Didier Stevens

Monday 21 May 2018

Video: SpiderMonkey Output Options

Filed under: My Software — Didier Stevens @ 10:43

I created a video to illustrate the new features of my modified SpiderMonkey version:

Tuesday 8 May 2018

Update: base64dump.py Version 0.0.9

Filed under: My Software,Update — Didier Stevens @ 0:00

During last week’s private maldoc training, I got the idea to update base64dump with 2 extra encodings, and add YARA support.

The new encodings are “bx = backslash hexadecimal” like \x90\x90… and “ah = ampersand hexadecimal” like &H90&H90…

Support for YARA rules is identical to my other tools, like oledump.

In this example, I use a YARA rule to detect hex-encoded PE files:

 

base64dump_V0_0_9.zip (https)
MD5: 4CF9F57AD34CC728B05F1307219864BB
SHA256: 01264F82CEFB7B1D2DF51A8DB190840FE6C368C9C3D63566CF14CE4983F73D5A

Sunday 6 May 2018

Update: oledump.py Version 0.0.34

Filed under: My Software,Update — Didier Stevens @ 17:05

Often when I provide training, I get new ideas. This week’s private maldoc training was no different: here’s a new version of oledump with changes inspired by this training.

When you select a stream with a prefix, like A3, you no longer have to type the prefix if it’s A (e.g. the first embedded OLE file).

And I have a new plugin for encrypted documents (plugin_office_crypto.py), more on this in an upcoming blogpost.

oledump_V0_0_34.zip (https)
MD5: 1BE4E08DE1B1E73D5808AECE1BD09852
SHA256: 74F1B05E50D2AF8072505587438BB8959F174BAF76ED6255116E806642E6C4B0

Tuesday 1 May 2018

Overview of Content Published In April

Filed under: Announcement — Didier Stevens @ 8:23

Here is an overview of content I published in April:

Blog posts:

YouTube videos:

SANS ISC Diary entries:

NVISO Blog posts:

Blog at WordPress.com.