Skip to content

Didier Stevens Videos

Search for:

Home
About
count.py

Didier Stevens Videos RSS

RSS - Posts

Search for:

Recent Posts

Office Protects You From Malicious ISO Files
Method For String Extraction Filtering
curl, json & jo
Maldoc Cleaned by Anti-Virus
TShark & Multiple IP Addresses

Recent Comments

	isodump.py \| Didier… on The Security Toolsmith (NVISO…
	Overview of Content… on Maldoc Analysis With Cybe…
	ZIP(EICAR File), Mem… on EICAR File, Memorized
	Overview of Content… on AutoCAD & VBA
	Overview of Content… on Analyzing .DWG Files With Embe…

Archives

Categories

howto
malware
my software
Networking
Science
technology
Uncategorized
video

Meta

Register
Log in
Entries feed
Comments feed
WordPress.com

my software

Office Protects You From Malicious ISO Files

Tool: zoneidentifier.exe

ISC Diary Entry: Office Protects You From Malicious ISO Files

Comment

April 17, 2022 Didier Stevens

Method For String Extraction Filtering

Tools: zipdump.py, strings.py and myjson-filter.py.

ISC diary entry: Method For String Extraction Filtering

Comment

April 10, 2022April 10, 2022 Didier Stevens

Maldoc Cleaned by Anti-Virus

Tools: oledump.py, OLETemplate.bt, 010 Editor

ISC Diary Entry: Maldoc Cleaned by Anti-Virus

Sample: 0f609e43fa76afd4e2e916acb2ab54cc8fce64750ec372f716b42f34db3da0ce

Comment

March 27, 2022 Didier Stevens

Quick & Dirty Shellcode Analysis – CVE-2017-11882

Tools: oledump.py, xorsearch, scdbg

ISC Diary Entry: A Good Old Equation Editor Vulnerability Delivering Malware

Sample: c82724520ee5ffbcc6ee13c76d004aa903c2f70c93c505df87fe46e5e8cc53a9

Comment

March 9, 2022 Didier Stevens

MSBuild & Cobalt Strike

Tools: base64dump.py, translate.py, 1768.py, pecheck.py

ISC Diary Entry: Attackers are abusing MSBuild to evade defenses and implant Cobalt Strike beacons

Comment

March 9, 2022 Didier Stevens

YARA Rules for Office Maldocs

Tools: oledump.py, zipdump.py

ISC diary entries: Simple YARA Rules for Office Maldocs, YARA Rule for OOXML Maldocs: Less False Positives

Comment

November 27, 2021 Didier Stevens

Obfuscated Maldoc: Reversed BASE64

Sample: a9490d94cf547e27dcc0d52dc72e74e7

Tools: oledump.py, zipdump.py, xmldump.py, translate.py, base64dump.py

ISC Diary entry: Obfuscated Maldoc: Reversed BASE64

Comment

November 23, 2021 Didier Stevens

Decrypting Cobalt Strike Metadata Without and With Malleable C2 Instructions

Tools: 1768.py, cs-decrypt-metadata.py

Blog posts: Update: 1768.py Version 0.0.9, Update: cs-decrypt-metadata.py Version 0.0.2

Comment

November 23, 2021 Didier Stevens

Decrypting Cobalt Strike Traffic With Keys Extracted From Process Memory

Tools: 1768.py, cs-extract-key.py, cs-parse-http-traffic.py

ISC diary entry: Decrypting Cobalt Strike Traffic With Keys Extracted From Process Memory

Comment

November 7, 2021 Didier Stevens

Phishing ZIP With Malformed Filename

Tool: zipdump.py

ISC diary entries: Reader Malware: ZIP/HTML Phish, Phishing ZIP With Malformed Filename, Video: Phishing ZIP With Malformed Filename

Comment

October 31, 2021 Didier Stevens

Posts navigation

← Older posts

Blog at WordPress.com.

Didier Stevens Videos

Blog at WordPress.com.

Follow Following
- Didier Stevens Videos
- Already have a WordPress.com account? Log in now.

Loading Comments...

Write a Comment...

Email (Required)

Name (Required)

Website