Tools: 1768.py, cs-extract-key.py, cs-parse-http-traffic.py
ISC diary entry: Decrypting Cobalt Strike Traffic With Keys Extracted From Process Memory
my software
Phishing ZIP With Malformed Filename
Tool: zipdump.py
ISC diary entries: Reader Malware: ZIP/HTML Phish, Phishing ZIP With Malformed Filename, Video: Phishing ZIP With Malformed Filename
Cobalt Strike: Decrypting C2 Traffic With A “Leaked” Private Key
Network capture: 2021-02-02 – QUICK POST: HANCITOR INFECTION WITH FICKER STEALER, COBALT STRIKE, & NETSUPPORT RAT
Tools: cs-decrypt-metadata.py, cs-parse-http-traffic.py, 1768.py
Blog posts: Cobalt Strike: Using Known Private Keys To Decrypt Traffic – Part 1, Cobalt Strike: Using Known Private Keys To Decrypt Traffic – Part 2, Decrypting Cobalt Strike Traffic With a “Leaked” Private Key
CVE-2021-40444 Maldocs: Extracting URLs
Simple Analysis Of A CVE-2021-40444 .docx Document
Adding BASE85 To base64dump.py
oledump Cheat Sheet
Cheat sheet: oledump.py Quick Reference
Tool: oledump.py
ISC diary entry: Video: oledump Cheat Sheet
ssdeep Python Example Based On My Templates
In this video, I show how to create your own tool based on my Python Templates.
The tool I created is ssdeep.py, essentially a wrapper for the ppdeep Python module.
ssdeep.py allows you to create fuzzy hashes, and compare them.
ssdeep_V0_0_1.zip (https)MD5: 32FD610D858E91BC009845E105ED87C3
SHA256: 02EA18EF0139B54D8A06AA0D3E7E2B0E2934E3675C453759E3DA3CC4F936F0A2
Cobalt Strike & DNS – Part 1
Tools: cs-dns-stager.py, base64dump.py and 1768.py
Capture file: https://www.malware-traffic-analysis.net/2021/05/21/index2.html
ISC diary entry: Video: Cobalt Strike & DNS – Part 1
The Security Toolsmith (NVISO Brown Bag 2021)
At NVISO, we do webinars over lunchtime. We call them “brown bags”.
In this brown bag, I talk about the development of my free, open source tools. As an example, I explain how to make your own tool to analyze ISO files using my templates.
Didier Stevens Videos 