An aggregator for digital forensics blogs
Next to GitHub repositories DidierStevensSuite and Beta to share my tools, I have now repository AdHoc.
AdHoc is a repository for adhoc scripts: scripts that serve a very specific purpose, and that will most likely not be maintained, maybe just a few cycles.
For example, it contains script excel_brute_force_formula_fill.py, a script that I wrote to try to decode the current Zloader Excel 4 macro maldocs.
This new version brings updates to plugin plugin_biff.py.
This plugin can now produce a CSV list of cell values and formulas (option -c) or a JSON file of values and formulas (option -j).
Cell references are in RC format (row-column), but can also be produced in letters-numbers format (LN, option -r LN).
CSV or JSON output can be piped into my ad-hoc decoding programs.
oledump_V0_0_50.zip (https)
MD5: 30EB6A0E0924E72350B268ADDE4E4EC7
SHA256: 870167AE5576B169EB52572788D04F1FFCEC5C8AFDEBCC59FE3B8B01CBDE6CD9
curl with SSPI feature supports integrated authentication to a proxy: you don’t need to provide credentials.
The command is the following:
curl –proxy proxyname:8080 –proxy-ntlm -U : https://www.didierstevens.com/index.html
This curl command uses a proxy (–proxy) and authenticates to the proxy (–proxy-ntlm) without providing explicit credentials (-U :).
curl will use an SSPI to perform integrated authentication to the proxy. This is explained on curl’s man page:
If you use a Windows SSPI-enabled curl binary and do either Negotiate or NTLM authentication then you can tell curl to select the user name and password from your environment by specifying a single colon with this option: “-U :”.
curl’s SSPI feature can also be used to authenticate to an internal IIS server.
Windows’ build-in curl version supports SSPI. You can use the version option to check if your version of curl supports SSPI:
Quickpost info