Didier Stevens

Wednesday 29 August 2012

Update: InteractiveSieve 0.7.6

Filed under: My Software,Update — Didier Stevens @ 13:18

The most important feature in this new version is the pivot table. You can select 2 columns and generate a pivot table for the data in these columns. Here is an example with data from a new tool I’m working on:

FYI: this shows which root certificates are present in the AuthentiCode signatures using MD5 or SHA1.

Here’s a list of changes:

  • Quick fix for empty field bugs reported by Troy Larson
  • Replaced Copy button in Values form with Copy Values and Copy All
  • Added hide doubles column command
  • Added Hide column; row counter & timer
  • Added Load from clipboard (paste)
  • Added Generate…
  • Added “Has header row” option, code for version 0.7.3 provided by Patrick Thomas

InteractiveSieve_V_0_7_6_0.zip (https)
MD5: 37C18D2E41CB311442E033F253818057
SHA256: 5758289A939388FDB73617DAD686EBD2B79D1E48444A772946E7606DAF49DB05

Tuesday 28 August 2012

Update: USBVirusScan 1.7.5

Filed under: My Software,Update — Didier Stevens @ 18:56

This new version of USBVirusScan displays a banner when a USB stick is inserted. You specify the text of the banner in text file banner.txt.

Option -b enables this banner and displays it the first time a removable drive is mounted. Option -B displays the banner each time a removable drive is mounted.

You can find this new version here.

Tuesday 14 August 2012

Update: InstalledPrograms.xls V0.0.2

Filed under: My Software,Update — Didier Stevens @ 21:39

I fixed InstalledPrograms as earthsound suggested: now I include 32-bit installations on 64-bit systems (provided you use 64-bit Excel).

InstalledPrograms_V0_0_2.zip (https)
MD5: 383D9EC2B520E930A8484F1BD0B99534
SHA256: B174A5A9A366799B5C7CB99D6FD83643E5AE8155FBC52ADCEDA836FFF9281766

Wednesday 8 August 2012

Video: Hardening Windows processes

Filed under: My Software,Vulnerabilities — Didier Stevens @ 8:04

Help Net Security recorded a video with me speaking about EMET and HeapLocker at Hack In The Box Amsterdam 2012.

Friday 3 August 2012

Prefetch File 010 Template

Filed under: Forensics,My Software — Didier Stevens @ 9:49

I had some problems with a Windows XP prefetch file, so I wrote a 010 Editor template using the Forensics Wiki’s information on prefetch files.

PFTemplate.zip (https)
MD5: 11F6BB8EC0D29CBCC7C2F269E9900AF0
SHA256: 4429380778C94E47427C1753BAF91E0D8AF78985AA9F3868CF3FC07456F7BAFA

Blog at WordPress.com.