Didier Stevens

My Software

This list is a work in progress. It will list all my published software with cross-referenced blogposts.

If you get errors running one of my programs, read this first.

Applications:

AnalyzePESig: Analyze digital signature of PE file

apc-b: Send beacon frames with AirPcap

apc-channel: AirPcap channel hopper

apc-pr-log: AirPcap probe requests logger

Ariad: Tool (driver) to prevent inserted USB sticks from executing code

avr-teensy-pdf-dropper: WinAVR PoC to program Teensy to drop PDF file

base64dump: Extract base64 strings from file

BinaryTools: simple binary tools: reverse (reverses a file) and middle (extract sequence from file)

bpmtk: Basic Process Manipulation Tool Kit

BruteForceEnigma: C# program to bruteforce ENIGMA encoded text

byte-stats: Calculate byte statistics

CASToggle: Utility providing more control over .NET CAS enforcement

Challenger: Small program for simple reverse-engineering challenges

cisco-calculate-ssh-fingerprint: Calculate the SSH fingerprint of a Cisco IOS device

ClipboardTransformer: Clipboard utility

cmd-dll: ReactOS cmd.exe transformed into a dll

count: count unique items

CounterHeapSpray: Process hardening tool, my PoC for Microsoft BlueHat Prize Contest

defuzzer: Generate the original file by combining fuzzed files.

disinformational-tweets: Python program to Tweet (obsolete)

disitool: Tool to work with Windows executables digital signatures

DumpStrings: 010 Editor Script to dump strings (integrated since version 4)

EICARgen: Program to generate an EICAR file (EICAR AV test file)

emldump: Analyze MIME files

EnforcePermanentDEP: Enable permanent DEP in the loading process (Windows XP)

extractscripts: Utility to check HTML file and generate a separate file for each script in the HTML file

file2vbscript: Embeds executable into vbscript script

FileGen: Command-line program to create test files of different lengths

FileScanner: Tool to scan files for patterns

find-file-in-file: Check if a file is embedded inside another file, even non-contiguous

fuzzer: 010 Editor Script implementing a simple fuzzer

HeapLocker: Process hardening tool, a bit like EMET, but open source

InstalledPrograms: List installed programs with Excel/VBA

InteractiveSieve: GUI tool to visualize and analyze logs, data, … by “sifting”

js-1.5-mod: SpiderMonkey JavaScript interpreter modifications

js-1.7.0-mod: SpiderMonkey JavaScript interpreter modifications

js-unicode-escape: 010 Editor Script to convert bytes to a Unicode escape encoded string for JavaScript

js-unicode-unescape: 010 Editor Script to convert a Unicode escape encoded string to bytes

ListModules: Analyze digital signature of all executables in processes

ListSharesSecurityWithWMI-VS2001: C# example for share security enumeration with WMI

LNKTemplate: 010 Editor Template for LNK file format

LoadDLLViaAppInit: DLL to load other DLLs via appinit registry key

LockIfNotHot: Automatically lock Windows computer when user walks away, requires IR thermometer

lookup-tools: IP-address and hosts lookup tools

LowerMyRights: Restricts the rights of an existing process

make-pdf: Set of Python programs to generate all kinds of PDF files

md5_authenticode: MD5 Authenticode collision PoC

MIFAREACR122: Python program to read and write 1K MIFARE RFID tags with ACR122 contactless reader/writer

my-shellcode: My shellcode collection

MyEFSService: PoC for Malicious Cryptography blogpost

MySafeModeService: PoC for Playing with Safe Mode blogpost

NAFT: Network Appliance Forensic Toolkit

NetworkMashup: Network utilities (ping, DNS) written in Excel/VBA

NewPasswordStats: Password auditing password filter

nmap-xml-script-output: nmap xml script output parser

nocalcpoc: No calc PoC

nsrl: NSRL tool

oledump: Analyze OLE files (Compound Binary Files)

OllyStepNSearch: Plugin for OllyDbg

pcap-rename: program to rename pcap files with a timestamp

pdf-parser: PDF analysis program

pdfid: PDF triage program

PDFTemplate: 010 Editor Template for PDF file format

pecheck: wrapper for pefile

peid-userdb-to-yara-rules: Convert PeID userdb to YARA rules

PFTemplate: 010 Editor Template for PF file format

psurveil: Photo Surveillance for N800

re-search: Program to use Python’s re.findall on files

regedit-dll: ReactOS regedit.exe transformed into a dll

RTStego: Rainbow table steganography

runasil: Launches program with a low integrity level

RunInsideLimitedJob: Start program and run it inside a limited job

SE_ASLR: Force ASLR on Windows Explorer Shell Extensions

search-and-replace-with-wildcards: 010 Editor Script for search and replace with wildcards

SelectMyParent: Launch a program and select its parent

SendtoCLI: GUI tool for CLI commands

setdllcharacteristics: Tool to set DEP, ASLR, … flags of a Windows executable

shellcode2vba: Convert shellcode to VBA

shellcode2vbscript: Convert shellcode to VBA

ShellCodeLibLoader: ShellCode With a C-Compiler

ShellCodeMemoryModule: Generates DLL-loading shellcode from memory

shift: 010 Editor Script to shift bytes in a file or selection

simple-shellcode-generator: Python program to generate 32-bit shellcode (assembler code)

split: Split a text file into X number of files (2 by default)

Suspender: DLL that suspends its host process

TaskManager: Windows Task Manager written in Excel/VBA

TestIntegrityCheckFlag: Test program for Using DLLCHARACTERISTICS’ FORCE_INTEGRITY Flag blogpost

translate: Python script to perform bitwise operations on files (like XOR, ROL/ROR, …)

ultraedit_scripts: Collection of UltraEdit scripts

UndeletableSafebootKey: Tool to generate an undeletable Safeboot registry key

USBVirusScan: Launch a program, like an AV scanner, each time USB removable storage is plugged-in

UserAssist: Decode the UserAssist registry data

virtualwill: HTML program to store your will

VirusAlert: C# PoC program that monitors the event log for virus alerts and displays customized messages for the user

virustotal-search: Search VirusTotal for provided hashes

virustotal-submit: Submit files to VirusTotal for scanning

vs: Python program to take surveillance pictures from IP-cameras

whoami: Firefox addon to identify your profile

WMFTemplate: 010 Editor Template for WMF file format

wmi-sc: WMI script for Security Center data

wsrradial: wi-spy radial WiFi plotting tool

wsrtool: wi-spy wsr files tool

XORSearch: Bruteforce a file for XOR, ROL, ROT, SHIFT, … encoding and search for a string

XORStrings: Bruteforce a file for XOR, ROL, ROT, SHIFT, … encoding and dump strings

zipdump: ZIP dump utility

ZIPEncryptFTP: Zip files, encrypt ZIP file, upload via FTP


AnalyzePESig: Analyze digital signature of PE file

AnalyzePESig_V0_0_0_1.zip (https)

MD5: 4BE29E4A5DE470C6040241FD069010C4

SHA256: FB83C6491690402273D42A3335777E77EA29328F5FE8503FF6F5EF62833D1FBC

  Referenced in post(s):

  Searching For That Adobe Cert



AnalyzePESig_V0_0_0_2.zip (https)

MD5: 738F97F76921FA2220368B3F4190F534

SHA256: E0D43E04AFD242307E3E6B675A650952D2605F45FE55F0B883ACF5B22BA32A01

  Referenced in post(s):

  Update: AnalyzePESig Version 0.0.0.2



AnalyzePESig_V0_0_0_3.zip (https)

MD5: C012D41535CC570F3C4947FDA9559489

SHA256: 3C26F3BEA2B20AA65F2384AC8B709AB7C0D9A51ED544987C9932994536884BD7



AnalyzePESig_V0_0_0_4.zip (https)

MD5: 3E90FFE0C9D42A16EB7903CE0C27B778

SHA256: 6953C838F9710E8ED0E28D7F062D89B0381BACB162C8C09D192E83BD745789B6



AnalyzePESig_V0_0_0_5.zip (https)

MD5: EC65D3F269445B7E876F232CE5C57A16

SHA256: 897EE65C741D2FEEF23C512FE43D9E477F9CAB0B338078703F8D860257D0C437

  Referenced in post(s):

  Authenticode Tools



apc-b: Send beacon frames with AirPcap

apc-b_v0_1_1.zip (https)

MD5: 9FC457B8CC646BEA2BC6E28AB8E43376

SHA256: 45B6F92362EBEC877F04D92C38E4362187410855DCB6C913771B055BDFC338F8

  Referenced in post(s):

  Quickpost: Sending WiFi Beacon Frames with an AirPcap Adapter



apc-b_v0_2_0.zip (https)

MD5: 849DE418A1F325B9DC133DBE2E7CC501

SHA256: C3F28DCEFE6FF747780E384E49BB4D373BC983518C592E1BB18E8455F78E7F95

  Referenced in post(s):

  _nomap, _nomap, _nomap, …



apc-channel: AirPcap channel hopper

apc-channel_v0_1.zip (https)

MD5: DB385401E39C0FB0C8278DE9D76E6A14

SHA256: 09E6A7DE54B339CA8EACBBD7A944214CA0FD466B93CFAA818B38D2AD30551C2B

  Referenced in post(s):

  Quickpost: WiFi Channel Hopping with an AirPcap Adapter



apc-channel_v0_2.zip (https)

MD5: 52169F5CB679E6C0DF1F8D47DA38F779

SHA256: 59F4BEE229F5EF5B7AF27BAF6AA972DCDC9E6A6007E8E468AE7BC7C3F1CB89DD

  Referenced in post(s):

  AirPcap Channel Hopping With Python



apc-pr-log: AirPcap probe requests logger

apc-pr-log_v0_1.zip (https)

MD5: 63C0F6F130DC186925BE1B9A66152455

SHA256: CC9D3EFE893BE6F6C263D248C695DFAB08548AE246E1772C2EBF220EB43F7277

  Referenced in post(s):

  Quickpost: WiFi Probe Request Logging with an AirPcap Adapter



Ariad: Tool (driver) to prevent inserted USB sticks from executing code

Ariad_V0_0_0_1.zip (https)

MD5: 31FC46BBE3216413848C146899F08C07

SHA256: ADA979C5F2D1FA414EF834191289CF819810131516E913DBCD82132E519A24D2



Ariad_V0_0_0_2.zip (https)

MD5: B828254F54132BD9C61D7EA0E4646983

SHA256: 98AB541AC1F392159A4428BC23C48153CE784FED0A44E950CC45D2DF14738708



Ariad_V0_0_0_7.zip (https)

MD5: A1F48BF9568A19E4344CE872A7B433DD

SHA256: 7CF8D0F47C44D4AF58C8B13B488189D2CFC63B47139C634FF06114C0C9DFD3DC



Ariad_V0_0_0_8.zip (https)

MD5: B8E46212CA56B7BD056BA30E84DF8596

SHA256: 99620D77B23C21BC1C020352C5E9CCC467A4C450E0C69AA6FFBCE7227063964C

  Referenced in post(s):

  Ariad



Ariad_V0_0_0_9.zip (https)

MD5: C41EFF12D1C454595C5F8B8EBB09DA69

SHA256: DC0F40BA397E19FDFED67E287E0CF24FB55314B9760477D3783D492043FFF698

  Referenced in post(s):

  Ariad



avr-teensy-pdf-dropper: WinAVR PoC to program Teensy to drop PDF file

avr-teensy-pdf-dropper_V0_0_0_1.zip (https)

MD5: EA14100A1BEDA4614D1AE9DE0F71B747

SHA256: 2C9A5DF1831B564D82548C72F1050737BCF17E5A25DCDC41D7FA4EA446A8FDED

  Referenced in post(s):

  Teensy PDF Dropper Part 2



base64dump: Extract base64 strings from file

base64dump_V0_0_1.zip (https)

MD5: 350C12F677E08030E0DD95339AC3604D

SHA256: 1F8156B43C8B52B7E5620B7A8CD19CFB48F42972E8625994603DDA47E07C9B35

  Referenced in post(s):

  base64dump.py Version 0.0.1



base64dump_V0_0_2.zip (https)

MD5: EE032FAB256D44B2907EAA716AD812C5

SHA256: 1E5801DD71C0FFA9CA90D2803B46275662E222D874E409FF31F83B21E6DEC080

  Referenced in post(s):

  Update: base64dump.py Version 0.0.2



base64dump_V0_0_3.zip (https)

MD5: CF214FDFE9B83E39DC8484C137050569

SHA256: 4F1B2764CCD40E0276FFC3F81E3C0B55E4C844D469C4E313A99FB13F0B5621C0

  Referenced in post(s):

  Update: base64dump.py Version 0.0.3



BinaryTools: simple binary tools: reverse (reverses a file) and middle (extract sequence from file)

BinaryTools.zip (https)

MD5: 7A70F0E6A6F89550E0B65BE5611339F8

SHA256: 26A03D0B3E8CDE768976D006F1C187E5B0EF3BB51663403964BDEDF4C606E9CB

  Referenced in post(s):

  Binary Tools



bpmtk: Basic Process Manipulation Tool Kit

bpmtk_v0_1_1_1.zip (https)

MD5: E33F7F95B409E1A0B65766821F7E26F5

SHA256: 8C0E5A04B0F5909462505582873A34AAEA5B6DC8469D3784FEAE7E9FBD349EFA



bpmtk_v0_1_2_0.zip (https)

MD5: 6ABDF2E69F153E8C6282C2DD934735DF

SHA256: 9F3328AD39F318A7F61071EC0C9341C6228B02E9F91F035E6EA8769EF27D3A34



bpmtk_v0_1_3_0.zip (https)

MD5: ECC621E653BCC32694B56AEBDABE6140

SHA256: E39C04C3CF35B8642255CF03E4185490C0FB6A0AEDBD73551E2851A0E5E5069B



bpmtk_v0_1_4_0.zip (https)

MD5: 1BF31C6885326C3C7A1B37C42E9F9DFA

SHA256: 5DF5AFDB93F19974CCDCCEFADAE52A3277AAA31FC24DCAAE6259F9DB9DA865C1



bpmtk_V0_1_5_0.zip (https)

MD5: 3F24041EE1C5C681D3EB3E7481ABC776

SHA256: B08233F9EBC541676B0807FEA7075D324ACC7B1679B130AEE8556DFD797B5EC2

  Referenced in post(s):

  bpmtk: Injecting VBScript



bpmtk_V0_1_6_0.zip (https)

MD5: FD4DA1B404961E6DB45469A27A201F41

SHA256: 5667AD1D153C5F93E509042D94491654AB742C6880DFE10366CA44E8D7EFE0D1

  Referenced in post(s):

  Update: bpmtk with hook-createprocess.dll



BruteForceEnigma: C# program to bruteforce ENIGMA encoded text

BruteForceEnigma.zip (https)

MD5: A9FEBBABA207E7C3790D075FD3A3D22B

SHA256: DE15922575F3F5BC56F7528F7F8C7F33D70B3163A2B33B503CA8B7C3BC4492E8

  Referenced in post(s):

  Brute Forcing Enigma



byte-stats: Calculate byte statistics

byte-stats_V0_0_1.zip (https)

MD5: A884E999B58A54A1C2F83C8E592CD01B

SHA256: B9D55B02534F1B1C158CE9CB067F4E5B37E47FA2A6CA4677F0E29DD3A160731E



byte-stats_V0_0_2.zip (https)

MD5: E7225860207EB93F2F6C2A808C7FA720

SHA256: FD1D733B4DAC1B7FFAB5B6279619D8B97A76049C86C110DCFB5C3EDFA53F328D



byte-stats_V0_0_3.zip (https)

MD5: 4287A94EC56E0BF5A936C2A16DA7F2B4

SHA256: 310B15865B332FF62F2C70CE441D322491DB79BC5D1C8D8BBC9A7245005491B5

  Referenced in post(s):

  byte-stats.py



CASToggle: Utility providing more control over .NET CAS enforcement

CASToggle_V0_1_1_0.zip (https)

MD5: D565937B49DF96E6A8B88FEDCF15D82A

SHA256: 6DC6913136C74592C4833D1EEF5D70B4DA83AA9A111BC8DE6DDF16A709EF7E91

  Referenced in post(s):

  CASToggle



Challenger: Small program for simple reverse-engineering challenges

Challenger_V1_0_0.zip (https)

MD5: FC71CAA3F99CB6EE9094098D60B7E4C3

SHA256: 9CBE129AC7161B12FAE4A65078159350624703CB8A4604F63694322064A2962C

  Referenced in post(s):

  Challenger



cisco-calculate-ssh-fingerprint: Calculate the SSH fingerprint of a Cisco IOS device

cisco-calculate-ssh-fingerprint_V0_0_1.zip (https)

MD5: 5A6C3A2C466908EE7EFB06727E8D02B7

SHA256: 831CAF7BBF0F6C584436C42D9CEB252A089487B715ADBB81F9547EEB3ED6B0B8

  Referenced in post(s):

  Calculating a SSH Fingerprint From a (Cisco) Public Key



cisco-calculate-ssh-fingerprint_V0_0_2.zip (https)

MD5: C304299624F12341F9935263304F725B

SHA256: 2F2BF65E6903BE3D9ED99D06F0F38B599079CCE920222D55CC5C3D7350BD20FB

  Referenced in post(s):

  Update: Calculating a SSH Fingerprint From a (Cisco) Public Key



ClipboardTransformer: Clipboard utility

ClipboardTransformerBeta.zip (https)

MD5: FF653016801DA4D12F5BB852703E2D7D

SHA256: 2B9F54145F1396D7FEB259F987DA0315AB168F3FDA03EEEE5AF3BD046223AF7B



ClipboardTransformerBeta2.zip (https)

MD5: D52B3B1BF0D69F0376EA49CB1A6AC108

SHA256: 41392B9DD88B530B747CD9CC16CDC0AC724272B103D665F8BE65041C0AD86295



cmd-dll: ReactOS cmd.exe transformed into a dll

cmd-dll_v0_0_1.zip (https)

MD5: 4BC42E3744FA780C5C2442F7836B8287

SHA256: BC7656E52476387650E2894C6D3952807BED5D3BFCFCCC4516B44A60DBDB3563

  Referenced in post(s):

  cmd.dll



cmd-dll_v0_0_2.zip (https)

MD5: 9B3C1FA7EB7F7F8528D27CE2DD5C24B5

SHA256: 83D6397F4D75195C73394075522C1E7F5C96E1F3B5C4E70DAED34955C8B613C7

  Referenced in post(s):

  Excel with cmd.dll & regedit.dll



cmd-dll_v0_0_3.zip (https)

MD5: 88FB19DCB612F588CAF7508232F64DDE

SHA256: 111458061018D9133347D56CE9E58ADBC7CA167AD69E04F8036DFD5008ADEA99



cmd-dll_v0_0_4.zip (https)

MD5: D9D75A10F2C328B708303F9BD24B9AD3

SHA256: 952CFB833D4F22093D7DF837372239A1199C1738FFFFED76124AF8668F4D3877

  Referenced in post(s):

  Windows Backup Privilege: CMD.EXE



count: count unique items

count_v0_1_0.zip (https)

MD5: B96B5ECF9361D44D9366071C9C07FF86

SHA256: 102F346529F34C0EF932ADC3D3CF003ADBA2DFCD8BCE23DBF36425A555345DB5



CounterHeapSpray: Process hardening tool, my PoC for Microsoft BlueHat Prize Contest

CounterHeapSpray.zip (https)

MD5: 1947380F935AE0B1A8828DE79621F82F

SHA256: CA0BF635655EE05ABED117C858BC86ECDF3EBB4C39544D7D0C396D7C457F1BBC

  Referenced in post(s):

  My BlueHat Prize Entry: CounterHeapSpray



cut-bytes_V0_0_1.zip (https)

MD5: 48CEBD6748E152CBF619EF10B58E8DFF

SHA256: E99BC09DA0F1310085ED1520D52FB188D06456D030BD05A941FCE2B5FE21A661

  Referenced in post(s):

  cut-bytes.py



cut-bytes_V0_0_2.zip (https)

MD5: B70F851CE74859B38AC3ABA9688593EB

SHA256: 1A0BD64334DA90B21888020B383004A18C3BAEE211D24AA91FF12719F8581AE9

  Referenced in post(s):

  Update: cut-bytes.py Version 0.0.2



datapipe_V0_0_0_1.zip (https)

MD5: 5BF1594E8144B694431E7A7E3BDF33F7

SHA256: 57CD06EBFEC1C5C2661E44260A7304DFCDEEB2F54132E0627A474AF756AFA956

  Referenced in post(s):

  MVP – Promo – Datapipe.xls



defuzzer: Generate the original file by combining fuzzed files.

defuzzer_v0_0_2.zip (https)

MD5: 75188EF950625B78937C3473D825C582

SHA256: 056AB8BA7F3B2B52F8C7BFC2959D7F1AE3FEAC4BE90C675B2DFF6B521225D93E

  Referenced in post(s):

  The Art Of Defuzzing



DidierStevensSuite.zip (https)

MD5: 5CFAD64C3A9D03C44B8BEB8D7E9796CD

SHA256: B66CDAD0C5BEE30BC02135C0C2B9086A930C19D81E75CB8DDB338CF000D9DF78

  Referenced in post(s):

  Didier Stevens Suite



disinformational-tweets: Python program to Tweet (obsolete)

disinformational-tweets_v0_0_1.zip (https)

MD5: 36CDB584634ED299E7ACE0D64E846003

SHA256: C5FCE76443549C3A8882B799B6F7A754EF6AEE5F11F3E94FF255EE541205C17B

  Referenced in post(s):

  Quickpost: Disinformational Tweets



disitool: Tool to work with Windows executables digital signatures

disitool.zip (https)

MD5: 896121FBECEF00C4DE84743A13D3E696

SHA256: AFB374E06760470D070022BD97C518808545435910CF13472398B1FA15E50B9C



disitool_v0_2.zip (https)

MD5: 4C7196F5AD581275B8B8CBC4930FF338

SHA256: 075CED9FDD633A6D0A11029107206F845AF055AFC3872E7D82801A1D83AED64F



disitool_v0_3.zip (https)

MD5: 08D1CA036DC905D8E42AB3016A1B7821

SHA256: AEF923F49E53C7C2194058F34A73B293D21448DEB7E2112819FC1B3B450347B8

  Referenced in post(s):

  Disitool



DumpStrings: 010 Editor Script to dump strings (integrated since version 4)

DumpStrings_V0_0_1.zip (https)

MD5: 50C0C92F28020E7BCABBF46CA8775CCE

SHA256: 7EC688DBB0FD95C828067662C9ED8BBCFFEFBE5EA37B607DC8DFA1BDCB94365C

  Referenced in post(s):

  DumpStrings.1sc



EICARgen: Program to generate an EICAR file (EICAR AV test file)

EICARgen_V1_1.zip (https)

MD5: EACBE699FFB0B9B56B6F2BCDBA810D6E

SHA256: 5D44B15BDE92679DF0C216D5890C7EE9345B8782D25B01324B27CACAC918EFB6



EICARgen_V2_0.zip (https)

MD5: D346A3725622F981DDA7221799EF08E8

SHA256: 2DF76319D8513B1AD70D327816D3C1028B261EF1E314243DCD0DEC14FF1FC7CE

  Referenced in post(s):

  EICARgen: An Arms Race



EICARgen_V2_1.zip (https)

MD5: CE65A30355B059C4A099BEC6837DF19C

SHA256: 58CF69C21FF948B77055952E2F1681467DDB100FF5D90CA268B7A701167FCD3D

  Referenced in post(s):

  EICARgen



emldump: Analyze MIME files

emldump_V0_0_1.zip (https)

MD5: F31810449FB83ACF687BB994270E71C8

SHA256: 83647569AEBF85337B86F30ED3C55A085268D6C3B575225FE695C7A130D9A0E7



emldump_V0_0_2.zip (https)

MD5: 0EBFEC3A207B2629B702FF8D0F4F5406

SHA256: C1DC65DE5092C2F35C5EAE2E8CE38B531B8F28051195EE12B11ED8830C9B9896



emldump_V0_0_3.zip (https)

MD5: FB080006C2653F3A2AD6E889FC957D5F

SHA256: 0D55DE704BDE558B6E8E5F823C513F19F8A5FD5B2A97BB8BD5EBB5FAD18FA658

  Referenced in post(s):

  Release: emldump.py Version 0.0.3



emldump_V0_0_4.zip (https)

MD5: 79DF66048849439E6034F082606A37A1

SHA256: B4AFDE89B6F3B025595A6FD1ACC5F60498BF900D18E624F134F618115DAC0E08

  Referenced in post(s):

  Update: emldump.py Version 0.0.4



emldump_V0_0_5.zip (https)

MD5: 5FAEDF1459114306D57FEABEF3CDDEFD

SHA256: B3D08E1768E1211C44680DD502AC096A324FF209330657F4ABC0CD09B888254C

  Referenced in post(s):

  Update: emldump.py Version 0.0.5



EnforcePermanentDEP: Enable permanent DEP in the loading process (Windows XP)

EnforcePermanentDEP_V0_0_0_1.zip (https)

MD5: B0A89B0CE8DC5BA2472B3D744D40E4A3

SHA256: 525BA6EF82BD2B0ABD30DAD0D676CE085A9FA6E0DE3E3A8A0ADD6DF050F5A635

  Referenced in post(s):

  EnforcePermanentDEP



extractscripts: Utility to check HTML file and generate a separate file for each script in the HTML file

extractscripts.zip (https)

MD5: D40AFBB62A304C20B0BF06DA70B6DBF4

SHA256: 23245B1999973E6D8619BCEDB9090CF94D7ECD3F0865B1F47402AD77B18CD356

  Referenced in post(s):

  ExtractScripts



file2vbscript: Embeds executable into vbscript script

file2vbscript_v0_3.zip (https)

MD5: B6B364BE69F8B2A4D554E9196B3D5A6D

SHA256: 2091DDB9C4B9F0A7450DD7B9BF0731D4C9D38BD5B145C1B151FC2E508DEA0ADE

  Referenced in post(s):

  Quickpost: Embedding an Executable in a VBscript



FileGen: Command-line program to create test files of different lengths

FileGen_V1_0_0.zip (https)

MD5: 6AAAB254D4BB10AC6320C7106C04FA79

SHA256: D7BE1E64BAD8DE33EDAD6A218E0B8E4BC53E011E3B1175F05E384A63C4BF24D7

  Referenced in post(s):

  FileGen



FileScanner: Tool to scan files for patterns

FileScanner_V0_0_0_1.zip (https)

MD5: 9EE883A4E28A6D0649F6D7787BD76ED4

SHA256: 5AA71E6F4FED8E45A22B49FD9A0417933F7218AF9300FDEF24FEF696CF012F61

  Referenced in post(s):

  Introducing Filescanner.exe



FileScanner_V0_0_0_2.zip (https)

MD5: 9A89333C13DBB669A94226F57E5D919A

SHA256: 5F46312B06AE865957A36B95A4C2DDC41F20113B0E51B7F083A50929B38BD0F9

  Referenced in post(s):

  FileScanner.exe Part 2



FileScanner_V0_0_0_3.zip (https)

MD5: D9A7BA5874C10B10BF380D03E49C82A6

SHA256: C89FF7DBDB71A22E2A88C16ECD65E36619BD8EA39A77036404B6F4B1049D21E5

  Referenced in post(s):

  FileScanner.exe Part 4



FileScanner_V0_0_0_4.zip (https)

MD5: 4BB8F475328B9EB214E6B9405F84816E

SHA256: 5D3B1408C5D2BD17C0441D0D9D0DA565E8D690DE792971092956F4CA10D5A071



find-file-in-file: Check if a file is embedded inside another file, even non-contiguous

find-file-in-file_v0_0_1.zip (https)

MD5: 2984F01404770B92953823D39907B055

SHA256: 1AD124A9A31DACFE1FC9F3B89B3117D3A70D5BC15B712CC1748BEA893612686C

  Referenced in post(s):

  Finding Contained Files



find-file-in-file_v0_0_3.zip (https)

MD5: 8691158700079C786F6905F0CA0F32BC

SHA256: 84506CED140F309503E723831A9EFB99A8CC213532BEB56E00BC4BA5FE235797

  Referenced in post(s):

  Update: find-file-in-file.py Version 0.0.3



find-file-in-file_v0_0_4.zip (https)

MD5: CD381616158BD233D94B368554B824C6

SHA256: FD5C4E3EC99371754E58B93D3D96CBA7A86C230C47FC9C27C9B871ED8BFB9149

  Referenced in post(s):

  Update: find-file-in-file.py Version 0.0.4



find-file-in-file_v0_0_5.zip (https)

MD5: 1463DBAB808BBE40AC7919BC9A77303D

SHA256: C269B1995B61F0EDE24E4E9C64D5DD64E79B5ED6DD2126E94AF52E15D90C427F

  Referenced in post(s):

  Update: find-file-in-file.py Version 0.0.5



fuzzer: 010 Editor Script implementing a simple fuzzer

fuzzer_v0_0_1.zip (https)

MD5: E9B7114952E81A504C7CF3B06B99B5CF

SHA256: CF399EE2D86B6039236608F4FE882E579D7DCFED1DA980B4124ED06FD0C5807A

  Referenced in post(s):

  fuzzer.1sc



HeapLocker: Process hardening tool, a bit like EMET, but open source

HeapLocker64_V0_0_1_0.zip (https)

MD5: F3D43A29CE64F9418AA154C66B0B06A4

SHA256: 7EFF1D9EA20B522D76034DC4CB66E2FD7AC43E585987FC9ABF7EF8EB801FBC6C

  Referenced in post(s):

  HeapLocker

  HeapLocker 64-bit



HeapLocker_V0_0_0_1.zip (https)

MD5: EE0ED3FC2C9A5A3497A7286BFB476978

SHA256: C2B7F0BB8F1D1EDCCFCFE612412B40A12B89F4BE888BB50F872E04FD2F9BBA5F



HeapLocker_V0_0_0_2.zip (https)

MD5: 66204745155E8F75B9A152F2E8D416EB

SHA256: A334957AC8707DFC947C6B70F8F3D7337902969CFF3D6099597B3CB31BC3D4A8



HeapLocker_V0_0_0_3.zip (https)

MD5: F4F9AD7139C4D7FB3B0B149FA5961A56

SHA256: 7DD72256EE9C189A234234FD7758E9251F813FF253E0387C9D8188D8155FDDA4

  Referenced in post(s):

  HeapLocker



InstalledPrograms: List installed programs with Excel/VBA

InstalledPrograms_V0_0_1.zip (https)

MD5: 0BF27B9D4B6316381E0AADC1777B7F8F

SHA256: 60AF8234BD10E12221CAD3D2544222819CB0CC0834E339084590860F30E0D580

  Referenced in post(s):

  InstalledPrograms.xls



InstalledPrograms_V0_0_2.zip (https)

MD5: 383D9EC2B520E930A8484F1BD0B99534

SHA256: B174A5A9A366799B5C7CB99D6FD83643E5AE8155FBC52ADCEDA836FFF9281766

  Referenced in post(s):

  Update: InstalledPrograms.xls V0.0.2



InteractiveSieve: GUI tool to visualize and analyze logs, data, … by “sifting”

InteractiveSieve_V_0_6_0.zip (https)

MD5: 37DDEA0A289AB7E6F826A7BDF46B5C81

SHA256: 2AA5F24A3432C4D16837A7B9BA818D19C54C6047745A9B3E1DE30B51BE9B2AC5



InteractiveSieve_V_0_7_2_1.zip (https)

MD5: 0312B5884B59619AFD2BD8C2A087E333

SHA256: 79DF1AF0020B0A8174F1A745EFBC922509990CE643703E69FFDA96FA4ACD3D78



InteractiveSieve_V_0_7_3_0.zip (https)

MD5: F36B245584DE143A15F484AA6220D67F

SHA256: AE0804EA739AEDC5FA32B7F6FD99AB99A35F7742B98953A653E0C24725E0FE6F

  Referenced in post(s):

  InteractiveSieve



InteractiveSieve_V_0_7_5_0.zip (https)

MD5: F9E3D74F4BE3C140FA415C6E525A5346

SHA256: 1981665BEF13E52A03A53AD4755891D25AE6A3D8D986666107D295CE8AE31C02



InteractiveSieve_V_0_7_6_0.zip (https)

MD5: 37C18D2E41CB311442E033F253818057

SHA256: 5758289A939388FDB73617DAD686EBD2B79D1E48444A772946E7606DAF49DB05

  Referenced in post(s):

  Update: InteractiveSieve 0.7.6



js-1.5-mod: SpiderMonkey JavaScript interpreter modifications

js-1.5-mod-0.3.tar.gz (https)

MD5: 59D7C7F67903A00AFC97C9BEDD7E1F54

SHA256: B1B51F3FD357635AD6BE90D183416DAA7783972F9BAF15E36B0A5B9BF748A570

  Referenced in post(s):

  SpiderMonkey



js-1.7.0-mod: SpiderMonkey JavaScript interpreter modifications

js-1.7.0-mod-b.zip (https)

MD5: 85B369B5650D4C041D21E8574CF09B9A

SHA256: D3827DF7B2EA81EEE91181B2DE045320E1CFEC46EED33F7CD84CA63C3A36BC38

  Referenced in post(s):

  SpiderMonkey

  Update: SpiderMonkey



js-1.7.0-mod.tar.gz (https)

MD5: A64B079FAEFD6BA23CAC3FCC7EF41AC7

SHA256: 74DD063F13647505ABB11FA3D1A5D44DA35A3F73F18FE973F93FBA5E349B8BA9

  Referenced in post(s):

  SpiderMonkey



js-unicode-escape: 010 Editor Script to convert bytes to a Unicode escape encoded string for JavaScript

js-unicode-escape_v0_0_3.zip (https)

MD5: B86B7E73D93C5A4C086384C2FF89303C

SHA256: 81F26C328FD67FB7512CD60485481D7FFD8B7FE5ACE95455D45F4F635EADF81C

  Referenced in post(s):

  js-unicode-escape.1sc



js-unicode-unescape: 010 Editor Script to convert a Unicode escape encoded string to bytes

js-unicode-unescape_v0_0_1.zip (https)

MD5: E4FF29FB631142AC995636EED4CFB2AB

SHA256: C5659BCED1C6A7F92C2F7F9058DAA5807D2907283041E4F9DD1E4B6F318F2BBD

  Referenced in post(s):

  js-unicode-unescape.1sc



js-unicode-unescape_v0_0_2.zip (https)

MD5: 6200C4F235CA527E8C0DCD5076CB1C09

SHA256: 2CACC9EE1BB1D1BC4C9FABC6EC3B3440CFF304AA560966B0B531279C369549BB

  Referenced in post(s):

  Update: js-unicode-unescape.1sc



ListModules: Analyze digital signature of all executables in processes

ListModules_V0_0_0_1.zip (https)

MD5: 56D6BD9479915E6FF1C29A9D9F8F7950

SHA256: 43DFAD3F18C2F317E283BCDD453311BB17F6216C6748C25D102778DF63021069

  Referenced in post(s):

  ListModules V0.0.0.1



ListModules_V0_0_0_2.zip (https)

MD5: F1FDFAA37D23E3B61E2E1F018C1D2B83

SHA256: F0AE681AB70281920B219B6733A2F0D7BC8AE959621DC3107B49F1EED4A1E523



ListModules_V0_0_0_3.zip (https)

MD5: 872C03B1C3FACBA81B79BE3884466EC5

SHA256: FFFEC015E6F5916EEF018A5ABFDBB8FE45614DC8EDB23123523D3BBF9DD1C558



ListModules_V0_0_0_4.zip (https)

MD5: 36D05A56C06493A3EB1BAD6F9F5BB2E5

SHA256: FDB262E043F86EA4F147D50B2DD48707C63E0751B655AB3AF9577C1E54017CE6

  Referenced in post(s):

  Authenticode Tools



ListSharesSecurityWithWMI-VS2001: C# example for share security enumeration with WMI

ListSharesSecurityWithWMI-VS2001.zip (https)

MD5: A27793BB9C3F19AFB25F1F64CEBE5C94

SHA256: 10FF939F3B73BDF383EA330B89B5B3BD794FD78EA66DEE564C94380F1A9E7E5D

  Referenced in post(s):

  Programs



LNKTemplate: 010 Editor Template for LNK file format

LNKTemplate.zip (https)

MD5: CD7C486DBB9A1CA48D0A3CD67492B404

SHA256: EDECFE72280DB904969C599E313CB6DD93BB37A0B55B5786014DEC1BC1B61738

  Referenced in post(s):

  Quickpost: 2 .LNK Tools

  Quickpost: .LNK Template Update



LoadDLLViaAppInit: DLL to load other DLLs via appinit registry key

LoadDLLViaAppInit64_V0_0_0_1.zip (https)

MD5: 94C38717690CE849976883FFE4B22CA1

SHA256: 447C8F61A6398CBE6BD5E681FCE28C55D426D4E4EA49BBE367AE5B334B073A55

  Referenced in post(s):

  LoadDLLViaAppInit 64-bit



LoadDLLViaAppInit_FI.zip (https)

MD5: 2867B6AADF6C9FFA224D2D6A0153AD91

SHA256: E732451401B37087FAC619BD500E370FE3C21FB764F2E2E99C76EDBADEC86204

  Referenced in post(s):

  LoadDLLViaAppInit with FORCE_INTEGRITY



LoadDLLViaAppInit_V0_0_0_1.zip (https)

MD5: 60B93BAF4B0F973C3EC920F2F4A180E8

SHA256: 3B528A3BAF593A2740D5655CF18BC0932801D4DF1750DE8F9C8229C0FF51E8BE

  Referenced in post(s):

  LoadDLLViaAppInit



LoadDLLViaAppInit_V0_0_0_2.zip (https)

MD5: F458DAEAB1A3E68870EE0608E2A1FFFC

SHA256: 9C8BA52A68893F33E0019CC64264C24A7EEC09C5D0DAE6F43C110ACFD45E621F

  Referenced in post(s):

  Update: LoadDLLViaAppInit



LockIfNotHot: Automatically lock Windows computer when user walks away, requires IR thermometer

LockIfNotHot_V0_0_1.zip (https)

MD5: 188BE76E0A5BCCA26A8736F8F0C4061C

SHA256: CA915265D3B224DF3AA95E5C59B7C0E7EDF239DF50FC1C03F2C991A8B1800AD2

  Referenced in post(s):

  LockIfNotHot



lookup-tools: IP-address and hosts lookup tools

lookup-tools_V0_0_1.zip (https)

MD5: EB9C5BEF25EC5ED0F44297AA8A04679E

SHA256: 755E98BA0BC09C31E58ED4BF7B08CD42467BBF9B129C77DD6D558FD6B6E27124

  Referenced in post(s):

  Looking Up Hosts and IP Addresses: Yet Another Tool



lookup-tools_V0_0_2.zip (https)

MD5: 310904722F900FA34C567FC38634124E

SHA256: 85626574A99BF4D2AB786D8C2FF5B8F6649F1FC7410F1786A24EF0201AAF64AA

  Referenced in post(s):

  Update: Lookup Tools



LowerMyRights: Restricts the rights of an existing process

LowerMyRights_V0_0_0_3.zip (https)

MD5: FF937173AB1CD2C7A9DF050D7ADF0696

SHA256: 9AA83F24031029F60862CAAE477B02DF0C0887BD6E9078A1E186FEF6DF873253

  Referenced in post(s):

  LowerMyRights



make-pdf: Set of Python programs to generate all kinds of PDF files

make-pdf-jbig2_V_0_0_1.zip (https)

MD5: 334D59CE634914CA89661A6DE03CE78C

SHA256: 153AFCA0E5269477772D920DF230DB9ED1CDC9715F0FDF4A9572A679B24BD116

  Referenced in post(s):

  Quickpost: /JBIG2Decode Essentials



make-pdf_V0_1_0.zip (https)

MD5: 7682A66DCD0C3AF1D4A2AFA30D44AA8C

SHA256: 7E92B7EE4A3EE2FCFCAF0AC1398381E4F649A6E7C899351721D78D37D6018AA0



make-pdf_V0_1_1.zip (https)

MD5: 9AF2E343B78553021C989E8E22355531

SHA256: C604679ABEB0469C1463159E02E74F12487B2755A6096B416A8F4F638DEB8AA9



make-pdf_V0_1_2.zip (https)

MD5: 305D57692C27DD3CD91D8C85A3932948

SHA256: A030BBCB8B54137D8047A4CB5C350725599383A4B113CABBA8871AC221378C5B

  Referenced in post(s):

  Embedding and Hiding Files in PDF Documents



make-pdf_V0_1_4.zip (https)

MD5: D2630ABDE44DFFDD5640AEF391CE591D

SHA256: 11578A938F9FFCC16456519375AF8817C1F8F0D9C41C68BBF78882BFB36B8058



make-pdf_V0_1_5.zip (https)

MD5: A6B9C9C411EDE77B95541505DC713051

SHA256: FCA43E7A47248CAB0E7E553ACE293E3D669F6F553C4C53CEE53494FF8B0D91FC



make-pdf_V0_1_6.zip (https)

MD5: 85DA11252AD5990A1F5514BCD5D4501B

SHA256: EE23A178727C8505A864083EBA8B5464CC897D80FB8EE60D4C47B29810A056A1

  Referenced in post(s):

  PDF Tools



md5_authenticode: MD5 Authenticode collision PoC

md5_authenticode.zip (https)

MD5: 332078ECB5609A09F6412450EB41CAA8

SHA256: 72E54C3F052D7E8C7414F524CD40541244BB57D1F346477CFAFC037F42DA50AA

  Referenced in post(s):

  Playing With Authenticode and MD5 Collisions



MIFAREACR122: Python program to read and write 1K MIFARE RFID tags with ACR122 contactless reader/writer

MIFAREACR122_V0_0_1.zip (https)

MD5: 368BE885EF3BA0E8CBDA25F8EC022833

SHA256: D721EC111C2FC7D4A9CD0A1ED4DCF29554C68E56C6F4DA789A4228715A32D732

  Referenced in post(s):

  Shellcode On a MIFARE RFID Tag



my-shellcode: My shellcode collection

my-shellcode_v0_0_1.zip (https)

MD5: F215B29BA3C8F24CFBA5C24BED65B68A

SHA256: EA1DB8028954CEB18B8AD2EB37CA6BA0CD7CDC6B9A64F10561382152701C013F

  Referenced in post(s):

  MessageBox Shellcode



my-shellcode_v0_0_2.zip (https)

MD5: 324AC5DABA30198C66B58B234D4D8E80

SHA256: E947C6B3087008BFC6B327A8066D29DC4F0D3753032775A3A1B602436FF3EE0E



my-shellcode_v0_0_3.zip (https)

MD5: 914FB82B15D84108E023714DFF5B8658

SHA256: B72BD9DAAAD37100A6C011752E305FDDFED0F9C5ABB27EF1F19F24D05CB2C939



my-shellcode_v0_0_4.zip (https)

MD5: 79A46202171D558876F41E2A9352B301

SHA256: D7D3A06BC82CE5FA5082FAA2AB266F971A5C4DDEA06645B119975EDC100730A3



my-shellcode_v0_0_5.zip (https)

MD5: CFF4F0FB67C5ECCCB7EE5F3C35FB0578

SHA256: B0E444A16719B0196C4038B398DF0333D29B202283E523B1CF3D4267ECD4D0BB



my-shellcode_v0_0_6.zip (https)

MD5: B6BC3081E1D2CA823AC4F814FD972E6B

SHA256: 414E2A933DB6C6B7F3605834F18F52DC7F39113AC7F7120EBF91F2C30B749A1F



my-shellcode_v0_0_7.zip (https)

MD5: E3D7866D59506696C3CEDE97FA742997

SHA256: C575FC6128ED65F83C19B2E5E6AC5554B8C1D27F27EA16E5CDC147927AD2AF76

  Referenced in post(s):

  Shellcode



MyEFSService: PoC for Malicious Cryptography blogpost

MyEFSService.zip (https)

MD5: 457B7A671AC28C533BD3B6A62FD1DF13

SHA256: 2F2D9BDA5C00E7DA3619AD86EAA6B2DC302447FBDA67399263FA2A7F71281E46

  Referenced in post(s):

  Malicious Cryptography



MySafeModeService: PoC for Playing with Safe Mode blogpost

MySafeModeService.c (https)

MD5: 6A9EC31F58B803EDA6032BD5D3EB6996

SHA256: FDF45508EDC33896BB8C723492B82246AA75B5391FECF1B8ED9F5D4247739395

  Referenced in post(s):

  Playing with Safe Mode



NAFT: Network Appliance Forensic Toolkit

NAFT_V0_0_5.zip (https)

MD5: DDA7D6B34DD55895F144DD2E39A96455

SHA256: A8C08580447AB5F5DAD105BFF70E3CE8DC397DA81A08C2B344DE073D4B5296C0



NAFT_V0_0_6.zip (https)

MD5: 58FE5A59084B30843C44D0DF9A753B53

SHA256: 3970EE86A1747B22BE7427DD97D21398DCF3A32DBD22F11E58B5DDB10C55D362



NAFT_V0_0_7.zip (https)

MD5: 247DD8703F1AB1AEF0764367706EEA19

SHA256: 0CAAD5C024E16664F5EC36CDDB19F57D2EEA402DAFB72A259F1542C99D4CC11D



NAFT_V0_0_9.zip (https)

MD5: FEBBDB892D631275A95A0FEA59F8519F

SHA256: 95F42F109623F2BA6D8A9FFB013CBB0B5E995F02E5EB35F8E83A62B8CA8B86D0

  Referenced in post(s):

  Network Appliance Forensic Toolkit

  Update: NAFT Version 0.0.9



NetworkMashup: Network utilities (ping, DNS) written in Excel/VBA

NetworkMashup_V0_0_1.zip (https)

MD5: AE0CD3879483930B82500FA40D6ECF20

SHA256: B46C670B7677BD08DCFC8AF5E8C16881836A8BD29CC3F574F1CB4011828BDB39



NetworkMashup_V0_0_2.zip (https)

MD5: D6393F7A77517177DAE708019393E4FF

SHA256: 91983017EB2C069D6EE36EF7F0CE4043C3BA7E5CB7C46D86AE8C323D7EB27B81

  Referenced in post(s):

  Quickpost: NetworkMashup.xls



NewPasswordStats: Password auditing password filter

NewPasswordStats_V0_0_0_1.zip (https)

MD5: FAF362F49C7B3FA8CCE7AF600B6D91A8

SHA256: 3D9BBD195F55FBB8F6CE523B3E7BE95A531725570336C55911EE0F312FE95A4D

  Referenced in post(s):

  Password Auditing With a Password Filter



nmap-xml-script-output: nmap xml script output parser

nmap-xml-script-output_V0_0_1.zip (https)

MD5: 772B6371C1F5E27E68D9BF14955A02D4

SHA256: C86E42E7FA8EFA42C60062759E69DC8DE7F017D9113CF304D9515ACA59815790

  Referenced in post(s):

  nmap Grepable Script Output – Heartbleed



nocalcpoc: No calc PoC

nocalcpoc_V0_0_0_1.zip (https)

MD5: 05798543571B45E19536181DC7346330

SHA256: ED0FEDC6096420F6F09F4980A1CE36F7C4BC0A8C9191F4DFC27FA4C77D547976

  Referenced in post(s):

  Why Isn’t my PoC Launching calc.exe?



nsrl: NSRL tool

nsrl_V0_0_1.zip (https)

MD5: 5063EEEF7345C65D012F65463754A97C

SHA256: ADD3E82EDABA7F956CDEBE93135096963B0B11BB48473EEC2C45FC21CFB32BAA

  Referenced in post(s):

  nsrl.py: Using the Reference Data Set of the National Software Reference Library



nsrl_V0_0_2.zip (https)

MD5: 816DD5BEF94D289F489399A95824083D

SHA256: 65C4AF8F139651942062EB78D820AD3BE5DBEE2C4331B3105BAE62B220CD4F44

  Referenced in post(s):

  Update: nsrl.py Version 0.0.2



oledump: Analyze OLE files (Compound Binary Files)

oledump-beta.zip (https)

MD5: 6B2F81410C9DB409E55A05AEB2E8342B

SHA256: E80244C87E11E516F5D7245224828BA15C4079EFE16582FE785D6E307C04B657



oledump_V0_0_10.zip (https)

MD5: 450C28232254F8FF3AF5E289F58D2DAB

SHA256: 139671E5E69200CECCE0EF730365C1BF1B7B8904B90E3B1E08E55AB040464C73

  Referenced in post(s):

  Update oledump.py Version 0.0.10



oledump_V0_0_11.zip (https)

MD5: 02AEF764545213E1B1A5895AD0706F78

SHA256: 162EE94B1A4533956EE2CE0CB13ECDF2FF6C18A0597685E690B8524526FD694E

  Referenced in post(s):

  A New Type Of Malicious Document: XML



oledump_V0_0_12.zip (https)

MD5: 0AB5F77A9C0F1FF3E8BE4F675440A875

SHA256: 6F87E65729B5A921079B9E5400F63BE6721673B7AC075D809B643074B47FB8D3

  Referenced in post(s):

  Update oledump.py Version 0.0.12



oledump_V0_0_13.zip (https)

MD5: 6651A674F4981D9AEDE000C1F5895B69

SHA256: 4452DF48F7D852140B4CD662AD95C6BC695F5F04009B37A367EB392384935C51

  Referenced in post(s):

  oledump And XML With Embedded OLE Object



oledump_V0_0_14.zip (https)

MD5: 5ECD8BC3BD1F6C59F57E7C74DACCF017

SHA256: 7EEF509D84F7185C299A17882D3BD71481B7B1E41654F463F58492455FBDBD11

  Referenced in post(s):

  Update: oledump.py Version 0.0.14



oledump_V0_0_15.zip (https)

MD5: 3E3930262DF06AB96B576004F8C930A5

SHA256: 2E256ACB0E8DF4174B5EB3260EF832133556A1F9CDF27212A85CB01D278C152E



oledump_V0_0_16.zip (https)

MD5: 774BF99A8E0607C6B611F4DBF021638A

SHA256: 8C1F22E0EEDB2556641BAF5724A41E25B87AA9ECDF3FA13F175D7C81316ED7EE



oledump_V0_0_17.zip (https)

MD5: 5AF76C638AA300F6703C6913F80C061F

SHA256: A04DDE83621770BCD96D622C7B57C424E109949FD5EE2523987F30A34FD319E1

  Referenced in post(s):

  Update: oledump.py Version 0.0.17 – ExitCode



oledump_V0_0_18.zip (https)

MD5: 88C9999726C0157267E2FF31E137D66C

SHA256: 1FC9EE7A0BB5A016339C73CBE5DE2F2C0A9C006BC924A5F9346F9F4EDE060939

  Referenced in post(s):

  Dump Tools: Cut Cut Cut …



oledump_V0_0_19.zip (https)

MD5: DBE32C21C564DB8467D0064A7D4D92BC

SHA256: 7F8DCAA2DE9BB525FB967B7AEB2F9B06AEB5F9D60357D7B3D14DEFCB12FD3F94

  Referenced in post(s):

  Analysis Of An Office Maldoc With Encrypted Payload: oledump plugin



oledump_V0_0_2.zip (https)

MD5: B493FAB9AC85749D49C4E1843BE19961

SHA256: 27386E61E0B4744EB9363040649B53488DA9139B7C33AFAC6E329F8C777DAD1B



oledump_V0_0_20.zip (https)

MD5: 715B33E8E090F2A061DB2EA5A913055F

SHA256: 056CC911AEDFFB48B756F1B941E14660EBA8B613C65B1026F5DA77FB3047DAE3

  Referenced in post(s):

  Update: oledump V0.0.20



oledump_V0_0_21.zip (https)

MD5: F72CBB797CE8FB810ACE5E54DC832129

SHA256: 016C772575DF381C274F6408B242945DE35679904B7C8B1B693ABFB2B3C023FB

  Referenced in post(s):

  Update: oledump.py Version 0.0.21



oledump_V0_0_22.zip (https)

MD5: CA91850BBC92E82D705F707704000F82

SHA256: 16763BCF15BFB3301FFAE0BDA26F18EE2946EDD7478994B798127DBBEF5FF9E7

  Referenced in post(s):

  oledump.py

  Update: oledump.py Version 0.0.22



oledump_V0_0_3.zip (https)

MD5: 9D5AA950C9BFDB16D63D394D622C6767

SHA256: 44D8C675881245D3336D6AB6F9D7DAF152B14D7313A77CB8F84A71B62E619A70

  Referenced in post(s):

  Introducing oledump.py



oledump_V0_0_4.zip (https)

MD5: 8AD542ED672E45C45222E0A934033852

SHA256: F7B8E094F5A5B31280E0CDF11E394803A6DD932A74EDD3F2FF5EC6DF99CBA6EF

  Referenced in post(s):

  oledump: Extracting Embedded EXE From DOC



oledump_V0_0_5.zip (https)

MD5: A712DCF508C2A0184F751B74FE7F513D

SHA256: E9106A87386CF8512467FDD8BB8B280210F6A52FCBACEEECB405425EFE5532D9

  Referenced in post(s):

  Update: oledump.py Version 0.0.5



oledump_V0_0_6.zip (https)

MD5: E32069589FEB7B53707D00D7E0256F79

SHA256: 8FCEFAEF5E6A2779FC8755ED96FB1A8DACDBE037B98EE419DBB974B5F18E578B

  Referenced in post(s):

  Update: oledump.py Version 0.0.6



oledump_V0_0_7.zip (https)

MD5: 7A953BAFFA1E5285651699996FA2DF84

SHA256: F5DC5F650F005E530A7D0CF510C33E3A4EF29AD85B1DA2618B237F53A46B86B5

  Referenced in post(s):

  Update: oledump.py Version 0.0.7



oledump_V0_0_8.zip (https)

MD5: 29EBF73F5512B0BC250CD0A0977A2C72

SHA256: 09C451116FCDE7763173E1538C687734D92267A0D192499AFD118D8D923165B9

  Referenced in post(s):

  Update: oledump.py Version 0.0.8



oledump_V0_0_9.zip (https)

MD5: 849C26F32397D2508381A8472FE40F90

SHA256: 74887EA3D4362C46CCBF67B89BB41D7AACE9E405E4CB5B63888FEDCE20FD6A07

  Referenced in post(s):

  Update: oledump.py Version 0.0.9



OllyStepNSearch: Plugin for OllyDbg

OllyStepNSearch_V0_6_0.zip (https)

MD5: 6302043B90834E6EE39F720C94C9D772

SHA256: B46F3A03D6C459EC36571948D84D933E4339F225B561FAC04DE4FB4525E70C9C



OllyStepNSearch_V0_6_1.zip (https)

MD5: D32BA4B0042BF9342B05FCBC0CF573B6

SHA256: 61ACA61F3399322B797EB58425A13AF3E68EB590AC747D1D244385E0923ABA52

  Referenced in post(s):

  OllyStepNSearch



pcap-rename: program to rename pcap files with a timestamp

pcap-rename_V0_0_1.zip (https)

MD5: 5F844411E178909970BC21349A629438

SHA256: AB706DB3470A915A3031EC248B8DAF83C08F42DBF6AC2EACB1A2DB2493B0AEEE

  Referenced in post(s):

  pcap-rename.py



pdf-parser: PDF analysis program

pdf-parser_V0_2_0.zip (https)

MD5: 973E57E5EA8706F92EB0D6BA46EE9EFD

SHA256: 637C95018653C406F0A3AF62E72D9BF396C4AC56A8189586EB59467BD364A7D6



pdf-parser_V0_3_0.zip (https)

MD5: DC34F3B9E0436BA985B53DD44BEEBFA6

SHA256: 9DB432CDEA25E3408E07C612FED8A8B245EF378DDC737914F04248953567A691



pdf-parser_V0_3_1.zip (https)

MD5: 07CDA54844CD6567473CBF2B0DFC601C

SHA256: 7614AEC453502EEF43F9EA04A82092C4ACDD32AB86D1C4D744B7B590C74152EC



pdf-parser_V0_3_5.zip (https)

MD5: 07EA2C47766ADF248102E378C65D03F3

SHA256: 5EAD0F9BE9693EF836CF67FF2B796324ED5E7053D34BF4FA588D250A7DA2E761

  Referenced in post(s):

  Update: pdf-parser Version 0.3.5



pdf-parser_V0_3_7.zip (https)

MD5: BDC0E5A82EB6D7C287E7360D8901023D

SHA256: C83D39F8938A00A3EB2BDE3134EFAF3A2BE11E72C2C8A92841D4E1E82366D7E1



pdf-parser_V0_3_9.zip (https)

MD5: 6C91F8D4E8EA8BEF6F60CEDA4E1CDEA0

SHA256: 9D4549B6A93BF83EA74A905E3271272EBCEC6B6329867F1C0FCB59920C3C3CB4



pdf-parser_V0_4_0.zip (https)

MD5: 9C2680974DCF11714F743F6C7885A7FA

SHA256: 0035C2304FC85B696EB7E9E64B19A4E1EAE25BA4719D5B0FF91D7D306981CEE4



pdf-parser_V0_4_1.zip (https)

MD5: A0314C0CD8AAE376C7448E74D4A7472C

SHA256: 633B7400015B2C936103CC64C37435FB333B0F2634B2A6CD3A8949EAB1D18E9B

  Referenced in post(s):

  Update: pdf-parser Version 0.4.1



pdf-parser_V0_4_2.zip (https)

MD5: B0C8F02358B386E7924DACB3059F8161

SHA256: E90620320AF6ED8E474B42BF6850E246446391878F87AE34DCDBD1D9945A6671

  Referenced in post(s):

  pdf-parser: Searching Inside Streams



pdf-parser_V0_4_3.zip (https)

MD5: 2220FFE37AEA36FC593AE33440385E76

SHA256: 1416624938359FDD375108D922350D1B7B0E41B3A40A48F778D6D72D8A405DE6

  Referenced in post(s):

  Update: pdf-parser V0.4.3



pdf-parser_V0_6_0.zip (https)

MD5: 25CC4907B862259500A3EB73DE83BBFD

SHA256: 8902ABE1A9BDB61887D501546CCF333724BCF7B3E3E02CE2541BC311AD8E98DF



pdf-parser_V0_6_2.zip (https)

MD5: D6717F1CA6B9DA2392E63F0DABF590DD

SHA256: 4DC0136062E9A5B6D84C74696005531609BD0299887B70DDFFAA19115BF2E746

  Referenced in post(s):

  pdf-parser: A Method To Manipulate PDFs Part 1



pdf-parser_V0_6_3.zip (https)

MD5: 62D1AFACA8C124FB2AC279F22C088BB3

SHA256: 339E8D18BE21BAD6B2B33BDD29721F32624F3D842087D3AE353C6F8D6B92D185



pdf-parser_V0_6_4.zip (https)

MD5: 47A4C70AA281E1E80A816371249DCBD6

SHA256: EC8E64E3A74FCCDB7828B8ECC07A2C33B701052D52C43C549115DDCD6F0F02FE

  Referenced in post(s):

  PDF Tools

  Update: pdf-parser Version 0.6.4



pdfid: PDF triage program

pdfid_v0_0_10.zip (https)

MD5: A06B023457DACE24FDFBF537282E1A76

SHA256: 18D88B15C90504BE6A2FF2814BD15A7B20B945337252018A0072AEFD99D5AAC8



pdfid_v0_0_11.zip (https)

MD5: 99BFA4916EC5E005953E3D9D8AD96C83

SHA256: C831569C8139D5CA5709600B987C929716FE58B1DD6B65F18EC84473A83B4075



pdfid_v0_0_12.zip (https)

MD5: 628BB84D7A4FE1A32F23954DD067E667

SHA256: A10B3C0B9BFB467A2C4C2EE6C786CF5E98A7CAD32AC5BEA498DD9796031A77D5



pdfid_v0_0_2.zip (https)

MD5: 21093726A57F39E08A679A11B6616931

SHA256: C3B190DD5E07FCEA2954D5686096155B39B5CAB6A21C17DD0C8D1838CACD4ED3



pdfid_v0_0_6.zip (https)

MD5: CE809DAC132BA2BD1C74413F125C2A70

SHA256: 0DB423F0E01197977C676C14B5BDA2FBBC9840CDD86160716A43CED0F84753FE

  Referenced in post(s):

  Quickpost: Disarming a PDF File



pdfid_v0_0_7.zip (https)

MD5: 06DA1B6E621F373CBAF0F9514B3F433A

SHA256: 3AE403684F9EE141838C7CDAD674FCE06807C983C1078EC68EF94AF4A02823C0



pdfid_v0_0_8.zip (https)

MD5: 9769FB96899F3AD15510C903A4FB29EF

SHA256: 542734C2613439851AF99B59725B1607F96A6E9396B447C5BD3AF197AABB0231

  Referenced in post(s):

  Update: PDFiD Version 0.0.8



pdfid_v0_0_9.zip (https)

MD5: 1C731D6204C09AAFF219876A8FB5E834

SHA256: 24A9B16E67A84E85488A16879CB611128B2E5921044E48EFB60D784BD785CBD0



pdfid_v0_1_0.zip (https)

MD5: 6A5FF56C22EF2745C3D78C8FD8ACA01F

SHA256: D72FE8555DC89808EE7BFC9F791AD819A465106A95801C09C31B0FD2644B3977

  Referenced in post(s):

  Update: PDFiD Version 0.1.0



pdfid_v0_1_1.zip (https)

MD5: 069F0286A99AF03712DB2992B464833D

SHA256: 875CE564837D9B72BC3055A617795A96245D337CC20BEC235A2F6857F42C9114



pdfid_v0_1_2.zip (https)

MD5: 60FC17757201F014A6ADA0744B74A740

SHA256: 1CF36C50427A2206275C322A8C098CD96A844CAF6077B105ADE9B1974789856F

  Referenced in post(s):

  Update: PDFiD Version 0.1.2



pdfid_v0_2_0.zip (https)

MD5: D4D07B43961D548F428C5FF6236FD6DD

SHA256: 19ABC7F2B88A794A1718949020F88C80AAFA2DEC9D23891A1AF5EDF764AD1F40



pdfid_v0_2_1.zip (https)

MD5: 7463412536678B321276F8720F52DE81

SHA256: F1B4728DD2CE455B863B930E12C6DEC952CB95C0BB3D6924136A6E49ACA877C2

  Referenced in post(s):

  PDF Tools

  Update: PDFiD With Plugins Part 1



PDFTemplate: 010 Editor Template for PDF file format

PDFTemplate.zip (https)

MD5: C124200C3317ACA9C17C2AE2579FCFEB

SHA256: 24C4FEAD2CABAD82EC336DDCFD404915E164D7B48FBA7BA1295E12BBAF8EB15D

  Referenced in post(s):

  PDF Tools



pecheck: wrapper for pefile

pecheck-v0_4_0.zip (https)

MD5: 27041C56B80B097436076B7366A6F3B2

SHA256: F9C73ED054AE4D5E9F495916D1B028FD8D6E9B2800DCE1993E568E2A2BFD9A71

  Referenced in post(s):

  Update: pecheck.py Version 0.4.0



pecheck.zip (https)

MD5: EE42C8FF3C90B4F5466A9AEFD152156F

SHA256: 679690A1377617E9FEFF31F535A3CCBB3D951FFEBA697FBBD830D653D483AA65

  Referenced in post(s):

  Sampling a Malicious Site



pecheck_v0_3_0.zip (https)

MD5: C2AC9FED3C7F1787854C8D0E651B2591

SHA256: 3CDEBADA4C594DD3622E234747C6AABD41573C94087C0554CBA65D0472F6B413

  Referenced in post(s):

  pecheck.py



peid-userdb-to-yara-rules: Convert PeID userdb to YARA rules

peid-userdb-to-yara-rules_V0_0_1.zip (https)

MD5: D5B9B6FA7EC50A107A70419D30FEC9ED

SHA256: F8A12B5522B92AE7E3EDF11ACFAEEA7FDCC7FBDA8DC827D288A2D92B2B2CA5E2

  Referenced in post(s):

  Converting PEiD Signatures To YARA Rules



peid-userdb-to-yara-rules_V0_0_2.zip (https)

MD5: BE287BE1CB4EAFC360B1105C47F81819

SHA256: DC673DC90420F880EBDC8A0298410B3B8D90AFBCCE868A3E075DB5AAF898A188

  Referenced in post(s):

  Update: peid-userdb-to-yara-rules.py



PFTemplate: 010 Editor Template for PF file format

PFTemplate.zip (https)

MD5: 11F6BB8EC0D29CBCC7C2F269E9900AF0

SHA256: 4429380778C94E47427C1753BAF91E0D8AF78985AA9F3868CF3FC07456F7BAFA

  Referenced in post(s):

  Prefetch File 010 Template



PFTemplate_V0_0_2.zip (https)

MD5: 56A98A78BD4E8D1AED88385AF1DD8446

SHA256: E15D721E46FFB8158C6D14C9A38DE4E3DD5DCD0972896441DF17590C540DBCC3

  Referenced in post(s):

  Update: Prefetch File 010 Template



psurveil: Photo Surveillance for N800

psurveil-0.2.1-source.zip (https)

MD5: 0CFDCA784E15D45AB882BC5BB7E635ED

SHA256: 0A9132C7B4A72A1289652CC307F2C92B0DAD9BB43706CDEE90BCCA06440A0A60

  Referenced in post(s):

  Looking for N800 Beta Testers, No Voyeurs Please ;-)



psurveil-0.2.1.zip (https)

MD5: 6B0E8C000EA4FF7EBAA4E50A07589EB5

SHA256: B399FBDCED4F3F1CC79782652D30A9A9CD96FCE5F3F948493A0929C7DE3318FD

  Referenced in post(s):

  Looking for N800 Beta Testers, No Voyeurs Please ;-)



re-search: Program to use Python’s re.findall on files

re-search_V0_0_1.zip (https)

MD5: 5700D814CE5DD5B47F9C09CD819256BD

SHA256: 8CCF0117444A2F28BAEA6281200805A07445E9A061D301CC385965F3D0E8B1AF

  Referenced in post(s):

  Extracting Dyre Configuration From A Process Dump



regedit-dll: ReactOS regedit.exe transformed into a dll

regedit-dll_v0_0_1.zip (https)

MD5: A736AE075FE12656D4A8DB7421AB035B

SHA256: 8392D6C814670F7198BFFF9741F4589D806FFF1C89A964AD14C9DA4047F45C6F

  Referenced in post(s):

  Excel with cmd.dll & regedit.dll



RegistryScanner-beta.zip (https)

MD5: 5D05A681A5F3C51B61EE1D73BF76286B

SHA256: 6117206A039DA6248167506EA7AC42262F2AF58D2864EF11AEF433C77397D5FF



RTStego: Rainbow table steganography

RTStego.zip (https)

MD5: 8DE76B0E81314CF8614678621CB7D162

SHA256: E8E8AA7A397E576D2BEB761B045D974D4D25E22AC6E3680154940A586AFEB91F



rtstego2.zip (https)

MD5: E8C7CBDD6B5C2FF56A2BDC3B04401AFB

SHA256: 31CBEFDCB5C865E9AE243BC1C0261DD08CF1FFABE792AEAA9DE9F903E9CAECA9

  Referenced in post(s):

  Hiding Inside a Rainbow, Part 3



runasil: Launches program with a low integrity level

runasil_V0_0_0_1.zip (https)

MD5: 5B8CE64715903DD7EEF4AF3B89E6E6FD

SHA256: 15841A9D9985E626C5B70B4BC3B2BF2CD68C38102B6BB1D92BA352D19F5C8A65

  Referenced in post(s):

  Runasil



RunInsideLimitedJob: Start program and run it inside a limited job

RunInsideLimitedJob-DLL64_V0_0_0_1.zip (https)

MD5: A6048613CE00C9F401A8AC7943A451E3

SHA256: 279F6BE0EB124814D37A5E70F2D906B1756B27CDDC7E7AEA40B2B42B39C0CFCA

  Referenced in post(s):

  RunInsideLimitedJob 64-bit



RunInsideLimitedJob_V0_0_0_1.zip (https)

MD5: 90055BA2928D06EC7A883DEF6E7F37C6

SHA256: EF88A2963436F5893727A90413CE624B473352190E936E35EEF85E246655486D

  Referenced in post(s):

  RunInsideLimitedJob



SE_ASLR: Force ASLR on Windows Explorer Shell Extensions

SE_ASLR_V0_0_0_1.zip (https)

MD5: 9D6AE1A96D554AEE527EB802FE59FB20

SHA256: 8A6C1406A757CD9788A2630D76A497E2C058333EE4D44CA0B85B2A05A39F257E

  Referenced in post(s):

  Force “ASLR” on Shell Extensions



SE_ASLR_V0_0_0_2.zip (https)

MD5: C835D1DDB64A68A1CD48CCF87AE03D18

SHA256: 1560BEE96CFC956A5E8954FEFD92ED227293418B19FE6B06D4ED703B6C50F4AC

  Referenced in post(s):

  Update: SE_ASLR Version 0.0.0.2



search-and-replace-with-wildcards: 010 Editor Script for search and replace with wildcards

search-and-replace-with-wildcards_v0_0_1.zip (https)

MD5: 7D620E8BEFFD4ED5563D9944C9B0B859

SHA256: B7F074304660A8DBF7AB2261D8619FFFFD461EFB5EE4C6E42880C87A3C1A4AB7

  Referenced in post(s):

  search-and-replace-with-wildcards.1sc



SelectMyParent: Launch a program and select its parent

SelectMyParent_v0_0_0_1.zip (https)

MD5: AF327175764886FB41304F7BC157FC58

SHA256: 16F40EB7996BAC1084DA366B1CF89ADA40093099373DB1FDBAE81CDCA5D2B560

  Referenced in post(s):

  Quickpost: SelectMyParent or Playing With the Windows Process Tree



SendtoCLI: GUI tool for CLI commands

SendtoCLIBeta.zip (https)

MD5: F672206A863642E2706A328ECCC18AE2

SHA256: 3EAB27C2496233816AD76E0EB0E35D274D4C711D7EFF8AE236BF0154DE55A423



setdllcharacteristics: Tool to set DEP, ASLR, … flags of a Windows executable

setdllcharacteristics_v0_0_0_1.zip (https)

MD5: F96358BF90AA4D8C6B32968B2068BFCB

SHA256: 5A9D3815F317C7C0FF7737F271CE0C60BE2CB0F4168C5EA5AD8CEF84AD718577

  Referenced in post(s):

  setdllcharacteristics



shellcode2vba: Convert shellcode to VBA

shellcode2vba_v0_3.zip (https)

MD5: 44AF2685975346F9DE09E48E7FB855CE

SHA256: 04C42FA26717CCC7BC17A7BEDA02C746CA1A8BC8C6CE184670CD686796B5FF10

  Referenced in post(s):

  shellcode2vba



shellcode2vba_v0_4.zip (https)

MD5: DA1580DEF5B5CFF08ACF5FA921AF0822

SHA256: BDC0A5EC3E918B3DA27C392E1B2F909B7BDAD319C43A4250689DD38C81FF876F

  Referenced in post(s):

  Update: shellcode2vba.py Version 0.4



shellcode2vbscript: Convert shellcode to VBA

shellcode2vbscript_v0_1.zip (https)

MD5: AAB0431127C657C9A3EF67E1C73E6711

SHA256: D1CDDAFCB734EC3F35E558DECFF2EDB73DC0C394936814B602B605F09DE4A5E5

  Referenced in post(s):

  Shellcode 2 VBScript



ShellCodeLibLoader: ShellCode With a C-Compiler

ShellCodeLibLoader_v0_0_1.zip (https)

MD5: F6D4779097A8A11C412BDD47B7B1C8AE

SHA256: 3294A4322926476562AF34A80B8155638EFEEF38E401E69D6DB9BBB652C3EB58

  Referenced in post(s):

  Shellcode



ShellCodeMemoryModule: Generates DLL-loading shellcode from memory

ShellCodeMemoryModule_V0_0_0_1.zip (https)

MD5: CEABB3A8A9A4A507BA19C52EE2CC5DA9

SHA256: 284344C909E623B0406BB38A67F5A7A1AEE2473721244EED52CCEBB8846B0500

  Referenced in post(s):

  Shellcode



shift: 010 Editor Script to shift bytes in a file or selection

shift_v0_0_1.zip (https)

MD5: 0E98DD182D12839FD86A30E696414E0A

SHA256: 07D849E9E898AFA705E57474FADFF001C9CAF9DB1D51AD8C9EB7E9A2A765D714

  Referenced in post(s):

  shift.1sc



simple-shellcode-generator: Python program to generate 32-bit shellcode (assembler code)

simple-shellcode-generator_V0_0_1.zip (https)

MD5: 3A6D00C6EBC1F20589C952817174653E

SHA256: FEFD4059810DA7855CC3CBC6A198FD75607C4F7B7B2F71817689E1520B454C58

  Referenced in post(s):

  simple-shellcode-generator.py



snort-rules-V0_0_1.zip (https)

MD5: 526AAC1CE1E8576633498223DFA07E3D

SHA256: 7694E4E884E12068BC2A32714D3B0C48060B12C80E4093AFB6B1563E2EDA5E8D

  Referenced in post(s):

  Detecting Network Traffic from Metasploit’s Meterpreter Reverse HTTP Module



split: Split a text file into X number of files (2 by default)

split_V0_0_1.zip (https)

MD5: 49C0A77DA89376541073D09E010F7375

SHA256: 09D50C104AA4A32D963EB4254F48520ADB94A43BFF08FF68F8ADBA3C0ECC896A

  Referenced in post(s):

  split.py



ssltest.zip (https)

MD5: 1B50D6A10637BB6472ED541733BBE68D

SHA256: DA744643CF06645DA9C27A7DD62853E15123D7481AE5D6776E6393A6312847E1

  Referenced in post(s):

  Heartbleed: Testing From a Cisco IOS Router – ssltest.tcl



Suspender: DLL that suspends its host process

Suspender_V0_0_0_3.zip (https)

MD5: C87FCAB2586C6154B58FB0F95FBB1FBE

SHA256: 56D0C641569E99AC31C7590DE513025E21166747565B73C5EBE34346616FFB2F

  Referenced in post(s):

  Suspender.dll



Suspender_V0_0_0_4.zip (https)

MD5: 629255337FE0CA9F631B1A7177D158F0

SHA256: 8E63152620541314926878D01469E2E922298C147740BDEAF7FC6B70EB9305EF

  Referenced in post(s):

  Update: Suspender V0.0.0.4



TaskManager: Windows Task Manager written in Excel/VBA

TaskManager_V0_0_1.zip (https)

MD5: A0A7584C83F4DD85F57F8511E332893B

SHA256: A0A128DA6297968CB2F434628AD4F045E14EBDC8AE3B05DD3D0F21CC954C13CE

  Referenced in post(s):

  TaskManager.xls



TaskManager_V0_0_3.zip (https)

MD5: BF40B4317C7E04E1F65B8CEE55ED3A7A

SHA256: 0D48C2E6986F1DD8FA3A0671A1A53F0FC489923701963031FDC4FA516603EEC1

  Referenced in post(s):

  Update: TaskManager.xls Version 0.0.3



TaskManager_V0_1_0.zip (https)

MD5: 5ED2AB6036CA94FAC7DEE5352718D07C

SHA256: EBCF4832C4DBAB0AFE778E19423EBB56CA4644DA1FDB5B2EB1BB4C27A26DB18C

  Referenced in post(s):

  TaskManager Runs on 64-bit Excel



TaskManager_V0_1_1.zip (https)

MD5: 57D0ED69E034872DE7DF217DD491B732

SHA256: 08FD64B90E34150BD48A54904F04905D84249E7042BF31E6A5AA642B2B855D91

  Referenced in post(s):

  Signed TaskManager



TaskManager_V0_1_2.zip (https)

MD5: DEDB20DA6EE1A622DD3C234D07F5FE08

SHA256: 23EC10C7206BA43B56EF185E7C18EF528FD551FC0B34FFF9E4E183C37A114FF8

  Referenced in post(s):

  Update: TaskManager.xls V0.1.2



TaskManager_V0_1_3.zip (https)

MD5: 38DED14A7A468923C3552A6135CC570C

SHA256: CABD1F73C8D069A85EA439D7AFF736723B5759A6ED929FB3F21A4ADD3D0605BC

  Referenced in post(s):

  Update: TaskManager.xls V0.1.3 Killer Shellcode



TaskManager_V0_1_4.zip (https)

MD5: FBB30486CF0E7A1BEB7342EF4672DE52

SHA256: 30779E09B5B0D1D1AFE9C33B12EDD0982E775A9FA0B0D2A1189835004750FB5F

  Referenced in post(s):

  Update & Split: TaskManager.xls Version 0.1.4



TaskManagerSC_V0_1_4.zip (https)

MD5: 61C6657B2E36F3240A67960BCA413E56

SHA256: FAAB1044318A1EB6FEA09109ABDD982CDFFAEE54DC1C81D3416CC2A69DEEEC70

  Referenced in post(s):

  Update & Split: TaskManager.xls Version 0.1.4



TestIntegrityCheckFlag: Test program for Using DLLCHARACTERISTICS’ FORCE_INTEGRITY Flag blogpost

TestIntegrityCheckFlag.zip (https)

MD5: 7F6E9A0B0440BE80F2287AE4C30A5176

SHA256: 2E60E121C5AE9AFDAA7595E0A2177D65A1F08D39ADA4F1E14605749DEE22B3CE

  Referenced in post(s):

  Using DLLCHARACTERISTICS’ FORCE_INTEGRITY Flag



translate: Python script to perform bitwise operations on files (like XOR, ROL/ROR, …)

translate.zip (https)

MD5: B76FF05E3CB8015F716AC6BF0111BC5A

SHA256: F715854D5C0C7E280515B0A3496B8020C4170288BFA9930FDE58C380F2FB6670



translate_v2_0_0.zip (https)

MD5: 31739EEE90E303A8DA5A995344BA6F5B

SHA256: CFB11380C4193E91D7843F195D9EA086A59829F9CF3DF4016C12ACE8378B052C



translate_v2_1_0.zip (https)

MD5: AF8B1FB7A48AFC519F7656763A95980C

SHA256: 6C65ABE811263E1F687DEDB0A1064C141FFEEA5105BE3C925972BC0B9CE73FC0

  Referenced in post(s):

  Translate

  Update: translate.py V2.1.0



ultraedit_scripts: Collection of UltraEdit scripts

ultraedit_scripts_v0_0_1.zip (https)

MD5: C218BF518291499600B7B769AD3D14EE

SHA256: CE8FAFF9F7708B6CF596EE455735656F902C5DC99A47EB8AA35F217E6E03656C

  Referenced in post(s):

  UltraEdit Scripts



ultraedit_scripts_v0_0_2.zip (https)

MD5: 41AAAFEE0A7E5BAC98B754A57222C656

SHA256: 3977077CF09219E303A8F2E8FD8F6BD7784889EAA5EBBD502D3E84ACE195264B



UndeletableSafebootKey: Tool to generate an undeletable Safeboot registry key

UndeletableSafebootKey_V0_0_0_1.zip (https)

MD5: 2FAC291AD547657E31B157B8581D4601

SHA256: 7A1E42A57BBF8E804491318671AE992947C82DCC9C2001E3033B45E4AEAB2DDE

  Referenced in post(s):

  The Undeletable SafeBoot Key



USBVirusScan: Launch a program, like an AV scanner, each time USB removable storage is plugged-in

USBVirusScan_V1_0_0.zip (https)

MD5: CAC7ACD6F91C35BD5A4FBD9C3CFE92EC

SHA256: BBF6A971D55FF6A5A410C29E0A65E6D53F14F607C528BEDB39C14B90CB0C0CCE

  Referenced in post(s):

  USBVirusScan



USBVirusScan_V1_1_0.zip (https)

MD5: AEC062146B3CF589DDE43FB912A5C6C2

SHA256: 2DDA12E79B05762A8512F27CA2D706E0807BD3542ED6D9D05BE202B764739E5E



USBVirusScan_V1_2_0.zip (https)

MD5: 9E9BAD87B7A16A16597A6EAB6735DB11

SHA256: 629193F33D52281CC073CAAEE0BD77D42CE0863A1E92618636F3DE9A490443F7



USBVirusScan_V1_3_0.zip (https)

MD5: 603F5716EFA4AED4E874353767D32B79

SHA256: 88357BABAE2B19B37EA7C59E56A0230F0F88729DC9A709542538669856411C19



USBVirusScan_V1_4_0.zip (https)

MD5: DB12C83F3ABB8BF56AA21B34E36302B2

SHA256: FC0B850E8F7B5BAED18D10CC09290BBD6FE4E23437C4BE8BD2FE24B9FC7FDBCE



USBVirusScan_V1_5_0.zip (https)

MD5: 93CA837B23F8428CB7C6E93A5B0658EC

SHA256: 5BD2CAEC35FC6B58DF84C79AFEF62E8B8A3BF6F39E2674DCA795E40C61B193A7



USBVirusScan_V1_6_1.zip (https)

MD5: 66F4B177F43ACA511B39E06F3D9EBE84

SHA256: 4618247B522294CF0D6543006892E687A2E1E42C1481648EA829B88E1F58698E



USBVirusScan_V1_7_0.zip (https)

MD5: 84FCDF8FF85378425A3E3F532B7E62F7

SHA256: 26C7C9346AA3B5EB90BE4962CA7CC1EAA39902528D4C954290EBA36DC3122180



USBVirusScan_V1_7_1.zip (https)

MD5: A1BB3B6B92F435F12EB0C1AADA39A401

SHA256: BC79AEDB98A4DBA0AABC13C1448BF2D44B911C6AACC91CC7E1C3CF66656ABFCB



USBVirusScan_V1_7_2.zip (https)

MD5: BDEF7BAE13C10B2B6CD650A89FD910ED

SHA256: 0090C73D6A3725E75C3388387A7A9E869C5D6BEA83E0D4D612E1CB25458163F3

  Referenced in post(s):

  Update: USBVirusScan 1.7.2



USBVirusScan_V1_7_3.zip (https)

MD5: 82A6A55D377D4DD5A200392C4117E39C

SHA256: 13C1FE0DF02D600352A329D4866F76AF60BD837F50930013D2D98D5781348621



USBVirusScan_V1_7_4.zip (https)

MD5: D6893EBD33FFD13C08C32B05DCD534C9

SHA256: C8187C36CBF0F46AD2D999F4EA32E9E18EE05BE9A16D9589C12E3BF91DF0FB30



USBVirusScan_V1_7_5.zip (https)

MD5: 614F200C34C56C4E9FF44506B2776633

SHA256: F5525276A647747336106683D2E7DD17CDDF0E8D6580D15C0299931215954CCA

  Referenced in post(s):

  USBVirusScan



UserAssist: Decode the UserAssist registry data

UserAssist.cab (https)

MD5: DE9D576C0F5FF8D33E039A5064BD8AFF

SHA256: C2417FDA1FE76B12D54366941CB2765AB7825F78AEDF0221C20B262010EAF2CF

  Referenced in post(s):

  A Windows Live CD plugin for my UserAssist utility



UserAssist_V2_3_0.zip (https)

MD5: DAB8BC639839A0CC5328BFE83B1105E6

SHA256: 887227ECBA99AE6D35FADDD549755DFF77A76C9AD24AEE806188D441B4A0C53A



UserAssist_V2_4_0.zip (https)

MD5: 3DA55E23088F07641914E55099913FD4

SHA256: FD10329BE02AFE504C1407EA5A7E28982BBC81C135FBF2208A1DA1DC66BFA3BD



UserAssist_V2_4_1.zip (https)

MD5: 306AE2A04B4B81EAEDE7FD37FDDBB9A5

SHA256: 1FE21D7F77D82B624BB41CB34BE8B7341BC267292DFD6F2DAB9B4A1D2B0D2539



UserAssist_V2_4_2.zip (https)

MD5: C576E0A3F3C1999640D20C03AF815578

SHA256: B314140BEC313A227EF229F94BFE1ACA3D7308D29D7814439E51B3EBD571D1B4



UserAssist_V2_4_3.zip (https)

MD5: A5244C7F83E0DE70600E27F5D3B8AD7D

SHA256: 7E2D107BE84FBBF7E79F1BD11703401A374B5138B2F77E4FF8AFE1A3E749CCDA

  Referenced in post(s):

  Update: UserAssist Tool Version 2.4.3



UserAssist_V2_6_0.zip (https)

MD5: 04107FE15FC676B7A701760C9C6D2F81

SHA256: F6F73F4E00905A7727ED4136DE875DD1FBCF4B90FFEE4B93D4A46E58C0314D45

  Referenced in post(s):

  UserAssist

  UserAssist Windows 2000 Thru Windows 8



UserAssistWindows7LaunchParty.zip (https)

MD5: 2921432E1DC65C3A4D12F738372A02BE

SHA256: EB7ED7052F194B19B73E697467A1FE25D1DDF1D58F16CED60EC711EC97797667

  Referenced in post(s):

  A Windows 7 Launch Party Trick!



virtualwill: HTML program to store your will

virtualwill.html (https)

MD5: C5DA37020D74F96F4D3762C9557CD15C

SHA256: 59789A484F46072CE23C57005B81F487901DA6F2B5C80B018DE6C25A07EE26C0

  Referenced in post(s):

  The Ultimate Disaster Recovery Plan



VirusAlert: C# PoC program that monitors the event log for virus alerts and displays customized messages for the user

VirusAlert.zip (https)

MD5: 2812C7377C9A6D185DE2F3D0B004FCC9

SHA256: 20255CEBC3341F4E28C5ABC75D388291CB5DD270109A04F35B95F5140E170BD2

  Referenced in post(s):

  Customized Anti-Virus alert messages



virustotal-search: Search VirusTotal for provided hashes

virustotal-search_V0_0_1.zip (https)

MD5: 0F3A1E18C79DFDB143CCC2F860E2C4B2

SHA256: BD213BBC55A9048DBB7B890209E2831EF81049B45ABE9091E01F0692F4F23283



virustotal-search_V0_0_2.zip (https)

MD5: 0D3C70213DD59CC935ED999A038237D6

SHA256: 83DBC2428901CA2AE308D6A2863EB3B0FDC170C3F0801FC755FF4EA7AAE5ADE1

  Referenced in post(s):

  Searching With VirusTotal



virustotal-search_V0_0_3.zip (https)

MD5: 89D48483B8CF48A11A26314CC3A7631C

SHA256: A66A264A772CB9AEE356E1CF902E93FCA8CDE77233A09DB4999BCF15FA45EDF9

  Referenced in post(s):

  Update: virustotal-search



virustotal-search_V0_0_8.zip (https)

MD5: 011C88A9C9026A32DA473187A64E880C

SHA256: 30711202BB0CD01A17AFA7BB8BBFE1545B6A840BDB91D83C7753300EF7E71A8F

  Referenced in post(s):

  VirusTotal: Searching And Submitting



virustotal-search_V0_0_9.zip (https)

MD5: FECD02796889CDFE9FA67287F2DE567C

SHA256: 0CE06CBAFC6341835EB8A62377F5C4EB067747EE28E7ED8BB25FD69A4B99FA97

  Referenced in post(s):

  Update: virustotal-search.py



virustotal-search_V0_1_0.zip (https)

MD5: 0141D3677F759317034C416EBF9FF30D

SHA256: FE07859C3FA09DA120D3104FF982AF0D78ADFCF099A10E46E254823502DF4EE4

  Referenced in post(s):

  4 Times Faster virustotal-search.py



virustotal-search_V0_1_1.zip (https)

MD5: 67571F6926D0D652FD5E39019A503DB5

SHA256: E576E67AB3F91625942B93B106E94EFEFE769B4F19A3CD8BA1E1D506786F658F



virustotal-search_V0_1_2.zip (https)

MD5: 62C8031738E6E20FEC38337010496DF6

SHA256: 317AF862A62CF78FC58604EDB77AA3C00EC1543D2337EC634749C25CC5E4908C

  Referenced in post(s):

  VirusTotal Tools

  Update: virustotal-search Version 0.1.2 Daily Quota Handling and CVEs



virustotal-search_V0_1_3.zip (https)

MD5: 6D93F6CCE56AA74C830D66F9AE2E88C0

SHA256: 09D3BA6BCE1A69E8292AD0D44FB216FBCBF5686EA3C64DCD5FC877E91D4141F4

  Referenced in post(s):

  Update: virustotal-search.py Version 0.1.3



virustotal-submit: Submit files to VirusTotal for scanning

virustotal-submit_V0_0_1.zip (https)

MD5: 8793C3276822DDE36BA0804D3390AD4D

SHA256: F17B9EEC408833039AE63FCED9F6114F99AADFBE9D547AE88B2C3A6E54AE91B4

  Referenced in post(s):

  VirusTotal: Searching And Submitting



virustotal-submit_V0_0_2.zip (https)

MD5: 1152A8507FE7A668DCDF5C44DEAD11DF

SHA256: D5A4E5C3E80F98D4A82A128D8C9DBA395C2B9CDFE9F37E2B0882904D47673CE5

  Referenced in post(s):

  Bugfix virustotal-submit.py Version 0.0.2



virustotal-submit_V0_0_3.zip (https)

MD5: 3F9F5421F711E2930AB6F80D87DF9E2B

SHA256: 37CCE3E8469DE097912CB23BAC6B909C9C7F5A5CEE09C9279D32BDB9D6E23BCC

  Referenced in post(s):

  VirusTotal Tools

  Update: virustotal-submit.py V0.0.3



vs: Python program to take surveillance pictures from IP-cameras

vs_v0_2.zip (https)

MD5: DB806B49705D544F4B928A8F76622125

SHA256: 042FA2CE1F5AEBD433D59B9D4755783E6CE58014FE59086C6A2A8E8781C63B45

  Referenced in post(s):

  Quickpost: More Picture-Taking with Python



vs_v0_4.zip (https)

MD5: A2AFAD9E581798F1D986A0AE9DF64577

SHA256: C3AC4892A71DF79E3BA87714CB6323D157C7E74C838EDE81013C96DD4EAD0238

  Referenced in post(s):

  Update: vs.py



vs_v0_5.zip (https)

MD5: 83B6DE93E6E26B510E2FBC80C0FF3C17

SHA256: DE3D4DC8D00692BE57F4A8B0A13BB4E3FAE9564ECE444EA04A890B65EED2D538

  Referenced in post(s):

  Update: vs.py Version 0.5



whoami: Firefox addon to identify your profile

whoami_-0.1.0-fx.zip (https)

MD5: A786464D84C4AFD09FB76467EE8AB27C

SHA256: 735B7B883ED673C3FDD439E9B3B61714ED742250B7AA43AA9CDA123CD8C4A7EC



whoami_-0.1.1-fx.zip (https)

MD5: BFFA2F2518146347D2067BFAA002D523

SHA256: FA90B8B4F3AB2A8CD34A2978C6C042D74BE24DC99B88840BA892DC21FC7FF90F

  Referenced in post(s):

  WhoAmI? Firefox Extension



whoami_-0.1.2-fx-puzzle.zip (https)

MD5: 2D68D7782B0D2249C10B5BE9AEBD9A51

SHA256: 7D9CEFEB78B6E028CE153CAF42A0D128CA8352B60886E799BF3963E1A217113F

  Referenced in post(s):

  A New Version of WhoAmI? and Another Little Puzzle



whoami_-0.1.2-fx.zip (https)

MD5: 0A366D2D56FC93F3A3314C09732E2377

SHA256: C53FF78CBD84F7F4E7F302D95F094456F3D20E8681B0394CA261A066265B202D

  Referenced in post(s):

  A New Version of WhoAmI? and Another Little Puzzle



whoami_-0.1.3-fx.zip (https)

MD5: 624548E28B6AADB6E4E7F2CA35CA62DC

SHA256: BB3BFEFBBBD3AD5CDB2698375579DEF171433EE31DB661174F6475A4DEC5B181

  Referenced in post(s):

  Update: WhoAmI? Version 0.1.3



whoami_-0.1.4-fx.zip (https)

MD5: 7FFB2092549079A111C09A7E4A5EFE10

SHA256: CF9EAD524AEE04F1AD8F9893CF9DC558D03FABC25875B6BB52CAC567E3C1465E



wireshark-export_v0_0_1.zip (https)

MD5: B339EFD0898B6506CBEAAFCBCE08B3A6

SHA256: 557B39246FAC3BD91CE24EAD3DF07F8B68100778241393A26C67A566756C404B

  Referenced in post(s):

  Wireshark-export



wireshark-lua-dissectors_V0_0_1.zip (https)

MD5: F1F9F1E70CDC5B9931D6086E633698BB

SHA256: B608A83409F2EB3D15155845D4DA5473230DCD970A18AB3DCD28A7C4211478D0



wireshark-lua-dissectors_V0_0_2.zip (https)

MD5: 0C4891A9F6E7CEB809C98439D227A6DC

SHA256: D5470327788FD31DDC8067C86AE1A78262010399058963E3187DD1AB6C4F4DEE



wireshark-lua-dissectors_V0_0_3.zip (https)

MD5: 73F9BB860F2204DBDE7FF3A7E5CA413F

SHA256: 900A21C862973294AB25A8966299386BD058A352CEA21CA97BA546DA12964465

  Referenced in post(s):

  TCP Flags for Wireshark



wireshark-tools-v0_0_1.zip (https)

MD5: 30232A81CBD0DEE275C2A3CDAF7E333C

SHA256: E45CE8AF5417A8A1C857FDF84F2FD92860738CF2E723A64A730F606D2C495064

  Referenced in post(s):

  The Credentials Listener



wireshark-tools-v0_0_2.zip (https)

MD5: 0099A5AA5CBBF0789BCA2FCD9468153D

SHA256: 2C367B872E3DBEAAA58F85D424F8342AB67B20FAF5E63159B4E958B2BFD166D8



WMFTemplate: 010 Editor Template for WMF file format

WMFTemplate.zip (https)

MD5: F3B1480744EDED9A07DE060EE04B3F33

SHA256: 9F441E5E37A93F36222307902FE167DA3D0C11EFCC63D30528928053D4798082

  Referenced in post(s):

  Analyzing a Suspect WMF File



wmi-sc: WMI script for Security Center data

wmi-sc.zip (https)

MD5: 116274B40CDC5E82D9B5C7A9FFF24F2B

SHA256: 6994694B622C047DFE25EED0022CECAE235BEB4CED3E2981965721568DC0C8D3

  Referenced in post(s):

  Windows Security Center: Under the Hood



wsrradial: wi-spy radial WiFi plotting tool

wsrradial.zip (https)

MD5: 1BFAEC5138F76AE567BE460B1267E8BC

SHA256: B3BFEF73628388E58E13DC1E1D7BED1AED3204F03AAF3A2175F2C863E6D83FF2

  Referenced in post(s):

  wsrradial



wsrtool: wi-spy wsr files tool

wsrtool.zip (https)

MD5: 2781D0ED2EF6A490C5C8A857E4FD4350

SHA256: 3B2E076EBA9E73EAF8E7D70C1B155E087D9642822AD4C48FE9A82282D9CFAC3A

  Referenced in post(s):

  wsrtool



wsrtool_v0_2.zip (https)

MD5: 812ED5DA71AFEB55627540CB69657FF5

SHA256: 0FB288F02452D0927F9D8C36A4FADA89B4125852CBE6D0EB6FF7ED89D66F83EE

  Referenced in post(s):

  Update: wsrtool



xor-kpa_V0_0_1.zip (https)

MD5: 4265BB1AFCD470A98070FFBDFCB1B52A

SHA256: CF41CEDE7281459FA47061B366AA9B4A5F579CC9BA46E73098B52EA8CAB6E816

  Referenced in post(s):

  XOR Known-Plaintext Attack



XORSearch: Bruteforce a file for XOR, ROL, ROT, SHIFT, … encoding and search for a string

XORSearch_V1_0.zip (https)

MD5: 3BECC4447C7318E4122503AD20606E93

SHA256: E6A52997C5AE7F2DBF32D1400FE4726314B0D9E2A369932FE46C5542EDB98B87



XORSearch_V1_10_0.zip (https)

MD5: 23809A03C63914B0742B7F75B73E1597

SHA256: 97BFBC5E8C59F60E10ABDA2D65DF4200B10BE14662D4A447797B341C9AAE17D8

  Referenced in post(s):

  XORSearch: Finding Embedded Executables



XORSearch_V1_11_0.zip (https)

MD5: 7313A198033C0A1F69B79F96894462C7

SHA256: 1700D037D7A9902108F3986D75A9BA250ACBD96E38CC43C5B4BC1FB90761B320

  Referenced in post(s):

  Update: XORSearch With Shellcode Detector



XORSearch_V1_11_1.zip (https)

MD5: D5EA1E30B2C2C7FEBE7AE7AD6E826BF5

SHA256: 15E9AAE87E7F25CF7966CDF0F8DFCB2648099585D08EAD522737E72C5FACA50A

  Referenced in post(s):

  XORSearch & XORStrings

  XORSearch: Hexdump Support



XORSearch_V1_1_0.zip (https)

MD5: 6783AE78ECCE5FEBA3FF6128D0BB0FA8

SHA256: 819CC5BF930059EB8A19C95C6C5BE8EC5722BBC79A843DA8D198603B23FB09BE



XORSearch_V1_2_0.zip (https)

MD5: F4AECC366048AA429A1FE1E6EA220C8E

SHA256: 04AACEED17AFA98283110BDE49B6A72988BCE0E2328575F37253DB3958E03AD2



XORSearch_V1_3_0.zip (https)

MD5: 0A1F5DD50924E574A6624DF872A98C78

SHA256: FFC7E2D48512DB0BD2F13A0074E374E1BFE658A620A40E38FC451E07C9F7807C



XORSearch_V1_4_0.zip (https)

MD5: AA04084644BD49174CDD41020E16396E

SHA256: 6E41A34C1867F78FC28533FFBDC793AD46C5F927088CBF9828D9A774BB2D7986



XORSearch_V1_6_0.zip (https)

MD5: F672F95F49DD72ECCF93D1779BB0EBCC

SHA256: B2D0E60C5A04164E176A3B3CA8C91631FFE145D3E4DFE0118C091262626B6242



XORSearch_V1_7_0.zip (https)

MD5: EA4C659568720CE69EC5DF6EA5688C3F

SHA256: E14584DE3ECE565CFCA2D1D193E6F6DCD0348FE6C80F949784CF3F4F56191E69



XORSearch_V1_8_0.zip (https)

MD5: 0C252EDEBC85D8F0F9DDB8D1AA11E12E

SHA256: C193D8275C80BE64D7734D8464C7F7F4AA394A983BC4939D531DD488E8550E66



XORSearch_V1_9_0.zip (https)

MD5: 6DA3B4ADD5187067D26FEBFD341502CA

SHA256: DC9283222D68696E67ED7D8BCBFD043F1ABF2B67C8DB8E9B29072948EFD3890D



XORSearch_V1_9_1.zip (https)

MD5: A2B82226E7B5D38BEF0981A815A96864

SHA256: BD6D9A88E673119D37A52D2F224A12B2F7CCABC1EB84D1F75CA3DE1D172E6DEB



XORSearch_V1_9_2.zip (https)

MD5: BF1AC6CAA325B6D1AF339B45782B8623

SHA256: 90793BEB9D429EF40458AE224117A90E6C4282DD1C9B0456E7E7148165B8EF32

  Referenced in post(s):

  Update: XORSearch Version 1.9.2



XORSelection_V3_0.zip (https)

MD5: EAF49C31C20F52DDEF74C1B50DC4EFA1

SHA256: 755913C46F8620E6865337F621FC46EA416893E28A4193E42228767D9BD7804A

  Referenced in post(s):

  XORSelection.1sc



XORStrings: Bruteforce a file for XOR, ROL, ROT, SHIFT, … encoding and dump strings

XORStrings_V0_0_1.zip (https)

MD5: 27DA0B3BC5296179CB58181BDFF99F8D

SHA256: 5EA7E063A41E38E9E6277F1CD73FCEA2AEF50C33C44D75C226900314FF84A1B5

  Referenced in post(s):

  XORSearch & XORStrings

  New Tool: XORStrings



yara-rules-V0.0.1.zip (https)

MD5: 4D869BD838E662E050BBFCB0B89732E4

SHA256: 0CA778EAD97FF43CF7961E3C17A88B77E8782D082CE170FC779543D67B58FC72

  Referenced in post(s):

  YARA Rules



yara-rules-V0.0.2.zip (https)

MD5: 701B40BB29D8D05EB0C76DFD4F48F9F5

SHA256: E040D142B091FD41640431FF692D924BD7C74AA42D348A6BD2C510B4C3A1698D



yara-rules-V0.0.3.zip (https)

MD5: EC51148410A3581320C51D6038B2C892

SHA256: 3E7A2AA90B0E4E851D58D4E8B69176C2903ACDD6B181A07EE51E2D13B96AC788



yara-rules-V0.0.4.zip (https)

MD5: 0B56680932AE24B57FCA998FBC60A0D4

SHA256: 369B0E9A51976FE4F08F7FA08834889B81216E97720307BDBAAF0F68E4E83211



yara-rules-V0.0.5.zip (https)

MD5: 298EB636B3A3CB6A073815A83A6D1BA6

SHA256: EA00D044A3A0FE29265817407E382034593E0DAAD9887416E7FC128DA24B8830

  Referenced in post(s):

  YARA Rules

  Update: YARA Rule JPEG_EXIF_Contains_eval



zipdump: ZIP dump utility

zipdump_v0_0_1.zip (https)

MD5: 72594B985FDBE326C6852D9E34DFFA73

SHA256: 7BD6377885A218D691077C837BBCB33B0DC3BA1C673495EF6CE8A5C5C5E8E8AB



ZIPEncryptFTP: Zip files, encrypt ZIP file, upload via FTP

ZIPEncryptFTP_V1_2_1.zip (https)

MD5: 8C11212F459BF9D540F53D1213BC1323

SHA256: 90BA06D33B09F1E0150830A243FDBB052D4AD24CAC5403847A39995DDD1F6929

  Referenced in post(s):

  ZIPEncryptFTP



ZIPEncryptFTP_V1_2_1_Source.zip (https)

MD5: 75DC4992552A1A07F634A989D5E1436B

SHA256: A575D77D96C089CDA54E9EC2054B200B6C50830206E2498D40D9A0333A60F52C

  Referenced in post(s):

  ZIPEncryptFTP


7 Comments »

  1. Hi I saw you XLS its really impressive .

    Comment by sanjay — Thursday 12 May 2011 @ 13:47

  2. good day sir, I’m from the Philippines and running a small coin operated computer cafe. Players/user in my shop can now disable/stop the timer using your post here. http://blog.didierstevens.com/2012/05/01/update-taskmanager-xls-v0-1-3-killer-shellcode/. I was just worndering if you could show me how to restrict this from running. I know nothing about codes I’m just a small fellow who wants to earn money to support my family..
    Thank you and have a good one..

    Comment by reo — Tuesday 12 November 2013 @ 20:47

  3. @reo You can restrict this by disabling Excel macros, or uninstalling Excel.

    But that is not the root cause. The root cause is that a user in your cafe has the right to open the timer process. This is because a) users are running as local admin or b) the timer process is running with the account of the user.

    So you should resolve a or b.

    Comment by Didier Stevens — Thursday 14 November 2013 @ 0:15

  4. […] I finally compiled a list of the software I published. You can find it under My Software. […]

    Pingback by My Software | Didier Stevens — Wednesday 26 February 2014 @ 21:33

  5. […] tools have a dedicated page, but even more tools have no dedicated page but a few blogposts. Check “My Software” list for the latest […]

    Pingback by If You Have A Problem Running My Tools | Didier Stevens — Monday 20 July 2015 @ 0:00

  6. Hi Didier.. this stuff is fantastic. Have you considered adding your tools to a “suite” that could be downloaded for those of us who want to keep all of your very handy stuff on-hand?

    Comment by Chad — Thursday 6 August 2015 @ 8:21

  7. @Chad I did, I call it Didier Stevens Suite http://blog.didierstevens.com/didier-stevens-suite/

    Comment by Didier Stevens — Thursday 6 August 2015 @ 8:32


RSS feed for comments on this post. TrackBack URI

Leave a Reply (comments are moderated)

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

The Rubric Theme. Blog at WordPress.com.

Follow

Get every new post delivered to your Inbox.

Join 375 other followers

%d bloggers like this: