Didier Stevens

Wednesday 4 November 2015

Overview of Content Published In October

Filed under: Announcement — Didier Stevens @ 15:31

Here is an overview of content I published in October:

Blog posts:

Videoblog posts:

SANS ISC Diary entries:

Monday 19 October 2015

New workshop videos: Malicious Office Documents Part 1

Filed under: Announcement — Didier Stevens @ 6:00

This week I will teach my Malicious Office Documents workshop at hack.lu, explaining how to use my oledump tool.

If you can not attend and are interested, I sell videos for this new workshop. And I also do a promo: if you buy my bundle of 3 workshops, you get the new Malicious Office Documents Part 1 workshop for free. In a nutshell: you pay €60 for 4 workshops in stead of €100.

Wednesday 22 July 2015

“Analysing Malicious Documents” Training At 44CON London

Filed under: Announcement,Didier Stevens Labs,Forensics,My Software — Didier Stevens @ 0:00

I’m teaching a 2-day class “Analysing Malicious Documents” at 44CON London.

Here is my promo video:

Friday 26 December 2014

YouTube Video Promo

Filed under: Announcement,Didier Stevens Labs — Didier Stevens @ 10:24

I produced 21 technical videos this year. You can find them on YouTube and my video blog (sometimes I also post beta versions of my new tools along with the video on my video blog).

I decided to run a promo for my Didier Stevens Labs videos: If you buy one of my products, you get to download the original MP4 files I uploaded to my free YouTube channel. This offer is also valid for existing clients.

YouTube Video Promo

Tuesday 30 September 2014

Announcement: PDFiD Plugins

Filed under: Announcement,My Software,PDF — Didier Stevens @ 21:30

I have a new version of PDFiD. One with plugins and selections.

Here’s a preview:



Friday 4 April 2014

Announcement: Wireshark Lua Dissectors

Filed under: Announcement,My Software,Networking,Wireshark — Didier Stevens @ 10:18

To promote my Hack In The Box Wireshark training, I’ll start to publish some Lua dissectors.

Here is a screenshot of my TCP Flags dissector. It was generated (and adapted) with my Wireshark Lua dissector generator. It displays TCP flags like Snort does.

You can clearly see the SYN – SYN/ACK – ACK phase of the first TCP connection (packets 1, 2 and 3).


Friday 30 August 2013

Brucon Hacking PDF Training

Filed under: Announcement,Didier Stevens Labs,PDF — Didier Stevens @ 8:56

When you register before September 7th with discount code MC201305 you will get 5% discount.

What do you want from training? I want to gain knowledge. I designed my “Hacking PDF” training with this goal in mind.

“Hacking PDF” is a 2-day training focusing on the PDF language, not on reversing PDF readers. By attending this training, you will first acquire knowledge about the PDF language. And then we will use this knowledge to analyze malicious PDFs (day 1) and create PDFs for fun and profit (day 2).

Learning to use tools is nice, and learning new skills is interesting. But I want more. I also want to get a deep understanding of the subject. Because with this knowledge, I can develop new tools and invent new techniques.

On day one I explain the fundamentals of the PDF language. We take a look at several features of the language that malware authors use and abuse. And then we start analyzing PDFs. You learn to use my tools pdfid and pdf-parser on 20 simple PDF exercises. The exercise is to find the malicious behavior of the PDF, the goal is to gain understanding of PDF malware. And then we move on to the real deal: analyzing real, in-the-wild PDF malware.
On day two we use our understanding of the PDF language and PDF malware to create our own PDF files and modify existing PDF files. This is done with pure Python tools and other free tools. Adobe products are not used in this training, except to view PDFs. We will learn to do simple and smart fuzzing of PDFs, create PDFs that exploit vulnerabilities in PDF readers, embed files and PDFs, and a lot of other interesting hacks …

You can find a “Hacking PDF” slideshow here.

There are not many pre-requisites for this training:
1)    You don’t need to know anything about PDF, I will teach you what we need to know.
2)    We use Python scripts, but you don’t need to be a Python programmer. We will modify existing scripts, so a bit of programming knowledge like if statements and loops is enough.
3)    Not need to understand assembly or shellcode, we use a shellcode emulator. And I will provide you the shellcode for day 2, you do not need to write it yourself.
4)    You need to be at ease with the command-line
5)    A security mindset is an advantage ;-)

When you register before September 7th with discount code MC201305 you will get 5% discount.

Monday 29 July 2013


Filed under: Announcement — Didier Stevens @ 0:00

I’m attending OHM2013. To mark the occasion of this outdoor hacker conference taking place every 2 years, I’m doing a 20% promo on my workshop videos.

In case you missed it, I posted this during the weekend: MSI: The Case Of The Invalid Signature.

Wednesday 16 January 2013

ISSA Journal Article ; HITB PDF Training

Filed under: Announcement,Forensics,Hacking,Networking,PDF — Didier Stevens @ 8:39

The ISSA Journal featured my article on Network Device Forensics, making it available to everyone.

And I’m giving a 2-day training on PDF at Hack In The Box Amsterdam 2013.

Tuesday 1 January 2013

MVP – Promo – Datapipe.xls

Filed under: Announcement — Didier Stevens @ 17:40

Today I received my 3th MVP award from Microsoft: MVP 2013 Consumer Security.

To celebrate this, I’ve 2 things for you:

  1. A 20% promo on my videos.
  2. A new utility: datapipe.xls. And like a real New Year present, you’ll have to open it to find out what it is ;-) More details later.

datapipe_V0_0_0_1.zip (https)
MD5: 5BF1594E8144B694431E7A7E3BDF33F7
SHA256: 57CD06EBFEC1C5C2661E44260A7304DFCDEEB2F54132E0627A474AF756AFA956

Next Page »

The Rubric Theme. Blog at WordPress.com.


Get every new post delivered to your Inbox.

Join 342 other followers