Here is an overview of content I published in June: Blog posts: add-admin: Tiny EXE To Add Administrative Account Update: translate.py Version 2.5.8 FalsePositive GitHub Repository VBA Purging YouTube videos: YARA’s BASE64 Strings Videoblog … [Continue Reading]
VBA Purging
VBA code contained in Module Streams is made up of compiled code (PerformanceCache) and source code (CompressedSourceCode). VBA stomping consist in altering or suppressing CompressedSourceCode and leaving the PerformanceCache unchanged: As you can … [Continue Reading]
FalsePositive GitHub Repository
As I’m fed up with Google’s false positives on some of my tools on DidierStevens.com, I’m moving them to a new GitHub repository: FalsePositives. FYI, here is their User Agent String: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US) … [Continue Reading]