Blog post: Quickpost: Using My Bash Bunny To “Snag Creds From A Locked Machine”
oledump & YARA
Tools: oledump.py.
Maldoc Deobfuscation: Plugin sub-str
cut-bytes.py & Here Documents
Tools: cut-bytes.py.
Maldoc Deobfuscation: Character Removal
ISC Diary entry: Another example of maldoc string obfuscation, with extra bonus: UAC bypass
Tools: oledump.py, re-search.py and sets.py.
Sample: 7dff363557f711a92216da9e9af3bb1f
sets.py
Blog post: New Tool: sets.py
Sleeping VBS Really Wants To Sleep
ISC Diary entry: Sleeping VBS Really Wants To Sleep
Tools: oledump.py
Sample: 7EAB96D2BC04CA155DE035815B88EE00
