.1sc Version 6.0

If you want to skip the part explaining my script XORSelection, you can jump directly to the dynamic XOR-key explanation.

Comment

January 27, 2021January 28, 2021 Didier Stevens

Doc & RTF Malicious Document

Tools: strings.py, oledump.py, zipdump.py, re-search.py, rtfdump.py and shellcode emulator scdbg.

Samples: f84b3a056abcbcfd5976afe8776a35c5894b379e65c411ddc421941d3a2a4b8b, 5c3d12b29a1bb9fb775bb6d862a32ae8e89af943b6337c71fe2268dee70055e9

ISC diary entry: Doc & RTF Malicious Document

Comment

January 26, 2021 Didier Stevens

CyberChef: Analyzing OOXML Files for URLs

Tools: CyberChef

CyberChef Recipe: here

Sample: f84b3a056abcbcfd5976afe8776a35c5894b379e65c411ddc421941d3a2a4b8b

ISC diary entry: Doc & RTF Malicious Document

Comment

January 22, 2021January 22, 2021 Didier Stevens

Maldoc Analysis With CyberChef

Tools: CyberChef

Sample: 969ff75448ea54feccc0d5f652e00172af8e1848352e9a5877d705fc97fa0238

ISC diary entry: Maldoc Analysis With CyberChef

1 Comment

January 10, 2021 Didier Stevens

Analyzing FireEye Maldocs

Tools: oledump.py, numbers-to-string.py

Sample: 41b70737fa8dda75d5e95c82699c2e9b

ISC diary entry: Analyzing FireEye Maldocs

Comment

December 20, 2020 Didier Stevens

Decrypting With translate.py

Tools: base64dump.py, translate.py

Blog post: Decrypting With translate.py

ISC diary entry: Decrypting PowerShell Payloads (video)

Example script: https://pastebin.com/QUGiWTHj

Comment

November 30, 2020 Didier Stevens

Posts navigation

← Older posts

Blog at WordPress.com.

Didier Stevens Videos

Blog at WordPress.com.

Email (Required)

Name (Required)

Website

Loading Comments...

Comment

×