Skip to content

Didier Stevens Videos

Search for:

Home
About
count.py

Didier Stevens Videos RSS

RSS - Posts

Search for:

Recent Posts

Grep & Tail -f With Notepad++
Analyzing Obfuscated VBS with CyberChef
An Obfuscated Beacon – Extra XOR Layer
VBA Maldoc & UTF7 (APT-C-35)
James Webb JPEG With Malware

Recent Comments

	Mike Michalko on James Webb JPEG With Malw…
	isodump.py \| Didier… on The Security Toolsmith (NVISO…
	Overview of Content… on Maldoc Analysis With Cybe…
	ZIP(EICAR File), Mem… on EICAR File, Memorized
	Overview of Content… on AutoCAD & VBA

Archives

Categories

howto
malware
my software
Networking
Science
technology
Uncategorized
video

Meta

Register
Log in
Entries feed
Comments feed
WordPress.com

malware

Analyzing Obfuscated VBS with CyberChef

Tools: zipdump.py, CyberChef

ISC diary entry: “Analyzing Obfuscated VBS with CyberChef“

Sample: malwarebazaar

Comment

September 17, 2022 Didier Stevens

An Obfuscated Beacon – Extra XOR Layer

Tools: 1768.py, xor-kpa.py, pecheck.py, translate.py, strings.py

Diary entry: Analysis of an Encoded Cobalt Strike Beacon

Sample: e652ee076aded6b2c8b4e3e8ee83ed9423019d0a9aacbd38837d251191972bef

Comment

September 6, 2022 Didier Stevens

VBA Maldoc & UTF7 (APT-C-35)

Tools: oledump.py, re-search.py, hex-to-bin.py, translate.py, xorsearch, strings.py

Diary entries: “VBA Maldoc & UTF7 (APT-C-35)“, “Update: VBA Maldoc & UTF7 (APT-C-35)“

Sample: 394c97cc9d567e556a357f129aea03f737cbd2a1761df32146ef69d93afc73dc, MalwareBazaar

Comment

September 4, 2022September 9, 2022 Didier Stevens

James Webb JPEG With Malware

Tools: jpegdump.py, base64dump.py, pecheck.py, headtail.py

ISC diary entry: James Webb JPEG With Malware

Sample: 3bdf6d9f0f35be75d8345d897ec838ae231ba01ae898f6d0c8f920ff4061fc22, MalwareBazaar

1 Comment

September 3, 2022 Didier Stevens

1768.py’s Sanity Check

Tools: 1768.py

Comment

August 28, 2022 Didier Stevens

Maldoc: non-ASCII VBA Identifiers

Tools: oledump.py

Sample: f0deca3a062a057b45bd075aef290b9bd88180c4f72743c29907dc3b934121d8

ISC diary entry: Maldoc: non-ASCII VBA Identifiers

Comment

July 24, 2022 Didier Stevens

Decoding Obfuscated BASE64 Statistically

Sample: 402a722d58368018ffb78eda78280a3f1e6346dd8996b4e4cd442f30e429a5cf

Tools: strings.py, base64dump.py, re-search.py, byte-stats.py

ISC Diary Entry: Decoding Obfuscated BASE64 Statistically

Comment

June 18, 2022 Didier Stevens

RTF & ms-msdt & Preview Pane

Tools: rtfdump.py, oledump.py, olemake.py (private tool, not available for download)

Comment

June 18, 2022 Didier Stevens

Maldoc .DOCX MSDT Inside Sandbox

This was a quick recording without microphone.

Comment

June 18, 2022 Didier Stevens

Office Protects You From Malicious ISO Files

Tool: zoneidentifier.exe

ISC Diary Entry: Office Protects You From Malicious ISO Files

Comment

April 17, 2022 Didier Stevens

Posts navigation

← Older posts

Blog at WordPress.com.

Didier Stevens Videos

Blog at WordPress.com.

Follow Following
- Didier Stevens Videos
- Already have a WordPress.com account? Log in now.

Loading Comments...

Write a Comment...

Email (Required)

Name (Required)

Website