This new version of virustotal-search.py accepts input from stdin.
Sunday 23 October 2016
Saturday 22 October 2016
I added dumps to this new version of cut-bytes.py:
Monday 17 October 2016
This new version has a couple of new options (–decoderdir and –plugindir) and a bugfix.
Friday 14 October 2016
There are Office maldocs out there with some complex payload decoding algorithms. Sometimes I don’t have the time to convert the decoding routines to Python, and then I will use the VBA interpreter in Excel. But I have to be careful not to execute the payload, just decode it. In the following video, I show how I do this.
Friday 7 October 2016
I produced 3 videos to show you how to use my rtfdump.py tool to analyze (malicious) RTF files.
Here is a video for sample 07884483f95ae891845caf0d50ce507f:
Here is a video for sample 4483ad299158eb54f6ff58b5346a36ee:
Monday 3 October 2016
Here is an overview of content I published in September:
- Update: translate.py Version 2.3.1
- decoder-search.py Beta
- Quickpost: Enhancing Radare2 Disassembly Listing
- Malware: Process Explorer & Procmon
- Malware: FakeNet-NG
- Maldoc VBA: .pub File
- Maldoc VBA: decoder.xls
- Maldoc VBA: Shellcode
SANS ISC Diary entries: