Forensic Blogs

An aggregator for digital forensics blogs

by

Overview of Content Published in March

Here is an overview of content I published in March:

Blog posts:

Update: nsrl.py Version 0.0.3 Update pecheck.py Version 0.7.13 Update: 1768.py Version 0.0.5 Quickpost: “ProxyLogon PoC” Capture File FileZilla Uses PuTTY’s Registry Fingerprint Cache

YouTube videos:

Finding Metasploit & Cobalt Strike URLs

Videoblog posts:

Finding Metasploit & Cobalt Strike URLs

SANS ISC Diary entries:

PCAPs and Beacons YARA and CyberChef Wireshark 3.4.4 Released Finding Metasploit & Cobalt Strike URLs YARA Pre-release v4.1.0 Video: Finding Metasploit & Cobalt Strike URLs Nim Strings TCPView v4.0 Released

by

Overview of Content Published in February

Here is an overview of content I published in February:

Blog posts:

Update: oledump.py Version 0.0.59 Quickpost: oledump.py plugin_biff.py: Remove Sheet Protection From Spreadsheets Update: re-search.py Version 0.0.16 re-search.py And Custom Validations Update: oledump.py Version 0.0.60

YouTube videos:

tshark & Malware Analysis oledump and YARA DDE Rules

Videoblog posts:

tshark & Malware Analysis oledump and YARA DDE Rules

SANS ISC Diary entries:

YARA v4.0.5 Quickie: tshark & Malware Analysis Video: tshark & Malware Analysis Quickie: Extracting HTTP URLs With tshark DDE and oledump Unprotecting Malicious Documents For Inspection Maldocs: Protection Passwords

by

Overview of Content Published in January

Here is an overview of content I published in January:

Blog posts:

Update: Python Templates Version 0.0.3 Update: oledump.py Version 0.0.58 Decrypting TLS Streams With Wireshark: Part 3 Update: count.py Version 0.3.0 Update: Python Templates Version 0.0.4 Video: Maldoc Analysis With CyberChef Update: re-search.py Version 0.0.14 Update: re-search.py Version 0.0.15 Update: strings.py Version 0.0.7 Update: XORSelection.1sc Version 6.0 New Tool: pdftool.py

YouTube videos:

December 2020: Jupiter & Saturn Maldoc Analysis With CyberChef My Encrypted Storage My Encrypted Storage: Read-Only CyberChef: Analyzing OOXML Files for URLs Doc & RTF Malicious Document Decoding a Payload Using a Dynamic XOR Key pdftool.py: Incremental Updates

Videoblog posts:

Maldoc Analysis With CyberChef My Encrypted Storage My Encrypted Storage: Read-Only CyberChef: Analyzing OOXML Files for URLs Doc & RTF Malicious Document Decoding a Payload Using a Dynamic XOR Key pdftool.py: Incremental Updates

SANS ISC Diary entries:

Strings 2021 Maldoc Strings Analysis Maldoc Analysis With CyberChef New Release of Sysmon Adding Detection for Process Tampering Doc & RTF Malicious Document CyberChef: Analyzing OOXML Files for URLs Video: Doc & RTF Malicious Document YARA v4.0.4 Wireshark 3.4.3 Released