Announcement Archives | Forensic Blogs

May 31, 2020 by Didier Stevens

Overview of Content Published in May

Here is an overview of content I published in May:

Blog posts:

Quickpost: Empty ZIP File Quickpost: Go: Building For Multiple Operating Systems Update: XORSelection.1sc Version 5.0 Quickpost: curl And SSPI Proxy Authentication Update: oledump.py Version 0.0.50 AdHoc GitHub Repository New Tool: simple_ip_stats.py

YouTube videos:

EICAR File, Memorized ZIP(EICAR File), Memorized Maldoc Analysis With xlm-deobfuscator

Videoblog posts:

EICAR File, Memorized ZIP(EICAR File), Memorized

SANS ISC Diary entries:

ZIP & AES Sysmon and File Deletion YARA v4.0.0: BASE64 Strings Excel 4 Macro Analysis: XLMMacroDeobfuscator Antivirus & Multiple Detections Some Strings to Remember Wireshark 3.2.4 Released Zloader Maldoc Analysis With xlm-deobfuscator YARA v4.0.1

May 24, 2020 by Didier Stevens

AdHoc GitHub Repository

Next to GitHub repositories DidierStevensSuite and Beta to share my tools, I have now repository AdHoc.

AdHoc is a repository for adhoc scripts: scripts that serve a very specific purpose, and that will most likely not be maintained, maybe just a few cycles.

For example, it contains script excel_brute_force_formula_fill.py, a script that I wrote to try to decode the current Zloader Excel 4 macro maldocs.

May 3, 2020 by Didier Stevens

Overview of Content Published in April

Here is an overview of content I published in April:

Blog posts:

April 1st 2020: FlashPix File With VBA Code Video: GNU Radio Companion: Acoustic Beats Update XORSearch Version 1.11.3 Update: zipdump.py Version 0.0.17 Update: zipdump.py Version 0.0.18 Analyzing Malformed ZIP Files Update: xmldump.py Version 0.0.6 Update: hex-to-bin.py Version 0.0.5 Update: python-per-line.py Version 0.0.7 Handling Diacritics Quickpost: My SpiderMonkey’s Cheat Sheet NVISO Innovation Coin Update: zipdump.py Version 0.0.19

YouTube videos:

YARA: Ad Hoc Rules GNU Radio Companion: Acoustic Beat GNU Radio Companion: Simple Filters GNU Radio Companion: .WAV File zipdump.py: Malformed .docm File

Videoblog posts:

GNU Radio Companion: Acoustic Beats YARA: Ad Hoc Rules GNU Radio Companion: Simple Filters GNU Radio Companion: .WAV File zipdump.py: Malformed .docm File

SANS ISC Diary entries:

New Bypass Technique or Corrupt Word Document? Password Protected Malicious Excel Files Wireshark 3.2.3 Released: Mac Users Pay Attention Please Reader Analysis: “Dynamic analysis technique to get decrypted KPOT Malware.” KPOT Analysis: Obtaining the Decrypted KPOT EXE KPOT AutoIt Script: Analysis MALWARE Bazaar Video: Malformed .docm File

NVISO blog posts:

Video: Attack Surface Reduction (ASR) Bypass using VBA