Forensic Blogs

An aggregator for digital forensics blogs

by

Overview of Content Published in December

Here is an overview of content I published in December:

Blog posts:

Quickpost: Developing for ESP32 with the Arduino IDE Update: oledump.py Version 0.0.39 Release: strings.py Update: rtfdump.py Version 0.0.9 Update: numbers-to-string.py Version 0.0.6 Update:oledump.py Version 0.0.40 Update: XORSearch Version 1.11.2 Update: numbers-to-string.py Version 0.0.7 New Tool: SimpleEncoder Update: format-bytes.py Version 0.0.7 New Tool: msoffcrypto-crack.py

YouTube videos:

De-DOSfuscation Example

Videoblog posts:

When DOSfuscation Helps… oledump: plugin_ppt CyberChef: BASE64/XOR Recipe Dissecting a CVE-2017-11882 Exploit De-DOSfuscation Example

SANS ISC Diary entries:

Word maldoc: yet another place to hide a command Reader Malware Submission: MHT File Inside a ZIP File Quickie: String Analysis is Still Useful Yet Another DOSfuscation Sample De-DOSfuscation Example Password Protected ZIP with Maldoc KringleCon 2018 Bitcoin “Blacklists” Matryoshka Phish Video: De-DOSfuscation Example Software Crashes: A New Year’s Resolution

by

Overview of Content Published in November

Here is an overview of content I published in November:

Blog posts:

Quickpost: Using pcapy with Npcap on Windows Update: hash.py Version 0.0.6 Update: cut-bytes.py Version 0.0.8 Video: Analyzing PowerPoint Maldocs with oledump Plugin plugin_ppt Quickpost: Compiling 32-bit Static ELF Files on Kali Quickpost: Compiling with Build Tools for Visual Studio 2017

YouTube videos:

oledump: plugin_ppt CyberChef: BASE64/XOR Recipe Dissecting a CVE-2017-11822 Exploit

SANS ISC Diary entries:

Windows Defender’s Sandbox TriJklcj2HIUCheDES decryption failed? Dissecting a CVE-2017-11882 Exploit Video: CyberChef: BASE64/XOR Recipe Wireshark update 2.6.5 available Video: Dissecting a CVE-2017-18822 Exploit (correction: CVE-2017-11822)

by

Overview of Content Published in October

Here is an overview of content I published in October:

Blog posts:

KEIHash: Fingerprinting SSH Release: Python Tool Templates New tool: decompress_rtf.py Update: pdf-parser.py Version 0.6.9 Update: oledump.py Version 0.0.38 Analyzing PowerPoint Maldocs with oledump Plugin plugin_ppt Update: file-magic.py Version 0.0.3 Update: file-magic.py Version 0.0.4 Update: format-bytes.py Version 0.0.6

SANS ISC Diary entries:

Decoding Custom Substitution Encodings with translate.py Developing YARA Rules: a Practical Example YARA: XOR Strings YARA XOR Strings: Some Remarks Maldoc: Once More It’s XOR CyberChef: BASE64/XOR Recipe MSG Files: Compressed RTF Detecting Compressed RTF Maldoc Duplicating PowerShell Prior to Use