Skip to content

Didier Stevens Videos

  • Home
  • About
  • count.py

Didier Stevens Videos RSS

  • RSS - Posts

Recent Posts

  • Office Protects You From Malicious ISO Files
  • Method For String Extraction Filtering
  • curl, json & jo
  • Maldoc Cleaned by Anti-Virus
  • TShark & Multiple IP Addresses

Recent Comments

isodump.py | Didier… on The Security Toolsmith (NVISO…
Overview of Content… on Maldoc Analysis With Cybe…
ZIP(EICAR File), Mem… on EICAR File, Memorized
Overview of Content… on AutoCAD & VBA
Overview of Content… on Analyzing .DWG Files With Embe…

Archives

  • April 2022
  • March 2022
  • November 2021
  • October 2021
  • September 2021
  • August 2021
  • July 2021
  • June 2021
  • May 2021
  • April 2021
  • March 2021
  • February 2021
  • January 2021
  • December 2020
  • November 2020
  • October 2020
  • July 2020
  • June 2020
  • May 2020
  • April 2020
  • March 2020
  • February 2020
  • January 2020
  • December 2019
  • September 2019
  • July 2019
  • May 2019
  • March 2019
  • February 2019
  • January 2019
  • December 2018
  • September 2018
  • August 2018
  • July 2018
  • June 2018
  • December 2017
  • August 2017
  • July 2017
  • June 2017
  • May 2017
  • April 2017
  • March 2017
  • December 2016
  • November 2016
  • October 2016
  • July 2016
  • May 2016
  • December 2015
  • November 2015
  • October 2015
  • September 2015
  • August 2015
  • July 2015
  • June 2015
  • May 2015
  • April 2015
  • March 2015
  • February 2015
  • January 2015
  • December 2014
  • November 2014
  • October 2014
  • September 2014
  • August 2014
  • July 2014

Categories

  • howto
  • malware
  • my software
  • Networking
  • Science
  • technology
  • Uncategorized
  • video

Meta

  • Register
  • Log in
  • Entries feed
  • Comments feed
  • WordPress.com

my software

Office Protects You From Malicious ISO Files

Tool: zoneidentifier.exe

ISC Diary Entry: Office Protects You From Malicious ISO Files

Comment
April 17, 2022 Didier Stevens

Method For String Extraction Filtering

Tools: zipdump.py, strings.py and myjson-filter.py.

ISC diary entry: Method For String Extraction Filtering

Comment
April 10, 2022April 10, 2022 Didier Stevens

Maldoc Cleaned by Anti-Virus

Tools: oledump.py, OLETemplate.bt, 010 Editor

ISC Diary Entry: Maldoc Cleaned by Anti-Virus

Sample: 0f609e43fa76afd4e2e916acb2ab54cc8fce64750ec372f716b42f34db3da0ce

Comment
March 27, 2022 Didier Stevens

Quick & Dirty Shellcode Analysis – CVE-2017-11882

Tools: oledump.py, xorsearch, scdbg

ISC Diary Entry: A Good Old Equation Editor Vulnerability Delivering Malware

Sample: c82724520ee5ffbcc6ee13c76d004aa903c2f70c93c505df87fe46e5e8cc53a9

Comment
March 9, 2022 Didier Stevens

MSBuild & Cobalt Strike

Tools: base64dump.py, translate.py, 1768.py, pecheck.py

ISC Diary Entry: Attackers are abusing MSBuild to evade defenses and implant Cobalt Strike beacons

Comment
March 9, 2022 Didier Stevens

YARA Rules for Office Maldocs

Tools: oledump.py, zipdump.py

ISC diary entries: Simple YARA Rules for Office Maldocs, YARA Rule for OOXML Maldocs: Less False Positives

Comment
November 27, 2021 Didier Stevens

Obfuscated Maldoc: Reversed BASE64

Sample: a9490d94cf547e27dcc0d52dc72e74e7

Tools: oledump.py, zipdump.py, xmldump.py, translate.py, base64dump.py

ISC Diary entry: Obfuscated Maldoc: Reversed BASE64

Comment
November 23, 2021 Didier Stevens

Decrypting Cobalt Strike Metadata Without and With Malleable C2 Instructions

Tools: 1768.py, cs-decrypt-metadata.py

Blog posts: Update: 1768.py Version 0.0.9, Update: cs-decrypt-metadata.py Version 0.0.2

Comment
November 23, 2021 Didier Stevens

Decrypting Cobalt Strike Traffic With Keys Extracted From Process Memory

Tools: 1768.py, cs-extract-key.py, cs-parse-http-traffic.py

ISC diary entry: Decrypting Cobalt Strike Traffic With Keys Extracted From Process Memory

Comment
November 7, 2021 Didier Stevens

Phishing ZIP With Malformed Filename

Tool: zipdump.py

ISC diary entries: Reader Malware: ZIP/HTML Phish, Phishing ZIP With Malformed Filename, Video: Phishing ZIP With Malformed Filename

Comment
October 31, 2021 Didier Stevens

Posts navigation

← Older posts
Blog at WordPress.com.
Didier Stevens Videos
Blog at WordPress.com.
  • Follow Following
    • Didier Stevens Videos
    • Already have a WordPress.com account? Log in now.
    • Didier Stevens Videos
    • Customize
    • Follow Following
    • Sign up
    • Log in
    • Report this content
    • View site in Reader
    • Manage subscriptions
    • Collapse this bar
 

Loading Comments...