Quickpost: dig On Windows

I found out there’s a dig command for Windows. I group small tools like this inside a bin folder. But dig relies on a set of DLLs, that should also be in the PATH, so I put them in the same bin folder. These are the DLLs dig.exe needs: libbind9.dll libcrypto-1_1-x64.dll libdns.dll libirs.dll libisc.dll libisccfg.dll libuv.dll libxml2.dll...

2w

Quickpost: Downloading Files With Windows Defender & User Agent String

@mohammadaskar2 found out you can use Windows Defender to download arbitrary files. Like this: "c:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2008.9-0\mpcmdrun.exe" -DownloadFile -url http://didierstevens.com/index.html -path test.html This command uses MpCommunication as User Agent String: Update: this download feature has been disabled....

2w

Overview of Content Published in August

Here is an overview of content I published in August: Blog posts: Videos: Defective USB Cable Update: numbers-to-string.py Version 0.0.10 New Tool: XORSearch.py Update: oledump.py 0.0.53 SANS ISC Diary entries: Small Challenge: A Simple Word Maldoc Small Challenge: A Simple Word Maldoc – Part 2 Wireshark 3.2.6 Released Small Challenge:...

2w

Update: oledump.py 0.0.53

This new version of oledump.py has bug fixes, updates for -s and –raw -v options, plugins, and a bug fix for plugin_vbaproject. Streams can now be select (-s –select) by name too. Make sure to include the single quotes: oledump_V0_0_53.zip (https) MD5: C26EB56580D65B2E856169A3EFC9BC03 SHA256: A10D90284F10C6D7811E2573049FE0F8315F04129846898C88E0184423988CD9

4w

New Tool: XORSearch.py

XORSearch, written in C, is a tool of mine I started 10+ years ago. But more and more security tools don’t like it. So I decided to stop adding new features to XORSeach in C, and start programming a Python version to implement new features. This is a work in progress. For the moment, the Python version only supports XOR-encoding with a one-byte key,...

4w

Update: numbers-to-string.py Version 0.0.10

This new version of numbers-to-string.py, a tool to extract numbers from text files and convert them to strings, adds a verbose option (-v –verbose). Example: Running this with verbose option shows which lines were selected for number extraction: numbers-to-string_v0_0_10.zip (https) MD5: C7B8985C5A7D856F68A88BBD491375E6 SHA256: 8CED403C795E9287DD1500C8A0EFBF41F8837BE112113D425A7F8C97D9D1A27E

Aug 2020

Videos: Defective USB Cable

When I had issues with my portapack, it took me some time to remark that these issues only happened with a particular USB cable. The SDR would work fine, and then when I would try to record or playback, the screen would turn dark. You can see this in the following video: What is happening, is that this particular USB cable is electrically defective:...

Aug 2020

Overview of Content Published in July

Here is an overview of content I published in July: Blog posts: Update: base64dump.py Version 0.0.12 Tampering With Digitally Signed VBA Projects Quickpost: curl Update XORSearch Version 1.11.4 Update: oledump.py Version 0.0.51 Cracking VBA Project Passwords ndisasm 2.15 stdin Bug Fix Update: oledump.py 0.0.52 Update: zipdump.py Version...

Aug 2020

Update: pecheck.py Version 0.7.11

This is a bugfix version pecheck-v0_7_11.zip (https) MD5: D3B69575F0A08377D1A08886D34230FD SHA256: 2B59F745377EABDF81118997CA70F5F4DBC1CE927370F02C6E0262869F988FA9

Jul 2020

Update: InteractiveSieve 0.9.1

There are many new features in this update to InteractiveSieve (I neglected to publish updates). InteractiveSieve is a C# tool I developed to help me visualize and sift through logs (CSV files). I want to record a couple of videos to show what this tool can do. Here is a list of updates: Added Remember and >= <= popup menu commands Added...

Jul 2020