Tools: 1768.py, cs-decrypt-metadata.py
Blog posts: Update: 1768.py Version 0.0.9, Update: cs-decrypt-metadata.py Version 0.0.2
Decrypting Cobalt Strike Traffic With Keys Extracted From Process Memory
Phishing ZIP With Malformed Filename
Tool: zipdump.py
ISC diary entries: Reader Malware: ZIP/HTML Phish, Phishing ZIP With Malformed Filename, Video: Phishing ZIP With Malformed Filename
Cobalt Strike: Decrypting C2 Traffic With A “Leaked” Private Key
Network capture: 2021-02-02 – QUICK POST: HANCITOR INFECTION WITH FICKER STEALER, COBALT STRIKE, & NETSUPPORT RAT
Tools: cs-decrypt-metadata.py, cs-parse-http-traffic.py, 1768.py
Blog posts: Cobalt Strike: Using Known Private Keys To Decrypt Traffic – Part 1, Cobalt Strike: Using Known Private Keys To Decrypt Traffic – Part 2, Decrypting Cobalt Strike Traffic With a “Leaked” Private Key
CVE-2021-40444 Maldocs: Extracting URLs
Strings Analysis: VBA & Excel4 Maldoc
Tools: CyberChef
Sample: 2013496fe5524988c28357245d684cdca787b47c0b3b16cae20b3222977d769b
ISC Diary Entry: Strings Analysis: VBA & Excel4 Maldoc
Simple Analysis Of A CVE-2021-40444 .docx Document
My YouTube Playlists
I started to create YouTube playlists for my videos.
Didier Stevens Videos 