Forensic Blogs

An aggregator for digital forensics blogs

by

Overview of Content Published in April

Here is an overview of content I published in April:

Blog posts:

list-interfaces.xlsm Quickpost: Browsers & Content-Disposition Extracting “Stack Strings” from Shellcode Update: translate.py Version 2.5.6 Update: python-per-line.py Version 0.0.6 Update: format-bytes.py Version 0.0.8 Update: jpegdump.py Version 0.0.7

YouTube videos:

Analysis of PDFs Created with OpenOffice/LibreOffice

Videoblog posts:

Maldoc Analysis: Excel 4.0 Macro

SANS ISC Diary entries:

Maldoc Analysis of the Weekend by a Reader Analysis of PDFs Created with OpenOffice/LibreOffice Analyzing UDF Files with Python .rar Files and ACE Exploit CVE-2018-20250 Malicious VBA Office Document Without Source Code Quick Tip for Dissecting CVE-2017-11882 Exploits

by

Overview of Content Published in March

Here is an overview of content I published in March:

Blog posts:

Update: pdf-parser.py Version 0.7.1 Analyzing a Phishing PDF with /ObjStm Update: re-search.py Version 0.0.13 Update: oledump.py Version 0.0.42 Maldoc: Excel 4.0 Macro Quickpost: PDF Tools Download Feature Update: pecheck.py Version 0.7.6

YouTube videos:

Analyzing a Phishing PDF with /ObjStm Maldoc: Excel 4.0 Macro Maldoc Analysis: Excel 4.0 Macro

Videoblog posts:

Analyzing a Phishing PDF with /ObjStm Maldoc: Excel 4.0 Macro Maldoc Analysis: Excel 4.0 Macro

SANS ISC Diary entries:

Quick and Dirty Malicious HTA Analysis Wireshark 3.0.0 and Npcap Tip: Ghidra & ZIP Files Maldoc: Excel 4.0 Macros Video: Maldoc Analysis: Excel 4.0 Macro Wireshark 3.0.0 and Npcap: Some Remarks “VelvetSweatshop” Maldocs Decoding QR Codes with Python “VelvetSweatshop” Maldocs: Shellcode Analysis “404” is not Malware

by

Title: Overview of Content Published in February

Here is an overview of content I published in February:

Blog posts:

Update: cut-bytes.py Version 0.0.9 Update: oledump.py Version 0.0.41 Update: translate.py Version 2.5.5 Update: pdf-parser.py Version 0.7.0

YouTube videos:

Analyzing a Simple HTML Phishing Attachment Maldoc Analysis of the Weekend Finding Property Values in Office Documents PDF: Stream Objects (/ObjStm)

Videoblog posts:

Analyzing a Simple HTML Phishing Attachment Maldoc Analysis of the Weekend Finding Property Values in Office Documents PDF: Stream Objects (/ObjStm)

SANS ISC Diary entries:

Video: Analyzing a Simple HTML Phishing Attachment Maldoc Analysis of the Weekend Video: Maldoc Analysis of the Weekend Have You Seen an Email Virus Recently? Finding Property Values in Office Documents Video: Finding Property Values in Office Documents Know What You Are Logging Identifying Files: Failure Happens Sextortion Email Variant: With QR Code Maldoc Analysis by a Reader