Didier Stevens Videos

Search for:

Home
About
count.py

Didier Stevens Videos RSS

RSS - Posts

Search for:

my software

Lua CSV Wireshark Dissector

Tools: csv_dissector_V0_0_2.zip.

Blog post: Lua CSV Wireshark Dissector

Comment

April 20, 2021 Didier Stevens

Decoding Cobalt Strike Traffic

Tools: parse-cs-http-traffic.py, 1768.py, pecheck.py and pybeacon.

ISC diary entry: Decoding Cobalt Strike Traffic

Comment

April 18, 2021April 18, 2021 Didier Stevens

Finding Metasploit & Cobalt Strike URLs

Tools: metatool.py.

ISC diary entry: Finding Metasploit & Cobalt Strike URLs

Comment

March 21, 2021 Didier Stevens

oledump and YARA DDE Rules

Tools: oledump.py, YARA.

NVISO blog post: Detecting DDE in MS Office documents

ISC diary entry: DDE and oledump

Comment

February 21, 2021 Didier Stevens

tshark & Malware Analysis

Tools: Wireshark, base64dump.py, 1768.py.

ISC diary entry: Video: tshark & Malware Analysis

Comment

February 15, 2021 Didier Stevens

pdftool.py: Incremental Updates

Tool: pdftool.py

Blog posts: Solving a Little PDF Puzzle, Shoulder Surfing a Malicious PDF Author, New Tool: pdftool.py.

Comment

January 30, 2021January 31, 2021 Didier Stevens

Decoding a Payload Using a Dynamic XOR Key

Tool: XORSelection.1sc

Sample: 8f4654952833b7d7b7db02ca7cb6c2f6cb9c3c545dc51124b0f18588b3c4e1c0

Blog post: Update: XORSelection.1sc Version 6.0

If you want to skip the part explaining my script XORSelection, you can jump directly to the dynamic XOR-key explanation.

Comment

January 27, 2021January 28, 2021 Didier Stevens

Doc & RTF Malicious Document

Tools: strings.py, oledump.py, zipdump.py, re-search.py, rtfdump.py and shellcode emulator scdbg.

Samples: f84b3a056abcbcfd5976afe8776a35c5894b379e65c411ddc421941d3a2a4b8b, 5c3d12b29a1bb9fb775bb6d862a32ae8e89af943b6337c71fe2268dee70055e9

ISC diary entry: Doc & RTF Malicious Document

Comment

January 26, 2021 Didier Stevens

Inspecting Process Explorer Traffic With Fiddler

Tools: Fiddler, Process Explorer

ISC diary entry: Heads-up: VirusTotal Functionality in Sysinternals Tools Not Working

Comment

December 21, 2020 Didier Stevens

Analyzing FireEye Maldocs

Tools: oledump.py, numbers-to-string.py

Sample: 41b70737fa8dda75d5e95c82699c2e9b

ISC diary entry: Analyzing FireEye Maldocs

Comment

December 20, 2020 Didier Stevens

Posts navigation

← Older posts

Newer posts →

Blog at WordPress.com.

Didier Stevens Videos

Blog at WordPress.com.

Subscribe Subscribed
- Didier Stevens Videos
- Already have a WordPress.com account? Log in now.

	Mike Michalko on James Webb JPEG With Malw…
	isodump.py \| Didier… on The Security Toolsmith (NVISO…
	Overview of Content… on Maldoc Analysis With Cybe…
	ZIP(EICAR File), Mem… on EICAR File, Memorized
	Overview of Content… on AutoCAD & VBA