Blog posts:
- New Tool: cs-extract-key.py
- Update: 1768.py Version 0.0.9
- Update: cs-decrypt-metadata.py Version 0.0.2
- Update: 1768.py Version 0.0.10
- Update: base64dump.py Version 0.0.18
- Update: cs-decrypt-metadata.py Version 0.0.3
- New tool: cs-analyze-processdump.py
- New Tool: cs-parse-traffic.py
- Update: cs-extract-key.py Version 0.0.3
- Decrypting Cobalt Strike Traffic With Keys Extracted From Process Memory
- Decrypting Cobalt Strike Metadata Without and With Malleable C2 Instructions
- Obfuscated Maldoc: Reversed BASE64
- YARA Rules for Office Maldocs
- Decrypting Cobalt Strike Traffic With Keys Extracted From Process Memory
- Decrypting Cobalt Strike Metadata Without and With Malleable C2 Instructions
- Obfuscated Maldoc: Reversed BASE64
- YARA Rules for Office Maldocs
- Decrypting Cobalt Strike Traffic With a “Leaked” Private Key
- Sysinternals: Autoruns and Sysmon updates
- Video: Phishing ZIP With Malformed Filename
- Decrypting Cobalt Strike Traffic With Keys Extracted From Process Memory
- Video: Decrypting Cobalt Strike Traffic With Keys Extracted From Process Memory
- Obfuscated Maldoc: Reversed BASE64
- Video: Obfuscated Maldoc: Reversed BASE64
- External Email System FBI Compromised: Sending Out Fake Warnings
- Backdooring PAM
- Simple YARA Rules for Office Maldocs
- YARA Rule for OOXML Maldocs: Less False Positives
- YARA’s Private Strings
- Video: SANS Holiday Hack Challenge 2021 Q&A with Ed Skoudis
- Video: YARA Rules for Office Maldocs
- Wireshark 3.6.0 Released
Didier Stevens 