Skip to content

Didier Stevens Videos

  • Home
  • About
  • count.py

Didier Stevens Videos RSS

  • RSS - Posts

Recent Posts

  • oledump and YARA DDE Rules
  • tshark & Malware Analysis
  • pdftool.py: Incremental Updates
  • Decoding a Payload Using a Dynamic XOR Key
  • Doc & RTF Malicious Document

Recent Comments

Overview of Content… on Maldoc Analysis With Cybe…
ZIP(EICAR File), Mem… on EICAR File, Memorized
Overview of Content… on AutoCAD & VBA
Overview of Content… on Analyzing .DWG Files With Embe…
Overview of Content… on Encrypted Sextortion PDFs

Archives

  • February 2021
  • January 2021
  • December 2020
  • November 2020
  • October 2020
  • July 2020
  • June 2020
  • May 2020
  • April 2020
  • March 2020
  • February 2020
  • January 2020
  • December 2019
  • September 2019
  • July 2019
  • May 2019
  • March 2019
  • February 2019
  • January 2019
  • December 2018
  • September 2018
  • August 2018
  • July 2018
  • June 2018
  • December 2017
  • August 2017
  • July 2017
  • June 2017
  • May 2017
  • April 2017
  • March 2017
  • December 2016
  • November 2016
  • October 2016
  • July 2016
  • May 2016
  • December 2015
  • November 2015
  • October 2015
  • September 2015
  • August 2015
  • July 2015
  • June 2015
  • May 2015
  • April 2015
  • March 2015
  • February 2015
  • January 2015
  • December 2014
  • November 2014
  • October 2014
  • September 2014
  • August 2014
  • July 2014

Categories

  • howto
  • malware
  • my software
  • Science
  • technology
  • Uncategorized
  • video

Meta

  • Register
  • Log in
  • Entries feed
  • Comments feed
  • WordPress.com

my software

oledump and YARA DDE Rules

Tools: oledump.py, YARA.

NVISO blog post: Detecting DDE in MS Office documents

ISC diary entry: DDE and oledump

Comment
February 21, 2021 Didier Stevens

tshark & Malware Analysis

Tools: Wireshark, base64dump.py, 1768.py.

ISC diary entry: Video: tshark & Malware Analysis

Comment
February 15, 2021 Didier Stevens

pdftool.py: Incremental Updates

Tool: pdftool.py

Blog posts: Solving a Little PDF Puzzle, Shoulder Surfing a Malicious PDF Author, New Tool: pdftool.py.

Comment
January 30, 2021January 31, 2021 Didier Stevens

Decoding a Payload Using a Dynamic XOR Key

Tool: XORSelection.1sc

Sample: 8f4654952833b7d7b7db02ca7cb6c2f6cb9c3c545dc51124b0f18588b3c4e1c0

Blog post: Update: XORSelection.1sc Version 6.0

If you want to skip the part explaining my script XORSelection, you can jump directly to the dynamic XOR-key explanation.

Comment
January 27, 2021January 28, 2021 Didier Stevens

Doc & RTF Malicious Document

Tools: strings.py, oledump.py, zipdump.py, re-search.py, rtfdump.py and shellcode emulator scdbg.

Samples: f84b3a056abcbcfd5976afe8776a35c5894b379e65c411ddc421941d3a2a4b8b, 5c3d12b29a1bb9fb775bb6d862a32ae8e89af943b6337c71fe2268dee70055e9

ISC diary entry: Doc & RTF Malicious Document

Comment
January 26, 2021 Didier Stevens

Inspecting Process Explorer Traffic With Fiddler

Tools: Fiddler, Process Explorer

ISC diary entry: Heads-up: VirusTotal Functionality in Sysinternals Tools Not Working

Comment
December 21, 2020 Didier Stevens

Analyzing FireEye Maldocs

Tools: oledump.py, numbers-to-string.py

Sample: 41b70737fa8dda75d5e95c82699c2e9b

ISC diary entry: Analyzing FireEye Maldocs

 

Comment
December 20, 2020 Didier Stevens

oledump Indicators

Tools: oledump.py

Blog post: oledump Indicators

Comment
November 30, 2020November 30, 2020 Didier Stevens

Decrypting With translate.py

Tools: base64dump.py, translate.py

Blog post: Decrypting With translate.py

ISC diary entry: Decrypting PowerShell Payloads (video)

Example script: https://pastebin.com/QUGiWTHj

 

Comment
November 30, 2020 Didier Stevens

strings.py: Pascal Strings

Blog post: Update: oledump.py Version 0.0.54

ISC Diary Entry: Video: Pascal Strings

Comment
October 24, 2020October 25, 2020 Didier Stevens

Posts navigation

← Older posts
Blog at WordPress.com.
Didier Stevens Videos
Blog at WordPress.com.
Cancel

 
Loading Comments...
Comment
    ×