Didier Stevens

(blog \'DidierStevens)

Latest articles

Update: nsrl.py Version 0.0.3

I use my tool nsrl.py to match a list of hashes with the Reference Data Set of the National Software Reference Library. This is a Python 3 update and small change to support a change in RDS ZIP file structure. nsrl_V0_0_3.zip (https) MD5: A86E3EB076B467C64A520256556EDADA SHA256: 8760B20A918CD135B7D79F7567C240AEF4840325BE9656D684BFD119A017E86F

Update: nsrl.py Version 0.0.3

I use my tool nsrl.py to match a list of hashes with the Reference Data Set of the National Software Reference Library. This is a Python 3 update and small change to support a change in RDS ZIP file structure. nsrl_V0_0_3.zip (https) MD5: A86E3EB076B467C64A520256556EDADA SHA256: 8760B20A918CD135B7D79F7567C240AEF4840325BE9656D684BFD119A017E86F

Overview of Content Published in February

Here is an overview of content I published in February: Blog posts: Update: oledump.py Version 0.0.59 Quickpost: oledump.py plugin_biff.py: Remove Sheet Protection From Spreadsheets Update: re-search.py Version 0.0.16 re-search.py And Custom Validations Update: oledump.py Version 0.0.60 YouTube videos: tshark & Malware Analysis oledump...

Update: oledump.py Version 0.0.60

This new version of oledump.py brings an update to plugin plugin_biff to help with the recovery of protection passwords. oledump_V0_0_60.zip (https) MD5: BC7631059077294223BB225D16FB7186 SHA256: D847E499CB84B034E08BCDDC61ADDADA39B90A5FA2E1ABA0756A05039C0D8BA2

Overview of Content Published in February

Here is an overview of content I published in February: Blog posts: Update: oledump.py Version 0.0.59 Quickpost: oledump.py plugin_biff.py: Remove Sheet Protection From Spreadsheets Update: re-search.py Version 0.0.16 re-search.py And Custom Validations Update: oledump.py Version 0.0.60 YouTube videos: tshark & Malware Analysis oledump...

Update: oledump.py Version 0.0.60

This new version of oledump.py brings an update to plugin plugin_biff to help with the recovery of protection passwords. oledump_V0_0_60.zip (https) MD5: BC7631059077294223BB225D16FB7186 SHA256: D847E499CB84B034E08BCDDC61ADDADA39B90A5FA2E1ABA0756A05039C0D8BA2

re-search.py And Custom Validations

My tool re-search.py is a tool that uses regular expressions to search through files. You can use regular expressions from a small builtin library, or provide your own regular expressions. And these regular expressions can be augmented with extra conditions, like validation with a custom Python function. I’m going to illustrate this here with a regular...

Update: re-search.py Version 0.0.16

This new version of re-search.py, my tool to search files with a builtin library of regular expressions, brings an update to the url and url-domain regexes to match hostnames with underscores (_) and a Python 3 fix. re-search_V0_0_16.zip (https) MD5: 21A7096116F50CCA051A152066B2DB50 SHA256: 4A3AC1B1BED68660316011F14EFC84B344BE3FF7E335CDFA8F1AAA2C0D2D06B0

Quickpost: oledump.py plugin_biff.py: Remove Sheet Protection From Spreadsheets

My new version of plugin_biff.py has a new option: –hexrecord. Here I’ll show how I use this to remove the sheet protection from malicious spreadsheets. If you want to open a malicious spreadsheet (for example with Excel 4 macros) in a sandbox, to inspect its content with Excel, chances are that it is protected. I’m not talking about encryption (this...

Update: oledump.py Version 0.0.59

This new version of oledump.py has a small change in the XML detection logic, and adds options –hexrecord and –xordeobfuscate to plugin plugin_biff.py.   oledump_V0_0_59.zip (https) MD5: 89CC85EDADA0BB6978A75BA37065A65D SHA256: BE62B45AE20D3BF5B3C335742F08067297079F6B8431A5CC82401BF67BFA50F6

Discover, share and read the best on the web

Subscribe to RSS Feeds, Blogs, Podcasts, Twitter searches, Facebook pages, even Email Newsletters! Get unfiltered news feeds or filter them to your liking.

Get Inoreader
Inoreader - Subscribe to RSS Feeds, Blogs, Podcasts, Twitter searches, Facebook pages, even Email Newsletters!