An aggregator for digital forensics blogs
I’m releasing the templates for Python tools I shared and used during my BruCON and Hack.lu 2018 workshops.
There’s a template for text files and one for binary files.
python-templates_V0_0_1.zip (https)
MD5: 99E9D87681470F1BAE020B68F2853F49
SHA256: 2CA24AD6928FA2FE2DE894FEFBD1B41238B723D46ADED4064D26374A805BA1C4
Here is an overview of content I published in September:
Blog posts:
Firmware Upgrade: WiFi Pineapple NANO WiFi Pineapple NANO: Persistent Recon DB Quickpost: Compiling EXEs and Resources with MinGW on Kali Update: pecheck.py Version 0.7.4 Quickpost: Signing Windows Executables on KaliYouTube videos:
Using scdbg to analyze shellcode When DOSfuscation Helps…Videoblog posts:
Maldoc with DOSfuscation: example 2 Using scdbg to analyze shellcodeSANS ISC Diary entries:
Another quickie: Using scdbg to analyze shellcode Video: Using scdbg to analyze shellcode “What is dikona or glirote3?” User Agent String “$ua.tools.random()” ?
!
20/20 malware vision
Suspicious DNS Requests … Issued by a Firewall
Analyzing Encoded Shellcode with scdbg
When DOSfuscation Helps…
Here is an overview of content I published in August:
Blog posts:
Update: PDFiD.py Version 0.2.5 Update: oledump.py Version 0.0.37 Update: format-bytes Version 0.0.5 Quickpost: Revisiting JA3 Obtaining Malware Samples for Analysis Update: numbers-to-string.py Version 0.0.5 Quickpost: Compiling DLLs with MinGW on WindowsYouTube videos:
Dealing With Numeric Obfuscation Maldoc Analysis & Linux Tools Maldoc with DOSfuscation: example 2 oledump: plugin_msgVideoblog posts:
Dealing With Numeric Obfuscation DotNetToJScript Analysis Maldoc Analysis & Linux Tools Maldoc with DOSfuscation oledump: plugin_msgSANS ISC Diary entries:
Dealing with numeric obfuscation in malicious scripts Video: Maldoc analysis with standard Linux tools Numeric obfuscation: another example Peeking into msg files – revisited A URL shortener handy for phishers New Extortion Tricks: Now Including Your (Partial) Phone Number! Video: Peeking into msg files – revisited OpenSSH user enumeration (CVE-2018-15473) Microsoft Publisher malware: static analysis Identifying numeric obfuscation “When was this machine infected?”NVISO blog:
PowerShell Inside a Certificate? – Part 2 PowerShell Inside a Certificate? – Part 3 Compiling Our Python Decompiler OpenSSH User Enumeration Vulnerability: a Close Look Differential Malware Analysis: An Example