This new version of base64dump adds decoding of netbios name encoding with lowercase letters.
base64dump_V0_0_21.zip (http)MD5: 5701B6D9691E366ED5E2EE6D06689012
SHA256: BE939E0225C83319A31A096DA29C1CA9D3C575DCCE9C1795814B335BD0871E92
Sunday 15 May 2022
Update: base64dump.py Version 0.0.21
MD5: 5701B6D9691E366ED5E2EE6D06689012
SHA256: BE939E0225C83319A31A096DA29C1CA9D3C575DCCE9C1795814B335BD0871E92
Saturday 14 May 2022
Update: oledump.py Version 0.0.67
This new version of oledump.py brings support for user defined properties and an update to plugin plugin_msg_summary.py
Office documents with VSTO applications have user defined properties. These properties can be extracted with my plugin plugin_medata.py, but not with the current version of olefile.
However, the development version of olefile can be used to extract these properties. This new version of oledump checks if the olefile module has a function to extract user defined properties (get_userdefined_properties), and if it does, it calls it when analyzing metadata:
I added URL extracting to my plugin plugin_msg_summary, a plugin to summarize the content of an .msg file (Outlook email).
MD5: D6D1748A98AEA3D922D99415E908C609
SHA256: 092A2EA0FBB67357FC5E4D7B8E266B52EA242C147609FD025616754EAA2532E1
Friday 13 May 2022
Update: zipdump.py Version 0.0.22
This is just a bugfix version.
zipdump_v0_0_22.zip (http)MD5: 68F9F3809E4E1F9ADE4A4C3835CDF475
SHA256: 92ED372579001C826D5AF31615B8334CC798FF2DA4AF8B7C46267BF7D995C757
Sunday 8 May 2022
Update: cs-parse-traffic.py Version 0.0.5
In this update for cs-parse-traffic.py, my tool to decrypt & parse Cobalt Strike traffic, I added some error handling.
cs-parse-traffic_V0_0_5.zip (http)MD5: CFF6D97E816B23065F051D91B0F101A6
SHA256: 69763EB4D3A163824B417A0E23131B318F5E97198F255ECE449A65D4360C6302
Thursday 5 May 2022
Update: oledump.py Version 0.0.66
This new version of oledump.py brings some fixes and an update to plugin plugin_vbaproject to decode and display the password for plaintext passwords:
MD5: 20D89F0477ED7B533C2B0C6D27EC4255
SHA256: F67051EF2FA3FD42206C5ADFAC807C94ECD5F7F0F6427433B366217F675D3195
Sunday 1 May 2022
Overview of Content Published in April
Here is an overview of content I published in April:
Blog posts:
- Power Consumption Of A Philips Hue lamp In Off State
- .ISO Files With Office Maldocs & Protected View in Office 2019 and 2021
- New Tool: myjson-filter.py
- Update: cut-bytes.py Version 0.0.14
- Update: 1768.py Version 0.0.13
- New Tool: pngdump.py (Beta)
- Update: re-search.py Version 0.0.19
- Update: oledump.py Version 0.0.65
- Quickpost: Machine Code Infinite Loop
- curl 7.82.0 Adds –json Option
- jo
- Method For String Extraction Filtering
- Video: Method For String Extraction Filtering
- Office Protects You From Malicious ISO Files
- Video: Office Protects You From Malicious ISO Files
- Sysmon’s RegistryEvent (Value Set)
- Analyzing a Phishing Word Document
- YARA 4.2.1 Released
Didier Stevens 