Didier Stevens

My Software

This list is a work in progress. It will list all my published software with cross-referenced blogposts.

Applications:
AnalyzePESig: Analyze digital signature of PE file
apc-b: Send beacon frames with AirPcap
apc-channel: AirPcap channel hopper
apc-pr-log: AirPcap probe requests logger
Ariad: Tool (driver) to prevent inserted USB sticks from executing code
avr-teensy-pdf-dropper: WinAVR PoC to program Teensy to drop PDF file
BinaryTools: simple binary tools: reverse (reverses a file) and middle (extract sequence from file)
bpmtk: Basic Process Manipulation Tool Kit
BruteForceEnigma: C# program to bruteforce ENIGMA encoded text
CASToggle: Utility providing more control over .NET CAS enforcement
Challenger: Small program for simple reverse-engineering challenges
cisco-calculate-ssh-fingerprint: Calculate the SSH fingerprint of a Cisco IOS device
cmd-dll: ReactOS cmd.exe transformed into a dll
CounterHeapSpray: Process hardening tool, my PoC for Microsoft BlueHat Prize Contest
defuzzer: Generate the original file by combining fuzzed files.
disinformational-tweets: Python program to Tweet (obsolete)
disitool: Tool to work with Windows executables digital signatures
DumpStrings: 010 Editor Script to dump strings (integrated since version 4)
EICARgen: Program to generate an EICAR file (EICAR AV test file)
EnforcePermanentDEP: Enable permanent DEP in the loading process (Windows XP)
extractscripts: Utility to check HTML file and generate a separate file for each script in the HTML file
file2vbscript: Embeds executable into vbscript script
FileGen: Command-line program to create test files of different lengths
find-file-in-file: Check if a file is embedded inside another file, even non-contiguous
fuzzer: 010 Editor Script implementing a simple fuzzer
HeapLocker: Process hardening tool, a bit like EMET, but open source
InstalledPrograms: List installed programs with Excel/VBA
InteractiveSieve: GUI tool to visualize and analyze logs, data, … by “sifting”
js-1.5-mod: SpiderMonkey JavaScript interpreter modifications
js-1.7.0-mod: SpiderMonkey JavaScript interpreter modifications
js-unicode-escape: 010 Editor Script to convert bytes to a Unicode escape encoded string for JavaScript
js-unicode-unescape: 010 Editor Script to convert a Unicode escape encoded string to bytes
ListModules: Analyze digital signature of all executables in processes
ListSharesSecurityWithWMI-VS2001: C# example for share security enumeration with WMI
LNKTemplate: 010 Editor Template for LNK file format
LoadDLLViaAppInit: DLL to load other DLLs via appinit registry key
LockIfNotHot: Automatically lock Windows computer when user walks away, requires IR thermometer
lookup-tools: IP-address and hosts lookup tools
LowerMyRights: Restricts the rights of an existing process
make-pdf: Set op Python programs to generate all kinds of PDF files
md5_authenticode: MD5 Authenticode collision PoC
MIFAREACR122: Python program to read and write 1K MIFARE RFID tags with ACR122 contactless reader/writer
my-shellcode: My shellcode collection
MyEFSService: PoC for Malicious Cryptography blogpost
MySafeModeService: PoC for Playing with Safe Mode blogpost
NAFT: Network Appliance Forensic Toolkit
NetworkMashup: Network utilities (ping, DNS) written in Excel/VBA
NewPasswordStats: Password auditing password filter
nocalcpoc: No calc PoC
OllyStepNSearch: Plugin for OllyDbg
pdf-parser: PDF analysis program
pdfid: PDF triage program
PDFTemplate: 010 Editor Template for PDF file format
pecheck: wrapper for pefile
PFTemplate: 010 Editor Template for PF file format
psurveil: Photo Surveillance for N800
regedit-dll: ReactOS regedit.exe transformed into a dll
RTStego: Rainbow table steganography
runasil: Launches program with a low integrity level
RunInsideLimitedJob: Start program and run it inside a limited job
SE_ASLR: Force ASLR on Windows Explorer Shell Extensions
search-and-replace-with-wildcards: 010 Editor Script for search and replace with wildcards
SelectMyParent: Launch a program and select its parent
setdllcharacteristics: Tool to set DEP, ASLR, … flags of a Windows executable
shellcode2vba: Convert shellcode to VBA
shellcode2vbscript: Convert shellcode to VBA
ShellCodeLibLoader: ShellCode With a C-Compiler
ShellCodeMemoryModule: Generates DLL-loading shellcode from memory
shift: 010 Editor Script to shift bytes in a file or selection
simple-shellcode-generator: Python program to generate 32-bit shellcode (assembler code)
Suspender: DLL that suspends its host process
TaskManager: Windows Task Manager written in Excel/VBA
TestIntegrityCheckFlag: Test program for Using DLLCHARACTERISTICS’ FORCE_INTEGRITY Flag blogpost
translate: Python script to perform bitwise operations on files (like XOR, ROL/ROR, …)
ultraedit_scripts: Collection of UltraEdit scripts
UndeletableSafebootKey: Tool to generate an undeletable Safeboot registry key
USBVirusScan: Launch a program, like an AV scanner, each time USB removable storage is plugged-in
UserAssist: Decode the UserAssist registry data
virtualwill: HTML program to store your will
VirusAlert: C# PoC program that monitors the event log for virus alerts and displays customized messages for the user
virustotal-search: Search VirusTotal for provided hashes
virustotal-submit: Submit files to VirusTotal for scanning
vs: Python program to take surveillance pictures from IP-cameras
whoami: Firefox addon to identify your profile
WMFTemplate: 010 Editor Template for WMF file format
wmi-sc: WMI script for Security Center data
wsrradial: wi-spy radial WiFi plotting tool
wsrtool: wi-spy wsr files tool
XORSearch: Bruteforce a file for XOR, ROL, ROT, SHIFT, … encoding and search for a string
XORStrings: Bruteforce a file for XOR, ROL, ROT, SHIFT, … encoding and dump strings
ZIPEncryptFTP: Zip files, encrypt ZIP file, upload via FTP


AnalyzePESig: Analyze digital signature of PE file
AnalyzePESig_V0_0_0_1.zip (https)
MD5: 4BE29E4A5DE470C6040241FD069010C4
SHA256: FB83C6491690402273D42A3335777E77EA29328F5FE8503FF6F5EF62833D1FBC
  Referenced in post(s):
  Searching For That Adobe Cert

AnalyzePESig_V0_0_0_2.zip (https)
MD5: 738F97F76921FA2220368B3F4190F534
SHA256: E0D43E04AFD242307E3E6B675A650952D2605F45FE55F0B883ACF5B22BA32A01
  Referenced in post(s):
  Update: AnalyzePESig Version 0.0.0.2

AnalyzePESig_V0_0_0_3.zip (https)
MD5: C012D41535CC570F3C4947FDA9559489
SHA256: 3C26F3BEA2B20AA65F2384AC8B709AB7C0D9A51ED544987C9932994536884BD7
  Referenced in post(s):
  Authenticode Tools


apc-b: Send beacon frames with AirPcap
apc-b_v0_1_1.zip (https)
MD5: 9FC457B8CC646BEA2BC6E28AB8E43376
SHA256: 45B6F92362EBEC877F04D92C38E4362187410855DCB6C913771B055BDFC338F8
  Referenced in post(s):
  Quickpost: Sending WiFi Beacon Frames with an AirPcap Adapter

apc-b_v0_2_0.zip (https)
MD5: 849DE418A1F325B9DC133DBE2E7CC501
SHA256: C3F28DCEFE6FF747780E384E49BB4D373BC983518C592E1BB18E8455F78E7F95
  Referenced in post(s):
  _nomap, _nomap, _nomap, …


apc-channel: AirPcap channel hopper
apc-channel_v0_1.zip (https)
MD5: DB385401E39C0FB0C8278DE9D76E6A14
SHA256: 09E6A7DE54B339CA8EACBBD7A944214CA0FD466B93CFAA818B38D2AD30551C2B
  Referenced in post(s):
  Quickpost: WiFi Channel Hopping with an AirPcap Adapter


apc-pr-log: AirPcap probe requests logger
apc-pr-log_v0_1.zip (https)
MD5: 63C0F6F130DC186925BE1B9A66152455
SHA256: CC9D3EFE893BE6F6C263D248C695DFAB08548AE246E1772C2EBF220EB43F7277
  Referenced in post(s):
  Quickpost: WiFi Probe Request Logging with an AirPcap Adapter


Ariad: Tool (driver) to prevent inserted USB sticks from executing code
Ariad_V0_0_0_1.zip (https)
MD5: 31FC46BBE3216413848C146899F08C07
SHA256: ADA979C5F2D1FA414EF834191289CF819810131516E913DBCD82132E519A24D2

Ariad_V0_0_0_2.zip (https)
MD5: B828254F54132BD9C61D7EA0E4646983
SHA256: 98AB541AC1F392159A4428BC23C48153CE784FED0A44E950CC45D2DF14738708

Ariad_V0_0_0_7.zip (https)
MD5: A1F48BF9568A19E4344CE872A7B433DD
SHA256: 7CF8D0F47C44D4AF58C8B13B488189D2CFC63B47139C634FF06114C0C9DFD3DC

Ariad_V0_0_0_8.zip (https)
MD5: B8E46212CA56B7BD056BA30E84DF8596
SHA256: 99620D77B23C21BC1C020352C5E9CCC467A4C450E0C69AA6FFBCE7227063964C
  Referenced in post(s):
  Ariad

Ariad_V0_0_0_9.zip (https)
MD5: C41EFF12D1C454595C5F8B8EBB09DA69
SHA256: DC0F40BA397E19FDFED67E287E0CF24FB55314B9760477D3783D492043FFF698
  Referenced in post(s):
  Ariad


avr-teensy-pdf-dropper: WinAVR PoC to program Teensy to drop PDF file
avr-teensy-pdf-dropper_V0_0_0_1.zip (https)
MD5: EA14100A1BEDA4614D1AE9DE0F71B747
SHA256: 2C9A5DF1831B564D82548C72F1050737BCF17E5A25DCDC41D7FA4EA446A8FDED
  Referenced in post(s):
  Teensy PDF Dropper Part 2


BinaryTools: simple binary tools: reverse (reverses a file) and middle (extract sequence from file)
BinaryTools.zip (https)
MD5: 7A70F0E6A6F89550E0B65BE5611339F8
SHA256: 26A03D0B3E8CDE768976D006F1C187E5B0EF3BB51663403964BDEDF4C606E9CB
  Referenced in post(s):
  Binary Tools


bpmtk: Basic Process Manipulation Tool Kit
bpmtk_v0_1_1_1.zip (https)
MD5: E33F7F95B409E1A0B65766821F7E26F5
SHA256: 8C0E5A04B0F5909462505582873A34AAEA5B6DC8469D3784FEAE7E9FBD349EFA

bpmtk_v0_1_2_0.zip (https)
MD5: 6ABDF2E69F153E8C6282C2DD934735DF
SHA256: 9F3328AD39F318A7F61071EC0C9341C6228B02E9F91F035E6EA8769EF27D3A34

bpmtk_v0_1_3_0.zip (https)
MD5: ECC621E653BCC32694B56AEBDABE6140
SHA256: E39C04C3CF35B8642255CF03E4185490C0FB6A0AEDBD73551E2851A0E5E5069B

bpmtk_v0_1_4_0.zip (https)
MD5: 1BF31C6885326C3C7A1B37C42E9F9DFA
SHA256: 5DF5AFDB93F19974CCDCCEFADAE52A3277AAA31FC24DCAAE6259F9DB9DA865C1

bpmtk_V0_1_5_0.zip (https)
MD5: 3F24041EE1C5C681D3EB3E7481ABC776
SHA256: B08233F9EBC541676B0807FEA7075D324ACC7B1679B130AEE8556DFD797B5EC2
  Referenced in post(s):
  bpmtk: Injecting VBScript

bpmtk_V0_1_6_0.zip (https)
MD5: FD4DA1B404961E6DB45469A27A201F41
SHA256: 5667AD1D153C5F93E509042D94491654AB742C6880DFE10366CA44E8D7EFE0D1
  Referenced in post(s):
  Update: bpmtk with hook-createprocess.dll


BruteForceEnigma: C# program to bruteforce ENIGMA encoded text
BruteForceEnigma.zip (https)
MD5: A9FEBBABA207E7C3790D075FD3A3D22B
SHA256: DE15922575F3F5BC56F7528F7F8C7F33D70B3163A2B33B503CA8B7C3BC4492E8
  Referenced in post(s):
  Brute Forcing Enigma


CASToggle: Utility providing more control over .NET CAS enforcement
CASToggle_V0_1_1_0.zip (https)
MD5: D565937B49DF96E6A8B88FEDCF15D82A
SHA256: 6DC6913136C74592C4833D1EEF5D70B4DA83AA9A111BC8DE6DDF16A709EF7E91
  Referenced in post(s):
  CASToggle


Challenger: Small program for simple reverse-engineering challenges
Challenger_V1_0_0.zip (https)
MD5: FC71CAA3F99CB6EE9094098D60B7E4C3
SHA256: 9CBE129AC7161B12FAE4A65078159350624703CB8A4604F63694322064A2962C
  Referenced in post(s):
  Challenger


cisco-calculate-ssh-fingerprint: Calculate the SSH fingerprint of a Cisco IOS device
cisco-calculate-ssh-fingerprint_V0_0_1.zip (https)
MD5: 5A6C3A2C466908EE7EFB06727E8D02B7
SHA256: 831CAF7BBF0F6C584436C42D9CEB252A089487B715ADBB81F9547EEB3ED6B0B8
  Referenced in post(s):
  Calculating a SSH Fingerprint From a (Cisco) Public Key


cmd-dll: ReactOS cmd.exe transformed into a dll
cmd-dll_v0_0_1.zip (https)
MD5: 4BC42E3744FA780C5C2442F7836B8287
SHA256: BC7656E52476387650E2894C6D3952807BED5D3BFCFCCC4516B44A60DBDB3563
  Referenced in post(s):
  cmd.dll

cmd-dll_v0_0_2.zip (https)
MD5: 9B3C1FA7EB7F7F8528D27CE2DD5C24B5
SHA256: 83D6397F4D75195C73394075522C1E7F5C96E1F3B5C4E70DAED34955C8B613C7
  Referenced in post(s):
  Excel with cmd.dll & regedit.dll


CounterHeapSpray: Process hardening tool, my PoC for Microsoft BlueHat Prize Contest
CounterHeapSpray.zip (https)
MD5: 1947380F935AE0B1A8828DE79621F82F
SHA256: CA0BF635655EE05ABED117C858BC86ECDF3EBB4C39544D7D0C396D7C457F1BBC
  Referenced in post(s):
  My BlueHat Prize Entry: CounterHeapSpray


datapipe_V0_0_0_1.zip (https)
MD5: 5BF1594E8144B694431E7A7E3BDF33F7
SHA256: 57CD06EBFEC1C5C2661E44260A7304DFCDEEB2F54132E0627A474AF756AFA956
  Referenced in post(s):
  MVP – Promo – Datapipe.xls


defuzzer: Generate the original file by combining fuzzed files.
defuzzer_v0_0_2.zip (https)
MD5: 75188EF950625B78937C3473D825C582
SHA256: 056AB8BA7F3B2B52F8C7BFC2959D7F1AE3FEAC4BE90C675B2DFF6B521225D93E
  Referenced in post(s):
  The Art Of Defuzzing


disinformational-tweets: Python program to Tweet (obsolete)
disinformational-tweets_v0_0_1.zip (https)
MD5: 36CDB584634ED299E7ACE0D64E846003
SHA256: C5FCE76443549C3A8882B799B6F7A754EF6AEE5F11F3E94FF255EE541205C17B
  Referenced in post(s):
  Quickpost: Disinformational Tweets


disitool: Tool to work with Windows executables digital signatures
disitool.zip (https)
MD5: 896121FBECEF00C4DE84743A13D3E696
SHA256: AFB374E06760470D070022BD97C518808545435910CF13472398B1FA15E50B9C

disitool_v0_2.zip (https)
MD5: 4C7196F5AD581275B8B8CBC4930FF338
SHA256: 075CED9FDD633A6D0A11029107206F845AF055AFC3872E7D82801A1D83AED64F

disitool_v0_3.zip (https)
MD5: 08D1CA036DC905D8E42AB3016A1B7821
SHA256: AEF923F49E53C7C2194058F34A73B293D21448DEB7E2112819FC1B3B450347B8
  Referenced in post(s):
  Disitool


DumpStrings: 010 Editor Script to dump strings (integrated since version 4)
DumpStrings_V0_0_1.zip (https)
MD5: 50C0C92F28020E7BCABBF46CA8775CCE
SHA256: 7EC688DBB0FD95C828067662C9ED8BBCFFEFBE5EA37B607DC8DFA1BDCB94365C
  Referenced in post(s):
  DumpStrings.1sc


EICARgen: Program to generate an EICAR file (EICAR AV test file)
EICARgen_V1_1.zip (https)
MD5: EACBE699FFB0B9B56B6F2BCDBA810D6E
SHA256: 5D44B15BDE92679DF0C216D5890C7EE9345B8782D25B01324B27CACAC918EFB6

EICARgen_V2_0.zip (https)
MD5: D346A3725622F981DDA7221799EF08E8
SHA256: 2DF76319D8513B1AD70D327816D3C1028B261EF1E314243DCD0DEC14FF1FC7CE
  Referenced in post(s):
  EICARgen
  EICARgen: An Arms Race


EnforcePermanentDEP: Enable permanent DEP in the loading process (Windows XP)
EnforcePermanentDEP_V0_0_0_1.zip (https)
MD5: B0A89B0CE8DC5BA2472B3D744D40E4A3
SHA256: 525BA6EF82BD2B0ABD30DAD0D676CE085A9FA6E0DE3E3A8A0ADD6DF050F5A635
  Referenced in post(s):
  EnforcePermanentDEP


extractscripts: Utility to check HTML file and generate a separate file for each script in the HTML file
extractscripts.zip (https)
MD5: D40AFBB62A304C20B0BF06DA70B6DBF4
SHA256: 23245B1999973E6D8619BCEDB9090CF94D7ECD3F0865B1F47402AD77B18CD356
  Referenced in post(s):
  ExtractScripts


file2vbscript: Embeds executable into vbscript script
file2vbscript_v0_3.zip (https)
MD5: B6B364BE69F8B2A4D554E9196B3D5A6D
SHA256: 2091DDB9C4B9F0A7450DD7B9BF0731D4C9D38BD5B145C1B151FC2E508DEA0ADE
  Referenced in post(s):
  Quickpost: Embedding an Executable in a VBscript


FileGen: Command-line program to create test files of different lengths
FileGen_V1_0_0.zip (https)
MD5: 6AAAB254D4BB10AC6320C7106C04FA79
SHA256: D7BE1E64BAD8DE33EDAD6A218E0B8E4BC53E011E3B1175F05E384A63C4BF24D7
  Referenced in post(s):
  FileGen


find-file-in-file: Check if a file is embedded inside another file, even non-contiguous
find-file-in-file_v0_0_1.zip (https)
MD5: 2984F01404770B92953823D39907B055
SHA256: 1AD124A9A31DACFE1FC9F3B89B3117D3A70D5BC15B712CC1748BEA893612686C
  Referenced in post(s):
  Finding Contained Files

find-file-in-file_v0_0_3.zip (https)
MD5: 8691158700079C786F6905F0CA0F32BC
SHA256: 84506CED140F309503E723831A9EFB99A8CC213532BEB56E00BC4BA5FE235797
  Referenced in post(s):
  Update: find-file-in-file.py Version 0.0.3


fuzzer: 010 Editor Script implementing a simple fuzzer
fuzzer_v0_0_1.zip (https)
MD5: E9B7114952E81A504C7CF3B06B99B5CF
SHA256: CF399EE2D86B6039236608F4FE882E579D7DCFED1DA980B4124ED06FD0C5807A
  Referenced in post(s):
  fuzzer.1sc


HeapLocker: Process hardening tool, a bit like EMET, but open source
HeapLocker64_V0_0_1_0.zip (https)
MD5: F3D43A29CE64F9418AA154C66B0B06A4
SHA256: 7EFF1D9EA20B522D76034DC4CB66E2FD7AC43E585987FC9ABF7EF8EB801FBC6C
  Referenced in post(s):
  HeapLocker
  HeapLocker 64-bit

HeapLocker_V0_0_0_1.zip (https)
MD5: EE0ED3FC2C9A5A3497A7286BFB476978
SHA256: C2B7F0BB8F1D1EDCCFCFE612412B40A12B89F4BE888BB50F872E04FD2F9BBA5F

HeapLocker_V0_0_0_2.zip (https)
MD5: 66204745155E8F75B9A152F2E8D416EB
SHA256: A334957AC8707DFC947C6B70F8F3D7337902969CFF3D6099597B3CB31BC3D4A8

HeapLocker_V0_0_0_3.zip (https)
MD5: F4F9AD7139C4D7FB3B0B149FA5961A56
SHA256: 7DD72256EE9C189A234234FD7758E9251F813FF253E0387C9D8188D8155FDDA4
  Referenced in post(s):
  HeapLocker


InstalledPrograms: List installed programs with Excel/VBA
InstalledPrograms_V0_0_1.zip (https)
MD5: 0BF27B9D4B6316381E0AADC1777B7F8F
SHA256: 60AF8234BD10E12221CAD3D2544222819CB0CC0834E339084590860F30E0D580
  Referenced in post(s):
  InstalledPrograms.xls

InstalledPrograms_V0_0_2.zip (https)
MD5: 383D9EC2B520E930A8484F1BD0B99534
SHA256: B174A5A9A366799B5C7CB99D6FD83643E5AE8155FBC52ADCEDA836FFF9281766
  Referenced in post(s):
  Update: InstalledPrograms.xls V0.0.2


InteractiveSieve: GUI tool to visualize and analyze logs, data, … by “sifting”
InteractiveSieve_V_0_6_0.zip (https)
MD5: 37DDEA0A289AB7E6F826A7BDF46B5C81
SHA256: 2AA5F24A3432C4D16837A7B9BA818D19C54C6047745A9B3E1DE30B51BE9B2AC5

InteractiveSieve_V_0_7_2_1.zip (https)
MD5: 0312B5884B59619AFD2BD8C2A087E333
SHA256: 79DF1AF0020B0A8174F1A745EFBC922509990CE643703E69FFDA96FA4ACD3D78

InteractiveSieve_V_0_7_3_0.zip (https)
MD5: F36B245584DE143A15F484AA6220D67F
SHA256: AE0804EA739AEDC5FA32B7F6FD99AB99A35F7742B98953A653E0C24725E0FE6F
  Referenced in post(s):
  InteractiveSieve

InteractiveSieve_V_0_7_5_0.zip (https)
MD5: F9E3D74F4BE3C140FA415C6E525A5346
SHA256: 1981665BEF13E52A03A53AD4755891D25AE6A3D8D986666107D295CE8AE31C02

InteractiveSieve_V_0_7_6_0.zip (https)
MD5: 37C18D2E41CB311442E033F253818057
SHA256: 5758289A939388FDB73617DAD686EBD2B79D1E48444A772946E7606DAF49DB05
  Referenced in post(s):
  Update: InteractiveSieve 0.7.6


js-1.5-mod: SpiderMonkey JavaScript interpreter modifications
js-1.5-mod-0.3.tar.gz (https)
MD5: 59D7C7F67903A00AFC97C9BEDD7E1F54
SHA256: B1B51F3FD357635AD6BE90D183416DAA7783972F9BAF15E36B0A5B9BF748A570
  Referenced in post(s):
  SpiderMonkey


js-1.7.0-mod: SpiderMonkey JavaScript interpreter modifications
js-1.7.0-mod.tar.gz (https)
MD5: A64B079FAEFD6BA23CAC3FCC7EF41AC7
SHA256: 74DD063F13647505ABB11FA3D1A5D44DA35A3F73F18FE973F93FBA5E349B8BA9
  Referenced in post(s):
  SpiderMonkey


js-unicode-escape: 010 Editor Script to convert bytes to a Unicode escape encoded string for JavaScript
js-unicode-escape_v0_0_3.zip (https)
MD5: B86B7E73D93C5A4C086384C2FF89303C
SHA256: 81F26C328FD67FB7512CD60485481D7FFD8B7FE5ACE95455D45F4F635EADF81C
  Referenced in post(s):
  js-unicode-escape.1sc


js-unicode-unescape: 010 Editor Script to convert a Unicode escape encoded string to bytes
js-unicode-unescape_v0_0_1.zip (https)
MD5: E4FF29FB631142AC995636EED4CFB2AB
SHA256: C5659BCED1C6A7F92C2F7F9058DAA5807D2907283041E4F9DD1E4B6F318F2BBD
  Referenced in post(s):
  js-unicode-unescape.1sc

js-unicode-unescape_v0_0_2.zip (https)
MD5: 6200C4F235CA527E8C0DCD5076CB1C09
SHA256: 2CACC9EE1BB1D1BC4C9FABC6EC3B3440CFF304AA560966B0B531279C369549BB
  Referenced in post(s):
  Update: js-unicode-unescape.1sc


ListModules: Analyze digital signature of all executables in processes
ListModules_V0_0_0_1.zip (https)
MD5: 56D6BD9479915E6FF1C29A9D9F8F7950
SHA256: 43DFAD3F18C2F317E283BCDD453311BB17F6216C6748C25D102778DF63021069
  Referenced in post(s):
  ListModules V0.0.0.1

ListModules_V0_0_0_2.zip (https)
MD5: F1FDFAA37D23E3B61E2E1F018C1D2B83
SHA256: F0AE681AB70281920B219B6733A2F0D7BC8AE959621DC3107B49F1EED4A1E523
  Referenced in post(s):
  Authenticode Tools


ListSharesSecurityWithWMI-VS2001: C# example for share security enumeration with WMI
ListSharesSecurityWithWMI-VS2001.zip (https)
MD5: A27793BB9C3F19AFB25F1F64CEBE5C94
SHA256: 10FF939F3B73BDF383EA330B89B5B3BD794FD78EA66DEE564C94380F1A9E7E5D
  Referenced in post(s):
  Programs


LNKTemplate: 010 Editor Template for LNK file format
LNKTemplate.zip (https)
MD5: CD7C486DBB9A1CA48D0A3CD67492B404
SHA256: EDECFE72280DB904969C599E313CB6DD93BB37A0B55B5786014DEC1BC1B61738
  Referenced in post(s):
  Quickpost: 2 .LNK Tools
  Quickpost: .LNK Template Update


LoadDLLViaAppInit: DLL to load other DLLs via appinit registry key
LoadDLLViaAppInit64_V0_0_0_1.zip (https)
MD5: 94C38717690CE849976883FFE4B22CA1
SHA256: 447C8F61A6398CBE6BD5E681FCE28C55D426D4E4EA49BBE367AE5B334B073A55
  Referenced in post(s):
  LoadDLLViaAppInit 64-bit

LoadDLLViaAppInit_FI.zip (https)
MD5: 2867B6AADF6C9FFA224D2D6A0153AD91
SHA256: E732451401B37087FAC619BD500E370FE3C21FB764F2E2E99C76EDBADEC86204
  Referenced in post(s):
  LoadDLLViaAppInit with FORCE_INTEGRITY

LoadDLLViaAppInit_V0_0_0_1.zip (https)
MD5: 60B93BAF4B0F973C3EC920F2F4A180E8
SHA256: 3B528A3BAF593A2740D5655CF18BC0932801D4DF1750DE8F9C8229C0FF51E8BE
  Referenced in post(s):
  LoadDLLViaAppInit

LoadDLLViaAppInit_V0_0_0_2.zip (https)
MD5: F458DAEAB1A3E68870EE0608E2A1FFFC
SHA256: 9C8BA52A68893F33E0019CC64264C24A7EEC09C5D0DAE6F43C110ACFD45E621F
  Referenced in post(s):
  Update: LoadDLLViaAppInit


LockIfNotHot: Automatically lock Windows computer when user walks away, requires IR thermometer
LockIfNotHot_V0_0_1.zip (https)
MD5: 188BE76E0A5BCCA26A8736F8F0C4061C
SHA256: CA915265D3B224DF3AA95E5C59B7C0E7EDF239DF50FC1C03F2C991A8B1800AD2
  Referenced in post(s):
  LockIfNotHot


lookup-tools: IP-address and hosts lookup tools
lookup-tools_V0_0_1.zip (https)
MD5: EB9C5BEF25EC5ED0F44297AA8A04679E
SHA256: 755E98BA0BC09C31E58ED4BF7B08CD42467BBF9B129C77DD6D558FD6B6E27124
  Referenced in post(s):
  Looking Up Hosts and IP Addresses: Yet Another Tool

lookup-tools_V0_0_2.zip (https)
MD5: 310904722F900FA34C567FC38634124E
SHA256: 85626574A99BF4D2AB786D8C2FF5B8F6649F1FC7410F1786A24EF0201AAF64AA
  Referenced in post(s):
  Update: Lookup Tools


LowerMyRights: Restricts the rights of an existing process
LowerMyRights_V0_0_0_3.zip (https)
MD5: FF937173AB1CD2C7A9DF050D7ADF0696
SHA256: 9AA83F24031029F60862CAAE477B02DF0C0887BD6E9078A1E186FEF6DF873253
  Referenced in post(s):
  LowerMyRights


make-pdf: Set op Python programs to generate all kinds of PDF files
make-pdf-jbig2_V_0_0_1.zip (https)
MD5: 334D59CE634914CA89661A6DE03CE78C
SHA256: 153AFCA0E5269477772D920DF230DB9ED1CDC9715F0FDF4A9572A679B24BD116
  Referenced in post(s):
  Quickpost: /JBIG2Decode Essentials

make-pdf_V0_1_0.zip (https)
MD5: 7682A66DCD0C3AF1D4A2AFA30D44AA8C
SHA256: 7E92B7EE4A3EE2FCFCAF0AC1398381E4F649A6E7C899351721D78D37D6018AA0

make-pdf_V0_1_1.zip (https)
MD5: 9AF2E343B78553021C989E8E22355531
SHA256: C604679ABEB0469C1463159E02E74F12487B2755A6096B416A8F4F638DEB8AA9

make-pdf_V0_1_2.zip (https)
MD5: 305D57692C27DD3CD91D8C85A3932948
SHA256: A030BBCB8B54137D8047A4CB5C350725599383A4B113CABBA8871AC221378C5B
  Referenced in post(s):
  Embedding and Hiding Files in PDF Documents

make-pdf_V0_1_4.zip (https)
MD5: D2630ABDE44DFFDD5640AEF391CE591D
SHA256: 11578A938F9FFCC16456519375AF8817C1F8F0D9C41C68BBF78882BFB36B8058
  Referenced in post(s):
  PDF Tools


md5_authenticode: MD5 Authenticode collision PoC
md5_authenticode.zip (https)
MD5: 332078ECB5609A09F6412450EB41CAA8
SHA256: 72E54C3F052D7E8C7414F524CD40541244BB57D1F346477CFAFC037F42DA50AA
  Referenced in post(s):
  Playing With Authenticode and MD5 Collisions


MIFAREACR122: Python program to read and write 1K MIFARE RFID tags with ACR122 contactless reader/writer
MIFAREACR122_V0_0_1.zip (https)
MD5: 368BE885EF3BA0E8CBDA25F8EC022833
SHA256: D721EC111C2FC7D4A9CD0A1ED4DCF29554C68E56C6F4DA789A4228715A32D732
  Referenced in post(s):
  Shellcode On a MIFARE RFID Tag


my-shellcode: My shellcode collection
my-shellcode_v0_0_1.zip (https)
MD5: F215B29BA3C8F24CFBA5C24BED65B68A
SHA256: EA1DB8028954CEB18B8AD2EB37CA6BA0CD7CDC6B9A64F10561382152701C013F
  Referenced in post(s):
  MessageBox Shellcode

my-shellcode_v0_0_2.zip (https)
MD5: 324AC5DABA30198C66B58B234D4D8E80
SHA256: E947C6B3087008BFC6B327A8066D29DC4F0D3753032775A3A1B602436FF3EE0E

my-shellcode_v0_0_3.zip (https)
MD5: 914FB82B15D84108E023714DFF5B8658
SHA256: B72BD9DAAAD37100A6C011752E305FDDFED0F9C5ABB27EF1F19F24D05CB2C939

my-shellcode_v0_0_4.zip (https)
MD5: 79A46202171D558876F41E2A9352B301
SHA256: D7D3A06BC82CE5FA5082FAA2AB266F971A5C4DDEA06645B119975EDC100730A3

my-shellcode_v0_0_5.zip (https)
MD5: CFF4F0FB67C5ECCCB7EE5F3C35FB0578
SHA256: B0E444A16719B0196C4038B398DF0333D29B202283E523B1CF3D4267ECD4D0BB

my-shellcode_v0_0_6.zip (https)
MD5: B6BC3081E1D2CA823AC4F814FD972E6B
SHA256: 414E2A933DB6C6B7F3605834F18F52DC7F39113AC7F7120EBF91F2C30B749A1F

my-shellcode_v0_0_7.zip (https)
MD5: E3D7866D59506696C3CEDE97FA742997
SHA256: C575FC6128ED65F83C19B2E5E6AC5554B8C1D27F27EA16E5CDC147927AD2AF76
  Referenced in post(s):
  Shellcode


MyEFSService: PoC for Malicious Cryptography blogpost
MyEFSService.zip (https)
MD5: 457B7A671AC28C533BD3B6A62FD1DF13
SHA256: 2F2D9BDA5C00E7DA3619AD86EAA6B2DC302447FBDA67399263FA2A7F71281E46
  Referenced in post(s):
  Malicious Cryptography


MySafeModeService: PoC for Playing with Safe Mode blogpost
MySafeModeService.c (https)
MD5: 6A9EC31F58B803EDA6032BD5D3EB6996
SHA256: FDF45508EDC33896BB8C723492B82246AA75B5391FECF1B8ED9F5D4247739395
  Referenced in post(s):
  Playing with Safe Mode


NAFT: Network Appliance Forensic Toolkit
NAFT_V0_0_5.zip (https)
MD5: DDA7D6B34DD55895F144DD2E39A96455
SHA256: A8C08580447AB5F5DAD105BFF70E3CE8DC397DA81A08C2B344DE073D4B5296C0

NAFT_V0_0_6.zip (https)
MD5: 58FE5A59084B30843C44D0DF9A753B53
SHA256: 3970EE86A1747B22BE7427DD97D21398DCF3A32DBD22F11E58B5DDB10C55D362

NAFT_V0_0_7.zip (https)
MD5: 247DD8703F1AB1AEF0764367706EEA19
SHA256: 0CAAD5C024E16664F5EC36CDDB19F57D2EEA402DAFB72A259F1542C99D4CC11D
  Referenced in post(s):
  Network Appliance Forensic Toolkit


NetworkMashup: Network utilities (ping, DNS) written in Excel/VBA
NetworkMashup_V0_0_1.zip (https)
MD5: AE0CD3879483930B82500FA40D6ECF20
SHA256: B46C670B7677BD08DCFC8AF5E8C16881836A8BD29CC3F574F1CB4011828BDB39

NetworkMashup_V0_0_2.zip (https)
MD5: D6393F7A77517177DAE708019393E4FF
SHA256: 91983017EB2C069D6EE36EF7F0CE4043C3BA7E5CB7C46D86AE8C323D7EB27B81
  Referenced in post(s):
  Quickpost: NetworkMashup.xls


NewPasswordStats: Password auditing password filter
NewPasswordStats_V0_0_0_1.zip (https)
MD5: FAF362F49C7B3FA8CCE7AF600B6D91A8
SHA256: 3D9BBD195F55FBB8F6CE523B3E7BE95A531725570336C55911EE0F312FE95A4D
  Referenced in post(s):
  Password Auditing With a Password Filter


nmap-xml-script-output_V0_0_1.zip (https)
MD5: 772B6371C1F5E27E68D9BF14955A02D4
SHA256: C86E42E7FA8EFA42C60062759E69DC8DE7F017D9113CF304D9515ACA59815790
  Referenced in post(s):
  nmap Grepable Script Output – Heartbleed


nocalcpoc: No calc PoC
nocalcpoc_V0_0_0_1.zip (https)
MD5: 05798543571B45E19536181DC7346330
SHA256: ED0FEDC6096420F6F09F4980A1CE36F7C4BC0A8C9191F4DFC27FA4C77D547976
  Referenced in post(s):
  Why Isn’t my PoC Launching calc.exe?


OllyStepNSearch: Plugin for OllyDbg
OllyStepNSearch_V0_6_0.zip (https)
MD5: 6302043B90834E6EE39F720C94C9D772
SHA256: B46F3A03D6C459EC36571948D84D933E4339F225B561FAC04DE4FB4525E70C9C

OllyStepNSearch_V0_6_1.zip (https)
MD5: D32BA4B0042BF9342B05FCBC0CF573B6
SHA256: 61ACA61F3399322B797EB58425A13AF3E68EB590AC747D1D244385E0923ABA52
  Referenced in post(s):
  OllyStepNSearch


pdf-parser: PDF analysis program
pdf-parser_V0_2_0.zip (https)
MD5: 973E57E5EA8706F92EB0D6BA46EE9EFD
SHA256: 637C95018653C406F0A3AF62E72D9BF396C4AC56A8189586EB59467BD364A7D6

pdf-parser_V0_3_0.zip (https)
MD5: DC34F3B9E0436BA985B53DD44BEEBFA6
SHA256: 9DB432CDEA25E3408E07C612FED8A8B245EF378DDC737914F04248953567A691

pdf-parser_V0_3_1.zip (https)
MD5: 07CDA54844CD6567473CBF2B0DFC601C
SHA256: 7614AEC453502EEF43F9EA04A82092C4ACDD32AB86D1C4D744B7B590C74152EC

pdf-parser_V0_3_5.zip (https)
MD5: 07EA2C47766ADF248102E378C65D03F3
SHA256: 5EAD0F9BE9693EF836CF67FF2B796324ED5E7053D34BF4FA588D250A7DA2E761
  Referenced in post(s):
  Update: pdf-parser Version 0.3.5

pdf-parser_V0_3_7.zip (https)
MD5: BDC0E5A82EB6D7C287E7360D8901023D
SHA256: C83D39F8938A00A3EB2BDE3134EFAF3A2BE11E72C2C8A92841D4E1E82366D7E1

pdf-parser_V0_3_9.zip (https)
MD5: 6C91F8D4E8EA8BEF6F60CEDA4E1CDEA0
SHA256: 9D4549B6A93BF83EA74A905E3271272EBCEC6B6329867F1C0FCB59920C3C3CB4

pdf-parser_V0_4_0.zip (https)
MD5: 9C2680974DCF11714F743F6C7885A7FA
SHA256: 0035C2304FC85B696EB7E9E64B19A4E1EAE25BA4719D5B0FF91D7D306981CEE4

pdf-parser_V0_4_1.zip (https)
MD5: A0314C0CD8AAE376C7448E74D4A7472C
SHA256: 633B7400015B2C936103CC64C37435FB333B0F2634B2A6CD3A8949EAB1D18E9B
  Referenced in post(s):
  Update: pdf-parser Version 0.4.1

pdf-parser_V0_4_2.zip (https)
MD5: B0C8F02358B386E7924DACB3059F8161
SHA256: E90620320AF6ED8E474B42BF6850E246446391878F87AE34DCDBD1D9945A6671
  Referenced in post(s):
  pdf-parser: Searching Inside Streams

pdf-parser_V0_4_3.zip (https)
MD5: 2220FFE37AEA36FC593AE33440385E76
SHA256: 1416624938359FDD375108D922350D1B7B0E41B3A40A48F778D6D72D8A405DE6
  Referenced in post(s):
  PDF Tools
  Update: pdf-parser V0.4.3


pdfid: PDF triage program
pdfid_v0_0_10.zip (https)
MD5: A06B023457DACE24FDFBF537282E1A76
SHA256: 18D88B15C90504BE6A2FF2814BD15A7B20B945337252018A0072AEFD99D5AAC8

pdfid_v0_0_11.zip (https)
MD5: 99BFA4916EC5E005953E3D9D8AD96C83
SHA256: C831569C8139D5CA5709600B987C929716FE58B1DD6B65F18EC84473A83B4075

pdfid_v0_0_12.zip (https)
MD5: 628BB84D7A4FE1A32F23954DD067E667
SHA256: A10B3C0B9BFB467A2C4C2EE6C786CF5E98A7CAD32AC5BEA498DD9796031A77D5

pdfid_v0_0_2.zip (https)
MD5: 21093726A57F39E08A679A11B6616931
SHA256: C3B190DD5E07FCEA2954D5686096155B39B5CAB6A21C17DD0C8D1838CACD4ED3

pdfid_v0_0_6.zip (https)
MD5: CE809DAC132BA2BD1C74413F125C2A70
SHA256: 0DB423F0E01197977C676C14B5BDA2FBBC9840CDD86160716A43CED0F84753FE
  Referenced in post(s):
  Quickpost: Disarming a PDF File

pdfid_v0_0_7.zip (https)
MD5: 06DA1B6E621F373CBAF0F9514B3F433A
SHA256: 3AE403684F9EE141838C7CDAD674FCE06807C983C1078EC68EF94AF4A02823C0

pdfid_v0_0_8.zip (https)
MD5: 9769FB96899F3AD15510C903A4FB29EF
SHA256: 542734C2613439851AF99B59725B1607F96A6E9396B447C5BD3AF197AABB0231
  Referenced in post(s):
  Update: PDFiD Version 0.0.8

pdfid_v0_0_9.zip (https)
MD5: 1C731D6204C09AAFF219876A8FB5E834
SHA256: 24A9B16E67A84E85488A16879CB611128B2E5921044E48EFB60D784BD785CBD0

pdfid_v0_1_0.zip (https)
MD5: 6A5FF56C22EF2745C3D78C8FD8ACA01F
SHA256: D72FE8555DC89808EE7BFC9F791AD819A465106A95801C09C31B0FD2644B3977
  Referenced in post(s):
  Update: PDFiD Version 0.1.0

pdfid_v0_1_1.zip (https)
MD5: 069F0286A99AF03712DB2992B464833D
SHA256: 875CE564837D9B72BC3055A617795A96245D337CC20BEC235A2F6857F42C9114

pdfid_v0_1_2.zip (https)
MD5: 60FC17757201F014A6ADA0744B74A740
SHA256: 1CF36C50427A2206275C322A8C098CD96A844CAF6077B105ADE9B1974789856F
  Referenced in post(s):
  PDF Tools
  Update: PDFiD Version 0.1.2


PDFTemplate: 010 Editor Template for PDF file format
PDFTemplate.zip (https)
MD5: C124200C3317ACA9C17C2AE2579FCFEB
SHA256: 24C4FEAD2CABAD82EC336DDCFD404915E164D7B48FBA7BA1295E12BBAF8EB15D
  Referenced in post(s):
  PDF Tools


pecheck: wrapper for pefile
pecheck.zip (https)
MD5: EE42C8FF3C90B4F5466A9AEFD152156F
SHA256: 679690A1377617E9FEFF31F535A3CCBB3D951FFEBA697FBBD830D653D483AA65
  Referenced in post(s):
  Sampling a Malicious Site

pecheck_v0_3_0.zip (https)
MD5: C2AC9FED3C7F1787854C8D0E651B2591
SHA256: 3CDEBADA4C594DD3622E234747C6AABD41573C94087C0554CBA65D0472F6B413
  Referenced in post(s):
  pecheck.py


PFTemplate: 010 Editor Template for PF file format
PFTemplate.zip (https)
MD5: 11F6BB8EC0D29CBCC7C2F269E9900AF0
SHA256: 4429380778C94E47427C1753BAF91E0D8AF78985AA9F3868CF3FC07456F7BAFA
  Referenced in post(s):
  Prefetch File 010 Template

PFTemplate_V0_0_2.zip (https)
MD5: 56A98A78BD4E8D1AED88385AF1DD8446
SHA256: E15D721E46FFB8158C6D14C9A38DE4E3DD5DCD0972896441DF17590C540DBCC3
  Referenced in post(s):
  Update: Prefetch File 010 Template


psurveil: Photo Surveillance for N800
psurveil-0.2.1-source.zip (https)
MD5: 0CFDCA784E15D45AB882BC5BB7E635ED
SHA256: 0A9132C7B4A72A1289652CC307F2C92B0DAD9BB43706CDEE90BCCA06440A0A60
  Referenced in post(s):
  Looking for N800 Beta Testers, No Voyeurs Please ;-)

psurveil-0.2.1.zip (https)
MD5: 6B0E8C000EA4FF7EBAA4E50A07589EB5
SHA256: B399FBDCED4F3F1CC79782652D30A9A9CD96FCE5F3F948493A0929C7DE3318FD
  Referenced in post(s):
  Looking for N800 Beta Testers, No Voyeurs Please ;-)


regedit-dll: ReactOS regedit.exe transformed into a dll
regedit-dll_v0_0_1.zip (https)
MD5: A736AE075FE12656D4A8DB7421AB035B
SHA256: 8392D6C814670F7198BFFF9741F4589D806FFF1C89A964AD14C9DA4047F45C6F
  Referenced in post(s):
  Excel with cmd.dll & regedit.dll


RTStego: Rainbow table steganography
RTStego.zip (https)
MD5: 8DE76B0E81314CF8614678621CB7D162
SHA256: E8E8AA7A397E576D2BEB761B045D974D4D25E22AC6E3680154940A586AFEB91F

rtstego2.zip (https)
MD5: E8C7CBDD6B5C2FF56A2BDC3B04401AFB
SHA256: 31CBEFDCB5C865E9AE243BC1C0261DD08CF1FFABE792AEAA9DE9F903E9CAECA9
  Referenced in post(s):
  Hiding Inside a Rainbow, Part 3


runasil: Launches program with a low integrity level
runasil_V0_0_0_1.zip (https)
MD5: 5B8CE64715903DD7EEF4AF3B89E6E6FD
SHA256: 15841A9D9985E626C5B70B4BC3B2BF2CD68C38102B6BB1D92BA352D19F5C8A65
  Referenced in post(s):
  Runasil


RunInsideLimitedJob: Start program and run it inside a limited job
RunInsideLimitedJob-DLL64_V0_0_0_1.zip (https)
MD5: A6048613CE00C9F401A8AC7943A451E3
SHA256: 279F6BE0EB124814D37A5E70F2D906B1756B27CDDC7E7AEA40B2B42B39C0CFCA
  Referenced in post(s):
  RunInsideLimitedJob 64-bit

RunInsideLimitedJob_V0_0_0_1.zip (https)
MD5: 90055BA2928D06EC7A883DEF6E7F37C6
SHA256: EF88A2963436F5893727A90413CE624B473352190E936E35EEF85E246655486D
  Referenced in post(s):
  RunInsideLimitedJob


SE_ASLR: Force ASLR on Windows Explorer Shell Extensions
SE_ASLR_V0_0_0_1.zip (https)
MD5: 9D6AE1A96D554AEE527EB802FE59FB20
SHA256: 8A6C1406A757CD9788A2630D76A497E2C058333EE4D44CA0B85B2A05A39F257E
  Referenced in post(s):
  Force “ASLR” on Shell Extensions

SE_ASLR_V0_0_0_2.zip (https)
MD5: C835D1DDB64A68A1CD48CCF87AE03D18
SHA256: 1560BEE96CFC956A5E8954FEFD92ED227293418B19FE6B06D4ED703B6C50F4AC
  Referenced in post(s):
  Update: SE_ASLR Version 0.0.0.2


search-and-replace-with-wildcards: 010 Editor Script for search and replace with wildcards
search-and-replace-with-wildcards_v0_0_1.zip (https)
MD5: 7D620E8BEFFD4ED5563D9944C9B0B859
SHA256: B7F074304660A8DBF7AB2261D8619FFFFD461EFB5EE4C6E42880C87A3C1A4AB7
  Referenced in post(s):
  search-and-replace-with-wildcards.1sc


SelectMyParent: Launch a program and select its parent
SelectMyParent_v0_0_0_1.zip (https)
MD5: AF327175764886FB41304F7BC157FC58
SHA256: 16F40EB7996BAC1084DA366B1CF89ADA40093099373DB1FDBAE81CDCA5D2B560
  Referenced in post(s):
  Quickpost: SelectMyParent or Playing With the Windows Process Tree


setdllcharacteristics: Tool to set DEP, ASLR, … flags of a Windows executable
setdllcharacteristics_v0_0_0_1.zip (https)
MD5: F96358BF90AA4D8C6B32968B2068BFCB
SHA256: 5A9D3815F317C7C0FF7737F271CE0C60BE2CB0F4168C5EA5AD8CEF84AD718577
  Referenced in post(s):
  setdllcharacteristics


shellcode2vba: Convert shellcode to VBA
shellcode2vba_v0_3.zip (https)
MD5: 44AF2685975346F9DE09E48E7FB855CE
SHA256: 04C42FA26717CCC7BC17A7BEDA02C746CA1A8BC8C6CE184670CD686796B5FF10
  Referenced in post(s):
  shellcode2vba


shellcode2vbscript: Convert shellcode to VBA
shellcode2vbscript_v0_1.zip (https)
MD5: AAB0431127C657C9A3EF67E1C73E6711
SHA256: D1CDDAFCB734EC3F35E558DECFF2EDB73DC0C394936814B602B605F09DE4A5E5
  Referenced in post(s):
  Shellcode 2 VBScript


ShellCodeLibLoader: ShellCode With a C-Compiler
ShellCodeLibLoader_v0_0_1.zip (https)
MD5: F6D4779097A8A11C412BDD47B7B1C8AE
SHA256: 3294A4322926476562AF34A80B8155638EFEEF38E401E69D6DB9BBB652C3EB58
  Referenced in post(s):
  Shellcode


ShellCodeMemoryModule: Generates DLL-loading shellcode from memory
ShellCodeMemoryModule_V0_0_0_1.zip (https)
MD5: CEABB3A8A9A4A507BA19C52EE2CC5DA9
SHA256: 284344C909E623B0406BB38A67F5A7A1AEE2473721244EED52CCEBB8846B0500
  Referenced in post(s):
  Shellcode


shift: 010 Editor Script to shift bytes in a file or selection
shift_v0_0_1.zip (https)
MD5: 0E98DD182D12839FD86A30E696414E0A
SHA256: 07D849E9E898AFA705E57474FADFF001C9CAF9DB1D51AD8C9EB7E9A2A765D714
  Referenced in post(s):
  shift.1sc


simple-shellcode-generator: Python program to generate 32-bit shellcode (assembler code)
simple-shellcode-generator_V0_0_1.zip (https)
MD5: 3A6D00C6EBC1F20589C952817174653E
SHA256: FEFD4059810DA7855CC3CBC6A198FD75607C4F7B7B2F71817689E1520B454C58
  Referenced in post(s):
  simple-shellcode-generator.py


ssltest.zip (https)
MD5: 1B50D6A10637BB6472ED541733BBE68D
SHA256: DA744643CF06645DA9C27A7DD62853E15123D7481AE5D6776E6393A6312847E1
  Referenced in post(s):
  Heartbleed: Testing From a Cisco IOS Router – ssltest.tcl


Suspender: DLL that suspends its host process
Suspender_V0_0_0_3.zip (https)
MD5: C87FCAB2586C6154B58FB0F95FBB1FBE
SHA256: 56D0C641569E99AC31C7590DE513025E21166747565B73C5EBE34346616FFB2F
  Referenced in post(s):
  Suspender.dll

Suspender_V0_0_0_4.zip (https)
MD5: 629255337FE0CA9F631B1A7177D158F0
SHA256: 8E63152620541314926878D01469E2E922298C147740BDEAF7FC6B70EB9305EF
  Referenced in post(s):
  Update: Suspender V0.0.0.4


TaskManager: Windows Task Manager written in Excel/VBA
TaskManager_V0_0_1.zip (https)
MD5: A0A7584C83F4DD85F57F8511E332893B
SHA256: A0A128DA6297968CB2F434628AD4F045E14EBDC8AE3B05DD3D0F21CC954C13CE
  Referenced in post(s):
  TaskManager.xls

TaskManager_V0_0_3.zip (https)
MD5: BF40B4317C7E04E1F65B8CEE55ED3A7A
SHA256: 0D48C2E6986F1DD8FA3A0671A1A53F0FC489923701963031FDC4FA516603EEC1
  Referenced in post(s):
  Update: TaskManager.xls Version 0.0.3

TaskManager_V0_1_0.zip (https)
MD5: 5ED2AB6036CA94FAC7DEE5352718D07C
SHA256: EBCF4832C4DBAB0AFE778E19423EBB56CA4644DA1FDB5B2EB1BB4C27A26DB18C
  Referenced in post(s):
  TaskManager Runs on 64-bit Excel

TaskManager_V0_1_1.zip (https)
MD5: 57D0ED69E034872DE7DF217DD491B732
SHA256: 08FD64B90E34150BD48A54904F04905D84249E7042BF31E6A5AA642B2B855D91
  Referenced in post(s):
  Signed TaskManager

TaskManager_V0_1_2.zip (https)
MD5: DEDB20DA6EE1A622DD3C234D07F5FE08
SHA256: 23EC10C7206BA43B56EF185E7C18EF528FD551FC0B34FFF9E4E183C37A114FF8
  Referenced in post(s):
  Update: TaskManager.xls V0.1.2

TaskManager_V0_1_3.zip (https)
MD5: 38DED14A7A468923C3552A6135CC570C
SHA256: CABD1F73C8D069A85EA439D7AFF736723B5759A6ED929FB3F21A4ADD3D0605BC
  Referenced in post(s):
  Update: TaskManager.xls V0.1.3 Killer Shellcode

TaskManager_V0_1_4.zip (https)
MD5: FBB30486CF0E7A1BEB7342EF4672DE52
SHA256: 30779E09B5B0D1D1AFE9C33B12EDD0982E775A9FA0B0D2A1189835004750FB5F
  Referenced in post(s):
  Update & Split: TaskManager.xls Version 0.1.4

TaskManagerSC_V0_1_4.zip (https)
MD5: 61C6657B2E36F3240A67960BCA413E56
SHA256: FAAB1044318A1EB6FEA09109ABDD982CDFFAEE54DC1C81D3416CC2A69DEEEC70
  Referenced in post(s):
  Update & Split: TaskManager.xls Version 0.1.4


TestIntegrityCheckFlag: Test program for Using DLLCHARACTERISTICS’ FORCE_INTEGRITY Flag blogpost
TestIntegrityCheckFlag.zip (https)
MD5: 7F6E9A0B0440BE80F2287AE4C30A5176
SHA256: 2E60E121C5AE9AFDAA7595E0A2177D65A1F08D39ADA4F1E14605749DEE22B3CE
  Referenced in post(s):
  Using DLLCHARACTERISTICS’ FORCE_INTEGRITY Flag


translate: Python script to perform bitwise operations on files (like XOR, ROL/ROR, …)
translate.zip (https)
MD5: B76FF05E3CB8015F716AC6BF0111BC5A
SHA256: F715854D5C0C7E280515B0A3496B8020C4170288BFA9930FDE58C380F2FB6670

translate_v2_0_0.zip (https)
MD5: 31739EEE90E303A8DA5A995344BA6F5B
SHA256: CFB11380C4193E91D7843F195D9EA086A59829F9CF3DF4016C12ACE8378B052C
  Referenced in post(s):
  Translate


ultraedit_scripts: Collection of UltraEdit scripts
ultraedit_scripts_v0_0_1.zip (https)
MD5: C218BF518291499600B7B769AD3D14EE
SHA256: CE8FAFF9F7708B6CF596EE455735656F902C5DC99A47EB8AA35F217E6E03656C
  Referenced in post(s):
  UltraEdit Scripts

ultraedit_scripts_v0_0_2.zip (https)
MD5: 41AAAFEE0A7E5BAC98B754A57222C656
SHA256: 3977077CF09219E303A8F2E8FD8F6BD7784889EAA5EBBD502D3E84ACE195264B


UndeletableSafebootKey: Tool to generate an undeletable Safeboot registry key
UndeletableSafebootKey_V0_0_0_1.zip (https)
MD5: 2FAC291AD547657E31B157B8581D4601
SHA256: 7A1E42A57BBF8E804491318671AE992947C82DCC9C2001E3033B45E4AEAB2DDE
  Referenced in post(s):
  The Undeletable SafeBoot Key


USBVirusScan: Launch a program, like an AV scanner, each time USB removable storage is plugged-in
USBVirusScan_V1_0_0.zip (https)
MD5: CAC7ACD6F91C35BD5A4FBD9C3CFE92EC
SHA256: BBF6A971D55FF6A5A410C29E0A65E6D53F14F607C528BEDB39C14B90CB0C0CCE
  Referenced in post(s):
  USBVirusScan

USBVirusScan_V1_1_0.zip (https)
MD5: AEC062146B3CF589DDE43FB912A5C6C2
SHA256: 2DDA12E79B05762A8512F27CA2D706E0807BD3542ED6D9D05BE202B764739E5E

USBVirusScan_V1_2_0.zip (https)
MD5: 9E9BAD87B7A16A16597A6EAB6735DB11
SHA256: 629193F33D52281CC073CAAEE0BD77D42CE0863A1E92618636F3DE9A490443F7

USBVirusScan_V1_3_0.zip (https)
MD5: 603F5716EFA4AED4E874353767D32B79
SHA256: 88357BABAE2B19B37EA7C59E56A0230F0F88729DC9A709542538669856411C19

USBVirusScan_V1_4_0.zip (https)
MD5: DB12C83F3ABB8BF56AA21B34E36302B2
SHA256: FC0B850E8F7B5BAED18D10CC09290BBD6FE4E23437C4BE8BD2FE24B9FC7FDBCE

USBVirusScan_V1_5_0.zip (https)
MD5: 93CA837B23F8428CB7C6E93A5B0658EC
SHA256: 5BD2CAEC35FC6B58DF84C79AFEF62E8B8A3BF6F39E2674DCA795E40C61B193A7

USBVirusScan_V1_6_1.zip (https)
MD5: 66F4B177F43ACA511B39E06F3D9EBE84
SHA256: 4618247B522294CF0D6543006892E687A2E1E42C1481648EA829B88E1F58698E

USBVirusScan_V1_7_0.zip (https)
MD5: 84FCDF8FF85378425A3E3F532B7E62F7
SHA256: 26C7C9346AA3B5EB90BE4962CA7CC1EAA39902528D4C954290EBA36DC3122180

USBVirusScan_V1_7_1.zip (https)
MD5: A1BB3B6B92F435F12EB0C1AADA39A401
SHA256: BC79AEDB98A4DBA0AABC13C1448BF2D44B911C6AACC91CC7E1C3CF66656ABFCB

USBVirusScan_V1_7_2.zip (https)
MD5: BDEF7BAE13C10B2B6CD650A89FD910ED
SHA256: 0090C73D6A3725E75C3388387A7A9E869C5D6BEA83E0D4D612E1CB25458163F3
  Referenced in post(s):
  Update: USBVirusScan 1.7.2

USBVirusScan_V1_7_3.zip (https)
MD5: 82A6A55D377D4DD5A200392C4117E39C
SHA256: 13C1FE0DF02D600352A329D4866F76AF60BD837F50930013D2D98D5781348621

USBVirusScan_V1_7_4.zip (https)
MD5: D6893EBD33FFD13C08C32B05DCD534C9
SHA256: C8187C36CBF0F46AD2D999F4EA32E9E18EE05BE9A16D9589C12E3BF91DF0FB30

USBVirusScan_V1_7_5.zip (https)
MD5: 614F200C34C56C4E9FF44506B2776633
SHA256: F5525276A647747336106683D2E7DD17CDDF0E8D6580D15C0299931215954CCA
  Referenced in post(s):
  USBVirusScan


UserAssist: Decode the UserAssist registry data
UserAssist.cab (https)
MD5: DE9D576C0F5FF8D33E039A5064BD8AFF
SHA256: C2417FDA1FE76B12D54366941CB2765AB7825F78AEDF0221C20B262010EAF2CF
  Referenced in post(s):
  A Windows Live CD plugin for my UserAssist utility

UserAssist_V2_3_0.zip (https)
MD5: DAB8BC639839A0CC5328BFE83B1105E6
SHA256: 887227ECBA99AE6D35FADDD549755DFF77A76C9AD24AEE806188D441B4A0C53A

UserAssist_V2_4_0.zip (https)
MD5: 3DA55E23088F07641914E55099913FD4
SHA256: FD10329BE02AFE504C1407EA5A7E28982BBC81C135FBF2208A1DA1DC66BFA3BD

UserAssist_V2_4_1.zip (https)
MD5: 306AE2A04B4B81EAEDE7FD37FDDBB9A5
SHA256: 1FE21D7F77D82B624BB41CB34BE8B7341BC267292DFD6F2DAB9B4A1D2B0D2539

UserAssist_V2_4_2.zip (https)
MD5: C576E0A3F3C1999640D20C03AF815578
SHA256: B314140BEC313A227EF229F94BFE1ACA3D7308D29D7814439E51B3EBD571D1B4

UserAssist_V2_4_3.zip (https)
MD5: A5244C7F83E0DE70600E27F5D3B8AD7D
SHA256: 7E2D107BE84FBBF7E79F1BD11703401A374B5138B2F77E4FF8AFE1A3E749CCDA
  Referenced in post(s):
  UserAssist
  Update: UserAssist Tool Version 2.4.3

UserAssist_V2_6_0.zip (https)
MD5: 04107FE15FC676B7A701760C9C6D2F81
SHA256: F6F73F4E00905A7727ED4136DE875DD1FBCF4B90FFEE4B93D4A46E58C0314D45
  Referenced in post(s):
  UserAssist Windows 2000 Thru Windows 8

UserAssistWindows7LaunchParty.zip (https)
MD5: 2921432E1DC65C3A4D12F738372A02BE
SHA256: EB7ED7052F194B19B73E697467A1FE25D1DDF1D58F16CED60EC711EC97797667
  Referenced in post(s):
  A Windows 7 Launch Party Trick!


virtualwill: HTML program to store your will
virtualwill.html (https)
MD5: C5DA37020D74F96F4D3762C9557CD15C
SHA256: 59789A484F46072CE23C57005B81F487901DA6F2B5C80B018DE6C25A07EE26C0
  Referenced in post(s):
  The Ultimate Disaster Recovery Plan


VirusAlert: C# PoC program that monitors the event log for virus alerts and displays customized messages for the user
VirusAlert.zip (https)
MD5: 2812C7377C9A6D185DE2F3D0B004FCC9
SHA256: 20255CEBC3341F4E28C5ABC75D388291CB5DD270109A04F35B95F5140E170BD2
  Referenced in post(s):
  Customized Anti-Virus alert messages


virustotal-search: Search VirusTotal for provided hashes
virustotal-search_V0_0_1.zip (https)
MD5: 0F3A1E18C79DFDB143CCC2F860E2C4B2
SHA256: BD213BBC55A9048DBB7B890209E2831EF81049B45ABE9091E01F0692F4F23283

virustotal-search_V0_0_2.zip (https)
MD5: 0D3C70213DD59CC935ED999A038237D6
SHA256: 83DBC2428901CA2AE308D6A2863EB3B0FDC170C3F0801FC755FF4EA7AAE5ADE1
  Referenced in post(s):
  Searching With VirusTotal

virustotal-search_V0_0_3.zip (https)
MD5: 89D48483B8CF48A11A26314CC3A7631C
SHA256: A66A264A772CB9AEE356E1CF902E93FCA8CDE77233A09DB4999BCF15FA45EDF9
  Referenced in post(s):
  Update: virustotal-search

virustotal-search_V0_0_8.zip (https)
MD5: 011C88A9C9026A32DA473187A64E880C
SHA256: 30711202BB0CD01A17AFA7BB8BBFE1545B6A840BDB91D83C7753300EF7E71A8F
  Referenced in post(s):
  VirusTotal: Searching And Submitting

virustotal-search_V0_0_9.zip (https)
MD5: FECD02796889CDFE9FA67287F2DE567C
SHA256: 0CE06CBAFC6341835EB8A62377F5C4EB067747EE28E7ED8BB25FD69A4B99FA97
  Referenced in post(s):
  Update: virustotal-search.py

virustotal-search_V0_1_0.zip (https)
MD5: 0141D3677F759317034C416EBF9FF30D
SHA256: FE07859C3FA09DA120D3104FF982AF0D78ADFCF099A10E46E254823502DF4EE4
  Referenced in post(s):
  VirusTotal Tools
  4 Times Faster virustotal-search.py

virustotal-search_V0_1_1.zip (https)
MD5: 67571F6926D0D652FD5E39019A503DB5
SHA256: E576E67AB3F91625942B93B106E94EFEFE769B4F19A3CD8BA1E1D506786F658F


virustotal-submit: Submit files to VirusTotal for scanning
virustotal-submit_V0_0_1.zip (https)
MD5: 8793C3276822DDE36BA0804D3390AD4D
SHA256: F17B9EEC408833039AE63FCED9F6114F99AADFBE9D547AE88B2C3A6E54AE91B4
  Referenced in post(s):
  VirusTotal: Searching And Submitting

virustotal-submit_V0_0_2.zip (https)
MD5: 1152A8507FE7A668DCDF5C44DEAD11DF
SHA256: D5A4E5C3E80F98D4A82A128D8C9DBA395C2B9CDFE9F37E2B0882904D47673CE5
  Referenced in post(s):
  Bugfix virustotal-submit.py Version 0.0.2

virustotal-submit_V0_0_3.zip (https)
MD5: 3F9F5421F711E2930AB6F80D87DF9E2B
SHA256: 37CCE3E8469DE097912CB23BAC6B909C9C7F5A5CEE09C9279D32BDB9D6E23BCC
  Referenced in post(s):
  VirusTotal Tools
  Update: virustotal-submit.py V0.0.3


vs: Python program to take surveillance pictures from IP-cameras
vs_v0_2.zip (https)
MD5: DB806B49705D544F4B928A8F76622125
SHA256: 042FA2CE1F5AEBD433D59B9D4755783E6CE58014FE59086C6A2A8E8781C63B45
  Referenced in post(s):
  Quickpost: More Picture-Taking with Python

vs_v0_4.zip (https)
MD5: A2AFAD9E581798F1D986A0AE9DF64577
SHA256: C3AC4892A71DF79E3BA87714CB6323D157C7E74C838EDE81013C96DD4EAD0238
  Referenced in post(s):
  Update: vs.py

vs_v0_5.zip (https)
MD5: 83B6DE93E6E26B510E2FBC80C0FF3C17
SHA256: DE3D4DC8D00692BE57F4A8B0A13BB4E3FAE9564ECE444EA04A890B65EED2D538
  Referenced in post(s):
  Update: vs.py Version 0.5


whoami: Firefox addon to identify your profile
whoami_-0.1.0-fx.zip (https)
MD5: A786464D84C4AFD09FB76467EE8AB27C
SHA256: 735B7B883ED673C3FDD439E9B3B61714ED742250B7AA43AA9CDA123CD8C4A7EC

whoami_-0.1.1-fx.zip (https)
MD5: BFFA2F2518146347D2067BFAA002D523
SHA256: FA90B8B4F3AB2A8CD34A2978C6C042D74BE24DC99B88840BA892DC21FC7FF90F
  Referenced in post(s):
  WhoAmI? Firefox Extension

whoami_-0.1.2-fx-puzzle.zip (https)
MD5: 2D68D7782B0D2249C10B5BE9AEBD9A51
SHA256: 7D9CEFEB78B6E028CE153CAF42A0D128CA8352B60886E799BF3963E1A217113F
  Referenced in post(s):
  A New Version of WhoAmI? and Another Little Puzzle

whoami_-0.1.2-fx.zip (https)
MD5: 0A366D2D56FC93F3A3314C09732E2377
SHA256: C53FF78CBD84F7F4E7F302D95F094456F3D20E8681B0394CA261A066265B202D
  Referenced in post(s):
  A New Version of WhoAmI? and Another Little Puzzle

whoami_-0.1.3-fx.zip (https)
MD5: 624548E28B6AADB6E4E7F2CA35CA62DC
SHA256: BB3BFEFBBBD3AD5CDB2698375579DEF171433EE31DB661174F6475A4DEC5B181
  Referenced in post(s):
  Update: WhoAmI? Version 0.1.3

whoami_-0.1.4-fx.zip (https)
MD5: 7FFB2092549079A111C09A7E4A5EFE10
SHA256: CF9EAD524AEE04F1AD8F9893CF9DC558D03FABC25875B6BB52CAC567E3C1465E


wireshark-export_v0_0_1.zip (https)
MD5: B339EFD0898B6506CBEAAFCBCE08B3A6
SHA256: 557B39246FAC3BD91CE24EAD3DF07F8B68100778241393A26C67A566756C404B
  Referenced in post(s):
  Wireshark-export


wireshark-lua-dissectors_V0_0_1.zip (https)
MD5: F1F9F1E70CDC5B9931D6086E633698BB
SHA256: B608A83409F2EB3D15155845D4DA5473230DCD970A18AB3DCD28A7C4211478D0
  Referenced in post(s):
  TCP Flags for Wireshark


wireshark-tools-v0_0_1.zip (https)
MD5: 30232A81CBD0DEE275C2A3CDAF7E333C
SHA256: E45CE8AF5417A8A1C857FDF84F2FD92860738CF2E723A64A730F606D2C495064
  Referenced in post(s):
  The Credentials Listener


WMFTemplate: 010 Editor Template for WMF file format
WMFTemplate.zip (https)
MD5: F3B1480744EDED9A07DE060EE04B3F33
SHA256: 9F441E5E37A93F36222307902FE167DA3D0C11EFCC63D30528928053D4798082
  Referenced in post(s):
  Analyzing a Suspect WMF File


wmi-sc: WMI script for Security Center data
wmi-sc.zip (https)
MD5: 116274B40CDC5E82D9B5C7A9FFF24F2B
SHA256: 6994694B622C047DFE25EED0022CECAE235BEB4CED3E2981965721568DC0C8D3
  Referenced in post(s):
  Windows Security Center: Under the Hood


wsrradial: wi-spy radial WiFi plotting tool
wsrradial.zip (https)
MD5: 1BFAEC5138F76AE567BE460B1267E8BC
SHA256: B3BFEF73628388E58E13DC1E1D7BED1AED3204F03AAF3A2175F2C863E6D83FF2
  Referenced in post(s):
  wsrradial


wsrtool: wi-spy wsr files tool
wsrtool.zip (https)
MD5: 2781D0ED2EF6A490C5C8A857E4FD4350
SHA256: 3B2E076EBA9E73EAF8E7D70C1B155E087D9642822AD4C48FE9A82282D9CFAC3A
  Referenced in post(s):
  wsrtool

wsrtool_v0_2.zip (https)
MD5: 812ED5DA71AFEB55627540CB69657FF5
SHA256: 0FB288F02452D0927F9D8C36A4FADA89B4125852CBE6D0EB6FF7ED89D66F83EE
  Referenced in post(s):
  Update: wsrtool


XORSearch: Bruteforce a file for XOR, ROL, ROT, SHIFT, … encoding and search for a string
XORSearch_V1_0.zip (https)
MD5: 3BECC4447C7318E4122503AD20606E93
SHA256: E6A52997C5AE7F2DBF32D1400FE4726314B0D9E2A369932FE46C5542EDB98B87

XORSearch_V1_10_0.zip (https)
MD5: 23809A03C63914B0742B7F75B73E1597
SHA256: 97BFBC5E8C59F60E10ABDA2D65DF4200B10BE14662D4A447797B341C9AAE17D8
  Referenced in post(s):
  XORSearch: Finding Embedded Executables

XORSearch_V1_1_0.zip (https)
MD5: 6783AE78ECCE5FEBA3FF6128D0BB0FA8
SHA256: 819CC5BF930059EB8A19C95C6C5BE8EC5722BBC79A843DA8D198603B23FB09BE

XORSearch_V1_2_0.zip (https)
MD5: F4AECC366048AA429A1FE1E6EA220C8E
SHA256: 04AACEED17AFA98283110BDE49B6A72988BCE0E2328575F37253DB3958E03AD2

XORSearch_V1_3_0.zip (https)
MD5: 0A1F5DD50924E574A6624DF872A98C78
SHA256: FFC7E2D48512DB0BD2F13A0074E374E1BFE658A620A40E38FC451E07C9F7807C

XORSearch_V1_4_0.zip (https)
MD5: AA04084644BD49174CDD41020E16396E
SHA256: 6E41A34C1867F78FC28533FFBDC793AD46C5F927088CBF9828D9A774BB2D7986

XORSearch_V1_6_0.zip (https)
MD5: F672F95F49DD72ECCF93D1779BB0EBCC
SHA256: B2D0E60C5A04164E176A3B3CA8C91631FFE145D3E4DFE0118C091262626B6242

XORSearch_V1_7_0.zip (https)
MD5: EA4C659568720CE69EC5DF6EA5688C3F
SHA256: E14584DE3ECE565CFCA2D1D193E6F6DCD0348FE6C80F949784CF3F4F56191E69

XORSearch_V1_8_0.zip (https)
MD5: 0C252EDEBC85D8F0F9DDB8D1AA11E12E
SHA256: C193D8275C80BE64D7734D8464C7F7F4AA394A983BC4939D531DD488E8550E66

XORSearch_V1_9_0.zip (https)
MD5: 6DA3B4ADD5187067D26FEBFD341502CA
SHA256: DC9283222D68696E67ED7D8BCBFD043F1ABF2B67C8DB8E9B29072948EFD3890D

XORSearch_V1_9_1.zip (https)
MD5: A2B82226E7B5D38BEF0981A815A96864
SHA256: BD6D9A88E673119D37A52D2F224A12B2F7CCABC1EB84D1F75CA3DE1D172E6DEB

XORSearch_V1_9_2.zip (https)
MD5: BF1AC6CAA325B6D1AF339B45782B8623
SHA256: 90793BEB9D429EF40458AE224117A90E6C4282DD1C9B0456E7E7148165B8EF32
  Referenced in post(s):
  XORSearch & XORStrings
  Update: XORSearch Version 1.9.2


XORStrings: Bruteforce a file for XOR, ROL, ROT, SHIFT, … encoding and dump strings
XORStrings_V0_0_1.zip (https)
MD5: 27DA0B3BC5296179CB58181BDFF99F8D
SHA256: 5EA7E063A41E38E9E6277F1CD73FCEA2AEF50C33C44D75C226900314FF84A1B5
  Referenced in post(s):
  XORSearch & XORStrings
  New Tool: XORStrings


ZIPEncryptFTP: Zip files, encrypt ZIP file, upload via FTP
ZIPEncryptFTP_V1_2_1.zip (https)
MD5: 8C11212F459BF9D540F53D1213BC1323
SHA256: 90BA06D33B09F1E0150830A243FDBB052D4AD24CAC5403847A39995DDD1F6929
  Referenced in post(s):
  ZIPEncryptFTP

ZIPEncryptFTP_V1_2_1_Source.zip (https)
MD5: 75DC4992552A1A07F634A989D5E1436B
SHA256: A575D77D96C089CDA54E9EC2054B200B6C50830206E2498D40D9A0333A60F52C
  Referenced in post(s):
  ZIPEncryptFTP

4 Comments »

  1. Hi I saw you XLS its really impressive .

    Comment by sanjay — Thursday 12 May 2011 @ 13:47

  2. good day sir, I’m from the Philippines and running a small coin operated computer cafe. Players/user in my shop can now disable/stop the timer using your post here. http://blog.didierstevens.com/2012/05/01/update-taskmanager-xls-v0-1-3-killer-shellcode/. I was just worndering if you could show me how to restrict this from running. I know nothing about codes I’m just a small fellow who wants to earn money to support my family..
    Thank you and have a good one..

    Comment by reo — Tuesday 12 November 2013 @ 20:47

  3. @reo You can restrict this by disabling Excel macros, or uninstalling Excel.

    But that is not the root cause. The root cause is that a user in your cafe has the right to open the timer process. This is because a) users are running as local admin or b) the timer process is running with the account of the user.

    So you should resolve a or b.

    Comment by Didier Stevens — Thursday 14 November 2013 @ 0:15

  4. […] I finally compiled a list of the software I published. You can find it under My Software. […]

    Pingback by My Software | Didier Stevens — Wednesday 26 February 2014 @ 21:33


RSS feed for comments on this post. TrackBack URI

Leave a Reply (comments are moderated)

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

The Rubric Theme. Blog at WordPress.com.

Follow

Get every new post delivered to your Inbox.

Join 228 other followers

%d bloggers like this: