Didier Stevens, Author at Forensic Blogs

September 10, 2020 by Didier Stevens

Quickpost: dig On Windows

I found out there’s a dig command for Windows.

I group small tools like this inside a bin folder. But dig relies on a set of DLLs, that should also be in the PATH, so I put them in the same bin folder.

These are the DLLs dig.exe needs:

libbind9.dll libcrypto-1_1-x64.dll libdns.dll libirs.dll libisc.dll libisccfg.dll libuv.dll libxml2.dll

I used procmon on my Win10 machine to figure out which DLLs are needed, as you get no error message (there’s probably a registry setting for that).

I do have a Windows 7 VM, that I can also use to figure out which DLLs are missing because it displays an error message:

And you might also need to install the Visual C redistribuable that is included with the downloaded ZIP:

And now I can run dig from my bin folder:

Quickpost info

September 9, 2020 by Didier Stevens

Quickpost: Downloading Files With Windows Defender & User Agent String

@mohammadaskar2 found out you can use Windows Defender to download arbitrary files. Like this:

"c:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2008.9-0\mpcmdrun.exe" -DownloadFile -url http://didierstevens.com/index.html -path test.html

This command uses MpCommunication as User Agent String:

Quickpost info

September 6, 2020 by Didier Stevens

Overview of Content Published in August

Here is an overview of content I published in August:

Blog posts:

Videos: Defective USB Cable Update: numbers-to-string.py Version 0.0.10 New Tool: XORSearch.py Update: oledump.py 0.0.53

SANS ISC Diary entries:

Small Challenge: A Simple Word Maldoc Small Challenge: A Simple Word Maldoc – Part 2 Wireshark 3.2.6 Released Small Challenge: A Simple Word Maldoc – Part 3 Small Challenge: A Simple Word Maldoc – Part 4 Malicious Excel Sheet with a NULL VT Score: More Info Finding The Original Maldoc