Forensic Blogs

An aggregator for digital forensics blogs

December 4, 2022 by Didier Stevens

Extracting Certificates For Defender

A colleague asked me for help with extracting code signing certificates from malicious files, to add them to Defender’s block list.

The procedure involves right-clicking the EXE in Windows Explorer, selecting properties to view the digital signature, and so on …

But I don’t like procedures where one has to click on malware.

So I looked for a PowerShell command, and found this.

Get-AuthenticodeSignature .\malware.exe.vir | Select-Object -ExpandProperty SignerCertificate | Export-Certificate -Type CERT -FilePath SignerCertificate.cer

Read the original at: Didier StevensFiled Under: Digital Forensics Tagged With: Malware

September 10, 2022 by Didier Stevens

Maldoc Analysis Video – Rehearsed & Unrehearsed

When I record maldoc analysis videos, I have already analyzed the maldoc prior to recording, and I rehearse the recording.

This time, I also recorded the unrehearsed analysis: when I take the first look at a maldoc I’ve not seen before.

All in this video:

Read the original at: Didier StevensFiled Under: Digital Forensics Tagged With: maldoc, Malware, My Software, video

June 22, 2022 by Didier Stevens

Examples Of Encoding Reversing

I recently created 2 blog posts with corresponding videos for the reversing of encodings.

The first one is on the ISC diary: “Decoding Obfuscated BASE64 Statistically“. The payload is encoded with a variation of BASE64, and I show how to analyze the encoded payload to figure out how to decode it.

And this is the video for this diary entry:

And on this blog, I have another example, more complex, where the encoding is a variation of hexadecimal encoding, with some obfuscation: “Another Exercise In Encoding Reversing“.

And here is the video:

Read the original at: Didier StevensFiled Under: Digital Forensics Tagged With: forensics, Malware, Reverse Engineering

  • « Previous Page
  • 1
  • 2
  • 3
  • 4
  • …
  • 35
  • Next Page »

About

This site aggregates posts from various digital forensics blogs. Feel free to take a look around, and make sure to visit the original sites.

  • Contact
  • Aggregated Sites

Suggest a Site

Know of a site we should add? Enter it below

Sending

Jump to Category

All content is copyright the respective author(s)