Here is an overview of content I published in June:

Blog posts:

add-admin: Tiny EXE To Add Administrative Account Update: translate.py Version 2.5.8 FalsePositive GitHub Repository VBA Purging

YouTube videos:

YARA’s BASE64 Strings

Videoblog posts:

Maldoc Analysis With xlm-deobfuscator SANS@MIC – Maldocs: a bit of blue, a bit of red

SANS ISC Diary entries:

XLMMacroDeobfuscator: An Update Translating BASE64 Obfuscated Scripts YARA’s BASE64 Strings ISC Handler Series: SANS@MIC – Maldocs: a bit of blue, a bit of red Comparing Office Documents with WinMerge Video: YARA’s BASE64 Strings Sysmon and Alternate Data Streams

NVISO blog posts:

Tampering with Digitally Signed VBA Projects

As I’m fed up with Google’s false positives on some of my tools on DidierStevens.com, I’m moving them to a new GitHub repository: FalsePositives.

FYI, here is their User Agent String:

Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US) AppEngine-Google; (+http://code.google.com/appengine; appid: s~virustotalcloud)

Here is an overview of content I published in May:

Blog posts:

Quickpost: Empty ZIP File Quickpost: Go: Building For Multiple Operating Systems Update: XORSelection.1sc Version 5.0 Quickpost: curl And SSPI Proxy Authentication Update: oledump.py Version 0.0.50 AdHoc GitHub Repository New Tool: simple_ip_stats.py

YouTube videos:

EICAR File, Memorized ZIP(EICAR File), Memorized Maldoc Analysis With xlm-deobfuscator

Videoblog posts:

EICAR File, Memorized ZIP(EICAR File), Memorized

SANS ISC Diary entries:

ZIP & AES Sysmon and File Deletion YARA v4.0.0: BASE64 Strings Excel 4 Macro Analysis: XLMMacroDeobfuscator Antivirus & Multiple Detections Some Strings to Remember Wireshark 3.2.4 Released Zloader Maldoc Analysis With xlm-deobfuscator YARA v4.0.1