Didier Stevens

Wednesday 30 March 2022

New Tool: xlsbdump.py

Filed under: My Software — Didier Stevens @ 0:00

This is a new tool to parse XLSB files.

It is still in beta.


  1. Sorry to ask about Cobalt Strike:


    Is it possible to distinguish Crooks and Red-Teams with the Trial/Lisence or the Watermark field?

    The domain or the “from_IP” is the C2 Server?

    $File = ‘c:\users\[user]\downloads\beacons-2022.jsonl’
    $Cobalt = get-content $File | ConvertFrom-Json


    Comment by A. No — Wednesday 30 March 2022 @ 11:15

  2. I do not mind answering you questions about Cobalt Strike. But can you please post them under a related blog post or page? Having a discussion about CS under an Excel file format tool, can be very confusing for other readers.
    So please post your question under a related post, for example my latest 1768.py post. And I’ll happily answer it there, and then remove this comment. Thanks.

    Comment by Didier Stevens — Sunday 3 April 2022 @ 15:14

RSS feed for comments on this post. TrackBack URI

Leave a Reply (comments are moderated)

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Blog at WordPress.com.