Uncategorized Archives | Forensic Blogs

November 10, 2022 by Didier Stevens

Update: oledump.py Version 0.0.71

A new plugin and an updated plugin.

Plugin plugin_dttm is a plugin for Word documents: it searches for Dop structures. They contain DTTM timestamps.

And plugin plugin_metadata has been updated to parse digital signatures (option -s).

oledump_V0_0_71.zip (http)
MD5: BA1142136F28DB218BADEAA642EA0EA9
SHA256: FA09766D138A1AA60523B487D947BF29222D409CF1FCE078DE61BF62768A5950

October 31, 2022 by Didier Stevens

Overview of Content Published in October

Here is an overview of content I published in October:

Blog posts: Quickpost: Standby Power Consumption Of An Old Linear Power Supply Update: base64dump.py Version 0.0.24 Update: rtfdump.py Version 0.0.12 Quickpost: Testing A Lemon Battery Update: byte-stats.py Version 0.0.9 The Making Of: qa-squeaky-toys.docm Quickpost: BruCON Travel Charger YouTube videos: Analysis of a Malicious HTML File (QBot) PNG Analysis PNG + mimikatz.exe Videoblog posts: Analysis of a Malicious HTML File (QBot) PNG Analysis PNG + mimikatz.exe SANS ISC Diary entries: Sysmon v14.1 Release Wireshark 4.0.0 Released Curl’s resolve Option Wireshark: Specifying a Protocol Stack Layer in Display Filters Analysis of a Malicious HTML File (QBot) Video: Analysis of a Malicious HTML File (QBot) rtfdump’s Find Option Video: PNG Analysis Quickie: CyberChef & Microsoft Script Decoding Sysinternals Updates: Process Explorer v17.0, Handle v5.0, Process Monitor v3.92 and Sysmon v14.11

July 19, 2022 by Didier Stevens

Update: sortcanon Version 0.0.2

This new version adds a sort function to sort email addresses by domain first.

sortcanon_V0_0_2.zip (http)
MD5: ED6DBE384707778E765C9BD6B6880C05
SHA256: 190922F347AC1B32D0CE503D1763F27A250D9BFDD15CB911EA4435BAB7E69CD3