Didier Stevens

(blog \'DidierStevens)

Latest articles

Quickpost: dig On Windows

I found out there’s a dig command for Windows. I group small tools like this inside a bin folder. But dig relies on a set of DLLs, that should also be in the PATH, so I put them in the same bin folder. These are the DLLs dig.exe needs: libbind9.dll libcrypto-1_1-x64.dll libdns.dll libirs.dll libisc.dll libisccfg.dll libuv.dll libxml2.dll...

Quickpost: Downloading Files With Windows Defender & User Agent String

@mohammadaskar2 found out you can use Windows Defender to download arbitrary files. Like this: "c:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2008.9-0\mpcmdrun.exe" -DownloadFile -url http://didierstevens.com/index.html -path test.html This command uses MpCommunication as User Agent String: Update: this download feature has been disabled....

Overview of Content Published in August

Here is an overview of content I published in August: Blog posts: Videos: Defective USB Cable Update: numbers-to-string.py Version 0.0.10 New Tool: XORSearch.py Update: oledump.py 0.0.53 SANS ISC Diary entries: Small Challenge: A Simple Word Maldoc Small Challenge: A Simple Word Maldoc – Part 2 Wireshark 3.2.6 Released Small Challenge:...

Update: oledump.py 0.0.53

This new version of oledump.py has bug fixes, updates for -s and –raw -v options, plugins, and a bug fix for plugin_vbaproject. Streams can now be select (-s –select) by name too. Make sure to include the single quotes: oledump_V0_0_53.zip (https) MD5: C26EB56580D65B2E856169A3EFC9BC03 SHA256: A10D90284F10C6D7811E2573049FE0F8315F04129846898C88E0184423988CD9

New Tool: XORSearch.py

XORSearch, written in C, is a tool of mine I started 10+ years ago. But more and more security tools don’t like it. So I decided to stop adding new features to XORSeach in C, and start programming a Python version to implement new features. This is a work in progress. For the moment, the Python version only supports XOR-encoding with a one-byte key,...

Update: numbers-to-string.py Version 0.0.10

This new version of numbers-to-string.py, a tool to extract numbers from text files and convert them to strings, adds a verbose option (-v –verbose). Example: Running this with verbose option shows which lines were selected for number extraction: numbers-to-string_v0_0_10.zip (https) MD5: C7B8985C5A7D856F68A88BBD491375E6 SHA256: 8CED403C795E9287DD1500C8A0EFBF41F8837BE112113D425A7F8C97D9D1A27E

Videos: Defective USB Cable

When I had issues with my portapack, it took me some time to remark that these issues only happened with a particular USB cable. The SDR would work fine, and then when I would try to record or playback, the screen would turn dark. You can see this in the following video: What is happening, is that this particular USB cable is electrically defective:...

Overview of Content Published in July

Here is an overview of content I published in July: Blog posts: Update: base64dump.py Version 0.0.12 Tampering With Digitally Signed VBA Projects Quickpost: curl Update XORSearch Version 1.11.4 Update: oledump.py Version 0.0.51 Cracking VBA Project Passwords ndisasm 2.15 stdin Bug Fix Update: oledump.py 0.0.52 Update: zipdump.py Version...

Update: pecheck.py Version 0.7.11

This is a bugfix version pecheck-v0_7_11.zip (https) MD5: D3B69575F0A08377D1A08886D34230FD SHA256: 2B59F745377EABDF81118997CA70F5F4DBC1CE927370F02C6E0262869F988FA9

Update: InteractiveSieve 0.9.1

There are many new features in this update to InteractiveSieve (I neglected to publish updates). InteractiveSieve is a C# tool I developed to help me visualize and sift through logs (CSV files). I want to record a couple of videos to show what this tool can do. Here is a list of updates: Added Remember and >= <= popup menu commands Added...

Discover, share and read the best on the web

Subscribe to RSS Feeds, Blogs, Podcasts, Twitter searches, Facebook pages, even Email Newsletters! Get unfiltered news feeds or filter them to your liking.

Get Inoreader
Inoreader - Subscribe to RSS Feeds, Blogs, Podcasts, Twitter searches, Facebook pages, even Email Newsletters!