Didier Stevens

Friday 31 May 2019

Update: hex-to-bin.py Version 0.0.2

Filed under: My Software,Update — Didier Stevens @ 10:47

This new version comes with option -a to parse ASCII/hexdumps as produced by my tools.

Option -s can be used to select another hexadecimal/ASCII dump than the first one (for example, -s 2 to select the second dump).

Option -l (list) can be used to produce an overview of all hexadecimal/ASCII dumps found in the input, together with an index number to be used with option -s.

hex-to-bin_V0_0_2.zip (https)
MD5: 4F415E4117EC497C52E244A7087E36B9
SHA256: D283C312CC169419BC16D9199F5EC850D5D7565B9FDB272CA5236F97EDAD22C3

Saturday 1 June 2019

Overview of Content Published in May

Filed under: Announcement — Didier Stevens @ 0:00

Here is an overview of content I published in May:

Blog posts:

YouTube videos:

Videoblog posts:

SANS ISC Diary entries:

NVISO blog posts:

Saturday 20 April 2019

Extracting “Stack Strings” from Shellcode

Filed under: Malware,My Software,Reverse Engineering — Didier Stevens @ 0:00

A couple of years ago, I wrote a Python script to enhance Radare2 listings: the script extract strings from stack frame instructions.

Recently, I combined my tools to achieve the same without a 32-bit disassembler: I extract the strings directly from the binary shellcode.

What I’m looking for is sequences of instructions like this: mov dword [ebp – 0x10], 0x61626364. In 32-bit code, that’s C7 45 followed by one byte (offset operand) and 4 bytes (value operand).

Or: C7 45 10 64 63 62 61. I can write a regular expression for this instruction, and use my tool re-search.py to extract it from the binary shellcode. I want at least 2 consecutive mov … instructions: {2,}.

I’m using option -f because I want to process a binary file (re-search.py expects text files by default).

And I’m using option -x to produce hexadecimal output (to simplify further processing).

I want to get rid of the bytes for the instruction and the offset operand. I do this with sed:

I could convert this back to text with my tool hex-to-bin.py:

But that’s not ideal, because now all characters are merged into a single line.

My tool python-per-line.py gives a better result by processing this hexadecimal input line per line:

Remark that I also use function repr to escape unprintable characters like 00.

This output provides a good overview of all API functions called by this shellcode.

If you take a close look, you’ll notice that the last strings are incomplete: that’s because they are missing one or two characters, and these are put on the stack with another mov instruction for single or double bytes. I can accommodate my regular expression to take these instructions into account:

This is the complete command:

re-search.py -x -f "(?:\xC7\x45.....){2,}(?:(?:\xC6\x45..)|(?:\x66\xC7\x45...))?" shellcode.bin.vir | sed "s/66c745..//g" | sed "s/c[67]45..//g" | python-per-line.py -e "import binascii" "repr(binascii.a2b_hex(line))"

Thursday 7 January 2016

BlackEnergy .XLS Dropper

Filed under: maldoc,Malware — Didier Stevens @ 0:00

I’m providing a 2-day training at Brucon Spring Training 2016: “Analysing Malicious Documents“.

I analyzed the spreadsheet (97b7577d13cf5e3bf39cbe6d3f0a7732) used in the recent BlackEnergy attacks against Ukrainian news media and electric industry.

numbers-to-hex_V0_0_1.zip (https)
MD5: 9050768633DDADF34900DAB0061F3B24
SHA256: 00B099F3939251F2027F2705AD08AE352C0FC447C86EB3271721FB2935CF71B6

hex-to-bin_V0_0_1.zip (https)
MD5: 18FC870888B333D8B081CE3E31428A1B
SHA256: 17B4257C6951C792FFE64EDDDFF20674AD07DE2699EF066BDF7A548DA09E6592

Thursday 3 February 2011

My Software

Filed under: — Didier Stevens @ 12:51

This list is a work in progress (i.e. it will never be completely up-to-date). It will list all my published software with cross-referenced blogposts.

I try to update it on a monthly basis (last update 2019/05/31).

If you get errors running one of my programs, read this first.

Applications:
AnalyzePESig: Analyze digital signature of PE file
apc-b: Send beacon frames with AirPcap
apc-channel: AirPcap channel hopper
apc-pr-log: AirPcap probe requests logger
Ariad: Tool (driver) to prevent inserted USB sticks from executing code
avr-teensy-pdf-dropper: WinAVR PoC to program Teensy to drop PDF file
base64dump: Extract base64 strings from file
BinaryTools: simple binary tools: reverse (reverses a file) and middle (extract sequence from file)
bpmtk: Basic Process Manipulation Tool Kit
BruteForceEnigma: C# program to bruteforce ENIGMA encoded text
byte-stats: Calculate byte statistics
CASToggle: Utility providing more control over .NET CAS enforcement
Challenger: Small program for simple reverse-engineering challenges
cipher-tool: tool to encode and decode with simple ciphers
cisco-calculate-ssh-fingerprint: Calculate the SSH fingerprint of a Cisco IOS device
ClipboardTransformer: Clipboard utility
cmd-dll: ReactOS cmd.exe transformed into a dll
count: count unique items
CounterHeapSpray: Process hardening tool, my PoC for Microsoft BlueHat Prize Contest
CreateCertGUI: Generate your own OpenSSL certificate
cut-bytes: Cut a section of bytes out of a file
decode-vbe: Decode VBE files
decompress_rtf: Tool to decompress compressed RTF
defuzzer: Generate the original file by combining fuzzed files.
disinformational-tweets: Python program to Tweet (obsolete)
disitool: Tool to work with Windows executables digital signatures
DumpStrings: 010 Editor Script to dump strings (integrated since version 4)
EICARgen: Program to generate an EICAR file (EICAR AV test file)
emldump: Analyze MIME files
EnforcePermanentDEP: Enable permanent DEP in the loading process (Windows XP)
extractscripts: Utility to check HTML file and generate a separate file for each script in the HTML file
file-magic: Essentialy a wrapper for file (libmagic)
file2vbscript: Embeds executable into vbscript script
FileGen: Command-line program to create test files of different lengths
FileScanner: Tool to scan files for patterns
find-file-in-file: Check if a file is embedded inside another file, even non-contiguous
format-bytes: This is essentialy a wrapper for the struct module
fuzzer: 010 Editor Script implementing a simple fuzzer
hash: This is essentialy a wrapper for the hashlib module
headtail: Output head and tail of input
HeapLocker: Process hardening tool, a bit like EMET, but open source
hex-to-bin: convert hexadecimal to binary
InstalledPrograms: List installed programs with Excel/VBA
InteractiveSieve: GUI tool to visualize and analyze logs, data, … by “sifting”
jpegdump: JPEG file analysis tool
js-1.5-mod: SpiderMonkey JavaScript interpreter modifications
js-1.7.0-mod: SpiderMonkey JavaScript interpreter modifications
js-unicode-escape: 010 Editor Script to convert bytes to a Unicode escape encoded string for JavaScript
js-unicode-unescape: 010 Editor Script to convert a Unicode escape encoded string to bytes
keihash: Calculate SSH Key Exchange Init (KEI) hash: KEIHash
ListModules: Analyze digital signature of all executables in processes
ListSharesSecurityWithWMI-VS2001: C# example for share security enumeration with WMI
LNKTemplate: 010 Editor Template for LNK file format
LoadDLLViaAppInit: DLL to load other DLLs via appinit registry key
LockIfNotHot: Automatically lock Windows computer when user walks away, requires IR thermometer
lookup-tools: IP-address and hosts lookup tools
LowerMyRights: Restricts the rights of an existing process
make-pdf: Set of Python programs to generate all kinds of PDF files
md5_authenticode: MD5 Authenticode collision PoC
MIFAREACR122: Python program to read and write 1K MIFARE RFID tags with ACR122 contactless reader/writer
MovingXORSelection: 010 Editor Script to perform a moving XOR of the current selection
msoffcrypto-crack: Crack MS Office document password
my-shellcode: My shellcode collection
MyEFSService: PoC for Malicious Cryptography blogpost
MySafeModeService: PoC for Playing with Safe Mode blogpost
NAFT: Network Appliance Forensic Toolkit
NetworkMashup: Network utilities (ping, DNS) written in Excel/VBA
NewPasswordStats: Password auditing password filter
nmap-xml-script-output: nmap xml script output parser
nocalcpoc: No calc PoC
nsrl: NSRL tool
numbers-to-hex: convert decimal numbers into hex numbers
numbers-to-string: convert numbers into a string
oledump: Analyze OLE files (Compound Binary Files)
OllyStepNSearch: Plugin for OllyDbg
password-history-analysis: Program to analyze password history
Paste: paste does the opposite of clip, read the clipboard and write it to stdout
pcap-rename: program to rename pcap files with a timestamp
pdf-parser: PDF analysis program
pdfid: PDF triage program
PDFTemplate: 010 Editor Template for PDF file format
pecheck: wrapper for pefile
peid-userdb-to-yara-rules: Convert PeID userdb to YARA rules
PFTemplate: 010 Editor Template for PF file format
psurveil: Photo Surveillance for N800
python-per-line: Program to evaluate a Python expression for each line in the provided text file(s)
re-search: Program to use Python’s re.findall on files
regedit-dll: ReactOS regedit.exe transformed into a dll
rtfdump: Analyze RTF files
RTStego: Rainbow table steganography
runasil: Launches program with a low integrity level
RunInsideLimitedJob: Start program and run it inside a limited job
SE_ASLR: Force ASLR on Windows Explorer Shell Extensions
search-and-replace-with-wildcards: 010 Editor Script for search and replace with wildcards
SelectMyParent: Launch a program and select its parent
SendtoCLI: GUI tool for CLI commands
setdllcharacteristics: Tool to set DEP, ASLR, … flags of a Windows executable
sets: Set operations on 2 files: union, intersection, subtraction, exclusive or
shellcode2vba: Convert shellcode to VBA
shellcode2vbscript: Convert shellcode to VBA
ShellCodeLibLoader: ShellCode With a C-Compiler
ShellCodeMemoryModule: Generates DLL-loading shellcode from memory
shift: 010 Editor Script to shift bytes in a file or selection
simple-shellcode-generator: Python program to generate 32-bit shellcode (assembler code)
SimpleEncoder: 010 Editor Script to encode current selection by shifting characters
split: Split a text file into X number of files (2 by default)
strings: Strings command in Python
Suspender: DLL that suspends its host process
TaskManager: Windows Task Manager written in Excel/VBA
TestIntegrityCheckFlag: Test program for Using DLLCHARACTERISTICS’ FORCE_INTEGRITY Flag blogpost
translate: Python script to perform bitwise operations on files (like XOR, ROL/ROR, …)
ultraedit_scripts: Collection of UltraEdit scripts
UndeletableSafebootKey: Tool to generate an undeletable Safeboot registry key
USBVirusScan: Launch a program, like an AV scanner, each time USB removable storage is plugged-in
UserAssist: Decode the UserAssist registry data
virtualwill: HTML program to store your will
VirusAlert: C# PoC program that monitors the event log for virus alerts and displays customized messages for the user
virustotal-search: Search VirusTotal for provided hashes
virustotal-submit: Submit files to VirusTotal for scanning
vs: Python program to take surveillance pictures from IP-cameras
what-is-new: Tool to monitor new items
whoami: Firefox addon to identify your profile
WMFTemplate: 010 Editor Template for WMF file format
wmi-sc: WMI script for Security Center data
wsrradial: wi-spy radial WiFi plotting tool
wsrtool: wi-spy wsr files tool
xmldump: This is essentially a wrapper for xml.etree.ElementTree
xor-kpa: XOR known-plaintext attack
XORSearch: Bruteforce a file for XOR, ROL, ROT, SHIFT, … encoding and search for a string
XORSelection: 010 Editor Script to encode current selection with XOR
XORStrings: Bruteforce a file for XOR, ROL, ROT, SHIFT, … encoding and dump strings
zipdump: ZIP dump utility
ZIPEncryptFTP: Zip files, encrypt ZIP file, upload via FTP


AnalyzePESig: Analyze digital signature of PE file
AnalyzePESig_V0_0_0_1.zip (https)
MD5: 4BE29E4A5DE470C6040241FD069010C4
SHA256: FB83C6491690402273D42A3335777E77EA29328F5FE8503FF6F5EF62833D1FBC
Referenced in post(s):
Searching For That Adobe Cert

AnalyzePESig_V0_0_0_2.zip (https)
MD5: 738F97F76921FA2220368B3F4190F534
SHA256: E0D43E04AFD242307E3E6B675A650952D2605F45FE55F0B883ACF5B22BA32A01
Referenced in post(s):
Update: AnalyzePESig Version 0.0.0.2

AnalyzePESig_V0_0_0_3.zip (https)
MD5: C012D41535CC570F3C4947FDA9559489
SHA256: 3C26F3BEA2B20AA65F2384AC8B709AB7C0D9A51ED544987C9932994536884BD7

AnalyzePESig_V0_0_0_4.zip (https)
MD5: 3E90FFE0C9D42A16EB7903CE0C27B778
SHA256: 6953C838F9710E8ED0E28D7F062D89B0381BACB162C8C09D192E83BD745789B6

AnalyzePESig_V0_0_0_5.zip (https)
MD5: EC65D3F269445B7E876F232CE5C57A16
SHA256: 897EE65C741D2FEEF23C512FE43D9E477F9CAB0B338078703F8D860257D0C437
Referenced in post(s):
Authenticode Tools


apc-b: Send beacon frames with AirPcap
apc-b_v0_1_1.zip (https)
MD5: 9FC457B8CC646BEA2BC6E28AB8E43376
SHA256: 45B6F92362EBEC877F04D92C38E4362187410855DCB6C913771B055BDFC338F8
Referenced in post(s):
Quickpost: Sending WiFi Beacon Frames with an AirPcap Adapter

apc-b_v0_2_0.zip (https)
MD5: 849DE418A1F325B9DC133DBE2E7CC501
SHA256: C3F28DCEFE6FF747780E384E49BB4D373BC983518C592E1BB18E8455F78E7F95
Referenced in post(s):
_nomap, _nomap, _nomap, …


apc-channel: AirPcap channel hopper
apc-channel_v0_1.zip (https)
MD5: DB385401E39C0FB0C8278DE9D76E6A14
SHA256: 09E6A7DE54B339CA8EACBBD7A944214CA0FD466B93CFAA818B38D2AD30551C2B
Referenced in post(s):
Quickpost: WiFi Channel Hopping with an AirPcap Adapter

apc-channel_v0_2.zip (https)
MD5: 52169F5CB679E6C0DF1F8D47DA38F779
SHA256: 59F4BEE229F5EF5B7AF27BAF6AA972DCDC9E6A6007E8E468AE7BC7C3F1CB89DD
Referenced in post(s):
AirPcap Channel Hopping With Python


apc-pr-log: AirPcap probe requests logger
apc-pr-log_v0_1.zip (https)
MD5: 63C0F6F130DC186925BE1B9A66152455
SHA256: CC9D3EFE893BE6F6C263D248C695DFAB08548AE246E1772C2EBF220EB43F7277
Referenced in post(s):
Quickpost: WiFi Probe Request Logging with an AirPcap Adapter


Ariad: Tool (driver) to prevent inserted USB sticks from executing code
Ariad_V0_0_0_1.zip (https)
MD5: 31FC46BBE3216413848C146899F08C07
SHA256: ADA979C5F2D1FA414EF834191289CF819810131516E913DBCD82132E519A24D2

Ariad_V0_0_0_2.zip (https)
MD5: B828254F54132BD9C61D7EA0E4646983
SHA256: 98AB541AC1F392159A4428BC23C48153CE784FED0A44E950CC45D2DF14738708

Ariad_V0_0_0_7.zip (https)
MD5: A1F48BF9568A19E4344CE872A7B433DD
SHA256: 7CF8D0F47C44D4AF58C8B13B488189D2CFC63B47139C634FF06114C0C9DFD3DC

Ariad_V0_0_0_8.zip (https)
MD5: B8E46212CA56B7BD056BA30E84DF8596
SHA256: 99620D77B23C21BC1C020352C5E9CCC467A4C450E0C69AA6FFBCE7227063964C
Referenced in post(s):
Ariad

Ariad_V0_0_0_9.zip (https)
MD5: C41EFF12D1C454595C5F8B8EBB09DA69
SHA256: DC0F40BA397E19FDFED67E287E0CF24FB55314B9760477D3783D492043FFF698
Referenced in post(s):
Ariad


avr-teensy-pdf-dropper: WinAVR PoC to program Teensy to drop PDF file
avr-teensy-pdf-dropper_V0_0_0_1.zip (https)
MD5: EA14100A1BEDA4614D1AE9DE0F71B747
SHA256: 2C9A5DF1831B564D82548C72F1050737BCF17E5A25DCDC41D7FA4EA446A8FDED
Referenced in post(s):
Teensy PDF Dropper Part 2


base64dump: Extract base64 strings from file
base64dump_V0_0_1.zip (https)
MD5: 350C12F677E08030E0DD95339AC3604D
SHA256: 1F8156B43C8B52B7E5620B7A8CD19CFB48F42972E8625994603DDA47E07C9B35
Referenced in post(s):
base64dump.py Version 0.0.1

base64dump_V0_0_10.zip (https)
MD5: 6670ACD88FD384BA9172F2B98E72D0D4
SHA256: C080F2A5F60A8E9593AE789A69D233EFC86AEF9BD319C409229B3E518E15C725
Referenced in post(s):
Update: base64dump.py Version 0.0.10

base64dump_V0_0_11.zip (https)
MD5: BF9D9EB3E6D574633D7F85345213E3E8
SHA256: 2741F9C3FD7B0897A04F60C741D7125568C8355A82FCF0FD4BB80877EE7FB935
Referenced in post(s):
Update: base64dump.py Version 0.0.11

base64dump_V0_0_2.zip (https)
MD5: EE032FAB256D44B2907EAA716AD812C5
SHA256: 1E5801DD71C0FFA9CA90D2803B46275662E222D874E409FF31F83B21E6DEC080
Referenced in post(s):
Update: base64dump.py Version 0.0.2

base64dump_V0_0_3.zip (https)
MD5: CF214FDFE9B83E39DC8484C137050569
SHA256: 4F1B2764CCD40E0276FFC3F81E3C0B55E4C844D469C4E313A99FB13F0B5621C0
Referenced in post(s):
Update: base64dump.py Version 0.0.3

base64dump_V0_0_4.zip (https)
MD5: 5864B1AF997EBA6E5F6DD0C3B8ADBE56
SHA256: 1B01023A97361A9DBBB16B9D8851FFD757F03FA3964C0ED72067F9117F283992
Referenced in post(s):
Update: base64dump.py Version 0.0.4

base64dump_V0_0_5.zip (https)
MD5: 7AACFD3E34FEAAF41897F60FBC5279A3
SHA256: B4AB7B3A9D2947F08C6CC94F88CD825C9B2B63EE65AF7475E66BE9565EC4337A
Referenced in post(s):
Update: base64dump.py Version 0.0.5

base64dump_V0_0_6.zip (https)
MD5: CDC956FAFD7AC2A86C9CD40EC188C7FC
SHA256: BFBCFA51DDC47793C8CA397B261E036701543610F637CE8813BC5870FC4B2C2F
Referenced in post(s):
Update: base64dump.py Version 0.0.6

base64dump_V0_0_7.zip (https)
MD5: D37DE7CEFDA55ADD1822EADDD84D5FFB
SHA256: 5F676DF8B36172A1D7B29F03E2B0CCB026BB9A96DF8830FDB137E65CBB59DD63
Referenced in post(s):
Update; base64dump.py Version 0.0.7

base64dump_V0_0_8.zip (https)
MD5: 1B379A08FBC6E7686A89AF099699B076
SHA256: A81AE1AACCB168787CAF6355D582BB5096760893F5CB60E93E408A0475B4FDAC
Referenced in post(s):
Update: base64dump.py Version 0.0.8

base64dump_V0_0_9.zip (https)
MD5: 4CF9F57AD34CC728B05F1307219864BB
SHA256: 01264F82CEFB7B1D2DF51A8DB190840FE6C368C9C3D63566CF14CE4983F73D5A
Referenced in post(s):
Update: base64dump.py Version 0.0.9


BinaryTools: simple binary tools: reverse (reverses a file) and middle (extract sequence from file)
BinaryTools.zip (https)
MD5: 7A70F0E6A6F89550E0B65BE5611339F8
SHA256: 26A03D0B3E8CDE768976D006F1C187E5B0EF3BB51663403964BDEDF4C606E9CB
Referenced in post(s):
Binary Tools


bpmtk: Basic Process Manipulation Tool Kit
bpmtk_v0_1_1_1.zip (https)
MD5: E33F7F95B409E1A0B65766821F7E26F5
SHA256: 8C0E5A04B0F5909462505582873A34AAEA5B6DC8469D3784FEAE7E9FBD349EFA

bpmtk_v0_1_2_0.zip (https)
MD5: 6ABDF2E69F153E8C6282C2DD934735DF
SHA256: 9F3328AD39F318A7F61071EC0C9341C6228B02E9F91F035E6EA8769EF27D3A34

bpmtk_v0_1_3_0.zip (https)
MD5: ECC621E653BCC32694B56AEBDABE6140
SHA256: E39C04C3CF35B8642255CF03E4185490C0FB6A0AEDBD73551E2851A0E5E5069B

bpmtk_v0_1_4_0.zip (https)
MD5: 1BF31C6885326C3C7A1B37C42E9F9DFA
SHA256: 5DF5AFDB93F19974CCDCCEFADAE52A3277AAA31FC24DCAAE6259F9DB9DA865C1

bpmtk_V0_1_5_0.zip (https)
MD5: 3F24041EE1C5C681D3EB3E7481ABC776
SHA256: B08233F9EBC541676B0807FEA7075D324ACC7B1679B130AEE8556DFD797B5EC2
Referenced in post(s):
bpmtk: Injecting VBScript

bpmtk_V0_1_6_0.zip (https)
MD5: FD4DA1B404961E6DB45469A27A201F41
SHA256: 5667AD1D153C5F93E509042D94491654AB742C6880DFE10366CA44E8D7EFE0D1
Referenced in post(s):
Update: bpmtk with hook-createprocess.dll


BruteForceEnigma: C# program to bruteforce ENIGMA encoded text
BruteForceEnigma.zip (https)
MD5: A9FEBBABA207E7C3790D075FD3A3D22B
SHA256: DE15922575F3F5BC56F7528F7F8C7F33D70B3163A2B33B503CA8B7C3BC4492E8
Referenced in post(s):
Brute Forcing Enigma


byte-stats: Calculate byte statistics
byte-stats_V0_0_1.zip (https)
MD5: A884E999B58A54A1C2F83C8E592CD01B
SHA256: B9D55B02534F1B1C158CE9CB067F4E5B37E47FA2A6CA4677F0E29DD3A160731E

byte-stats_V0_0_2.zip (https)
MD5: E7225860207EB93F2F6C2A808C7FA720
SHA256: FD1D733B4DAC1B7FFAB5B6279619D8B97A76049C86C110DCFB5C3EDFA53F328D

byte-stats_V0_0_3.zip (https)
MD5: 4287A94EC56E0BF5A936C2A16DA7F2B4
SHA256: 310B15865B332FF62F2C70CE441D322491DB79BC5D1C8D8BBC9A7245005491B5
Referenced in post(s):
byte-stats.py

byte-stats_V0_0_4.zip (https)
MD5: B53CE5444618DCA78C46C7F72E356D8D
SHA256: 81EFED375FF666BFFDDB82D094ECE17074182F5016FE3BFA4D1CA33DE838754C
Referenced in post(s):
Update: byte_stats.py Version 0.0.4

byte-stats_V0_0_5.zip (https)
MD5: B79C6DF0964C9BA676D88E2085ACF037
SHA256: B9112274BD757FB3311883B0CF179ABDEC149C421EFEB335D70AF972495A5C20
Referenced in post(s):
Update: byte-stats.py Version 0.0.5

byte-stats_V0_0_6.zip (https)
MD5: CA729FF05E314A9CF5C348CB4A720F13
SHA256: 11E41F51EC9911741D71C8BC3278FA22AADBD865F2BF7BE4E73E82A7736A8FA8
Referenced in post(s):
Update: byte-stats.py Version 0.0.6

byte-stats_V0_0_7.zip (https)
MD5: 9991B5C5BEB3CB7989FE6DC30789EB49
SHA256: 82198195EA9C92832027CC8E2E3ABE161787551A06750E042096CF2DF0AC9384
Referenced in post(s):
Update: byte-stats.py Version 0.0.7


CASToggle: Utility providing more control over .NET CAS enforcement
CASToggle_V0_1_1_0.zip (https)
MD5: D565937B49DF96E6A8B88FEDCF15D82A
SHA256: 6DC6913136C74592C4833D1EEF5D70B4DA83AA9A111BC8DE6DDF16A709EF7E91
Referenced in post(s):
CASToggle


Challenger: Small program for simple reverse-engineering challenges
Challenger_V1_0_0.zip (https)
MD5: FC71CAA3F99CB6EE9094098D60B7E4C3
SHA256: 9CBE129AC7161B12FAE4A65078159350624703CB8A4604F63694322064A2962C
Referenced in post(s):
Challenger


cipher-tool: tool to encode and decode with simple ciphers
cipher-tool_V0_0_1.zip (https)
MD5: B7D44090A76F66D7194D0A0D890E2CEB
SHA256: 1E8E1F112595FC08C3C20A06D172C21DDE6375EC8651A8DE6EF57B938F3E67E8
Referenced in post(s):
Simple Ciphers: cipher-tool.py


cisco-calculate-ssh-fingerprint: Calculate the SSH fingerprint of a Cisco IOS device
cisco-calculate-ssh-fingerprint_V0_0_1.zip (https)
MD5: 5A6C3A2C466908EE7EFB06727E8D02B7
SHA256: 831CAF7BBF0F6C584436C42D9CEB252A089487B715ADBB81F9547EEB3ED6B0B8
Referenced in post(s):
Calculating a SSH Fingerprint From a (Cisco) Public Key

cisco-calculate-ssh-fingerprint_V0_0_2.zip (https)
MD5: C304299624F12341F9935263304F725B
SHA256: 2F2BF65E6903BE3D9ED99D06F0F38B599079CCE920222D55CC5C3D7350BD20FB
Referenced in post(s):
Update: Calculating a SSH Fingerprint From a (Cisco) Public Key


ClipboardTransformer: Clipboard utility
ClipboardTransformerBeta.zip (https)
MD5: FF653016801DA4D12F5BB852703E2D7D
SHA256: 2B9F54145F1396D7FEB259F987DA0315AB168F3FDA03EEEE5AF3BD046223AF7B

ClipboardTransformerBeta2.zip (https)
MD5: D52B3B1BF0D69F0376EA49CB1A6AC108
SHA256: 41392B9DD88B530B747CD9CC16CDC0AC724272B103D665F8BE65041C0AD86295


cmd-dll: ReactOS cmd.exe transformed into a dll
cmd-dll_v0_0_1.zip (https)
MD5: 4BC42E3744FA780C5C2442F7836B8287
SHA256: BC7656E52476387650E2894C6D3952807BED5D3BFCFCCC4516B44A60DBDB3563
Referenced in post(s):
cmd.dll

cmd-dll_v0_0_2.zip (https)
MD5: 9B3C1FA7EB7F7F8528D27CE2DD5C24B5
SHA256: 83D6397F4D75195C73394075522C1E7F5C96E1F3B5C4E70DAED34955C8B613C7
Referenced in post(s):
Excel with cmd.dll & regedit.dll

cmd-dll_v0_0_3.zip (https)
MD5: 88FB19DCB612F588CAF7508232F64DDE
SHA256: 111458061018D9133347D56CE9E58ADBC7CA167AD69E04F8036DFD5008ADEA99

cmd-dll_v0_0_4.zip (https)
MD5: D9D75A10F2C328B708303F9BD24B9AD3
SHA256: 952CFB833D4F22093D7DF837372239A1199C1738FFFFED76124AF8668F4D3877
Referenced in post(s):
Windows Backup Privilege: CMD.EXE


count: count unique items
count_v0_1_0.zip (https)
MD5: B96B5ECF9361D44D9366071C9C07FF86
SHA256: 102F346529F34C0EF932ADC3D3CF003ADBA2DFCD8BCE23DBF36425A555345DB5

count_v0_2_0.zip (https)
MD5: ACF1982045ABEF86FCDBA87A84F5F588
SHA256: 373DDA0B2C176624998B5907261477943F677855CCECCDD42D6BEB758F8E7B79
Referenced in post(s):
Update: count.py Version 0.2.0


CounterHeapSpray: Process hardening tool, my PoC for Microsoft BlueHat Prize Contest
CounterHeapSpray.zip (https)
MD5: 1947380F935AE0B1A8828DE79621F82F
SHA256: CA0BF635655EE05ABED117C858BC86ECDF3EBB4C39544D7D0C396D7C457F1BBC
Referenced in post(s):
My BlueHat Prize Entry: CounterHeapSpray


CreateCertGUI: Generate your own OpenSSL certificate
CreateCertGUI_source_V1_0_0_1.zip (https)
MD5: 790CA083407032434A8DA1FF8AC1E512
SHA256: B15BB8A3504EF56D1C6C84CA181FFB6E5A73956EC79757C62B87B520C136AA2D
Referenced in post(s):
Howto CreateCertGUI: Create Your Own Certificate On Windows (OpenSSL Library)

CreateCertGUI_V1_0_0_1.zip (https)
MD5: F5400736E7E38F30D35A02FEB6D99651
SHA256: 82D59AC494FEF1A8B219C591717359712C19E8845D02A457017045A9A4C3D989
Referenced in post(s):
Howto CreateCertGUI: Create Your Own Certificate On Windows (OpenSSL Library)


cut-bytes: Cut a section of bytes out of a file
cut-bytes_V0_0_1.zip (https)
MD5: 48CEBD6748E152CBF619EF10B58E8DFF
SHA256: E99BC09DA0F1310085ED1520D52FB188D06456D030BD05A941FCE2B5FE21A661
Referenced in post(s):
cut-bytes.py

cut-bytes_V0_0_2.zip (https)
MD5: B70F851CE74859B38AC3ABA9688593EB
SHA256: 1A0BD64334DA90B21888020B383004A18C3BAEE211D24AA91FF12719F8581AE9
Referenced in post(s):
Update: cut-bytes.py Version 0.0.2

cut-bytes_V0_0_3.zip (https)
MD5: 211B96F715FD6AB4696D6E58D6DA924D
SHA256: 9D5D38AF1375FFBDE705280F99758FF4C7D9751B81C46D80681740C43D6B94C6
Referenced in post(s):
Update: cut-bytes.py Version 0.0.3

cut-bytes_V0_0_4.zip (https)
MD5: A44D8BBE9BAB9309E732F8995CB5C7BB
SHA256: F95453DE1CC5855C320AB947D9AE354BE8E3ABFA52418C0CF623351A9DBF6344
Referenced in post(s):
Update: cut-bytes.py Version 0.0.4

cut-bytes_V0_0_5.zip (https)
MD5: B20B9758D50C846CD0E0AEB9E0B15101
SHA256: B12D1E1C510ED4CC820C5D2F62897DF71E567B0D3B23AC36653236D30104157F
Referenced in post(s):
Update: cut-bytes.py Version 0.0.5

cut-bytes_V0_0_6.zip (https)
MD5: 7F726219F6F601018B4BD39E9A407728
SHA256: BFD80EF00455CD938A05A18EAA33551ABEC6B0298A0AEE81052E6F5A12BB86F7
Referenced in post(s):
Update: cut-bytes.py Version 0.0.6

cut-bytes_V0_0_7.zip (https)
MD5: 95CF8E5D2BC2790B25101FC2BFF769FB
SHA256: F1112C96872D15C2CD3F6AF9828C7E39F5EB115D20FB62AAD1C1357D75E3485B
Referenced in post(s):
Update: cut-bytes.py Version 0.0.7

cut-bytes_V0_0_8.zip (https)
MD5: 1A69542E7E9D7348101B7E91884674B7
SHA256: 15BC253323FF162F26BEF784172A502383970E63514DF6B88A09952A19DAE826
Referenced in post(s):
Update: cut-bytes.py Version 0.0.8


datapipe_V0_0_0_1.zip (https)
MD5: 5BF1594E8144B694431E7A7E3BDF33F7
SHA256: 57CD06EBFEC1C5C2661E44260A7304DFCDEEB2F54132E0627A474AF756AFA956
Referenced in post(s):
MVP – Promo – Datapipe.xls


decode-vbe: Decode VBE files
decode-vbe_V0_0_1.zip (https)
MD5: 87E61217BC77275DBACEA77B8EDF12B5
SHA256: 11A9B5D47657C123845007E3E29FB331CAE7483B6A4A3AC54276DB90116911B5
Referenced in post(s):
Decoding VBE

decode-vbe_V0_0_2.zip (https)
MD5: 35612087E2D62669E2690573FDE543F2
SHA256: 91A7465FE1F4D291751E6C5D88C51888C914B40C6F187709E33343FF121A116F
Referenced in post(s):
Update: decode-vbe.py Version 0.0.2


decompress_rtf: Tool to decompress compressed RTF
decompress_rtf_V0_0_1.zip (https)
MD5: 41127F62897479FB5135D36675C396F5
SHA256: 581F2E1B2B508C3941EC22040FB0C76999E5DF293C8AD0DC1FDE921D121F3A26
Referenced in post(s):
New tool: decompress_rtf.py


defuzzer: Generate the original file by combining fuzzed files.
defuzzer_v0_0_2.zip (https)
MD5: 75188EF950625B78937C3473D825C582
SHA256: 056AB8BA7F3B2B52F8C7BFC2959D7F1AE3FEAC4BE90C675B2DFF6B521225D93E
Referenced in post(s):
The Art Of Defuzzing


DemoDll_V0_0_0_1.zip (https)
MD5: 51ED8255B71097269BFF9B5ADBFDC392
SHA256: 599BA297705B15580A297C3F47429225C38EA9FAA4A8DF27BCE49C918964AD30
Referenced in post(s):
Quickpost: DllDemo


DemoResource_V_0_0_0_1.zip (https)
MD5: 9104DDC70264A9C2397258F292CC8FE4
SHA256: 722B3B52BAE6C675852A4AC728C08DBEEF4EC9C96F81229EF36E30FB54DC49DE
Referenced in post(s):
Quickpost: Compiling EXEs and Resources with MinGW on Kali


DidierStevensSuite.zip (https)
MD5: 83720FA560442693B3B14884DB138F7F
SHA256: 309EFEFA9752417C374901B75B1B220956AAC2C2819FCE76CE96BB5F7C6850AA
Referenced in post(s):
Didier Stevens Suite


disinformational-tweets: Python program to Tweet (obsolete)
disinformational-tweets_v0_0_1.zip (https)
MD5: 36CDB584634ED299E7ACE0D64E846003
SHA256: C5FCE76443549C3A8882B799B6F7A754EF6AEE5F11F3E94FF255EE541205C17B
Referenced in post(s):
Quickpost: Disinformational Tweets


disitool: Tool to work with Windows executables digital signatures
disitool.zip (https)
MD5: 896121FBECEF00C4DE84743A13D3E696
SHA256: AFB374E06760470D070022BD97C518808545435910CF13472398B1FA15E50B9C

disitool_v0_2.zip (https)
MD5: 4C7196F5AD581275B8B8CBC4930FF338
SHA256: 075CED9FDD633A6D0A11029107206F845AF055AFC3872E7D82801A1D83AED64F

disitool_v0_3.zip (https)
MD5: 08D1CA036DC905D8E42AB3016A1B7821
SHA256: AEF923F49E53C7C2194058F34A73B293D21448DEB7E2112819FC1B3B450347B8
Referenced in post(s):
Disitool


DumpStrings: 010 Editor Script to dump strings (integrated since version 4)
DumpStrings_V0_0_1.zip (https)
MD5: 50C0C92F28020E7BCABBF46CA8775CCE
SHA256: 7EC688DBB0FD95C828067662C9ED8BBCFFEFBE5EA37B607DC8DFA1BDCB94365C
Referenced in post(s):
DumpStrings.1sc


EICARgen: Program to generate an EICAR file (EICAR AV test file)
EICARgen_V1_1.zip (https)
MD5: EACBE699FFB0B9B56B6F2BCDBA810D6E
SHA256: 5D44B15BDE92679DF0C216D5890C7EE9345B8782D25B01324B27CACAC918EFB6

EICARgen_V2_0.zip (https)
MD5: D346A3725622F981DDA7221799EF08E8
SHA256: 2DF76319D8513B1AD70D327816D3C1028B261EF1E314243DCD0DEC14FF1FC7CE
Referenced in post(s):
EICARgen: An Arms Race

EICARgen_V2_1.zip (https)
MD5: CE65A30355B059C4A099BEC6837DF19C
SHA256: 58CF69C21FF948B77055952E2F1681467DDB100FF5D90CA268B7A701167FCD3D
Referenced in post(s):
EICARgen


emldump: Analyze MIME files
emldump_V0_0_1.zip (https)
MD5: F31810449FB83ACF687BB994270E71C8
SHA256: 83647569AEBF85337B86F30ED3C55A085268D6C3B575225FE695C7A130D9A0E7

emldump_V0_0_10.zip (https)
MD5: 34DBB3BCB1A2B04C45286C0583F11C07
SHA256: C5877E252DDB61B40BFFCC5403DB500E672DACFE96FAA7D1E0668246C5202DE5
Referenced in post(s):
Update: emldump.py Version 0.0.10

emldump_V0_0_2.zip (https)
MD5: 0EBFEC3A207B2629B702FF8D0F4F5406
SHA256: C1DC65DE5092C2F35C5EAE2E8CE38B531B8F28051195EE12B11ED8830C9B9896

emldump_V0_0_3.zip (https)
MD5: FB080006C2653F3A2AD6E889FC957D5F
SHA256: 0D55DE704BDE558B6E8E5F823C513F19F8A5FD5B2A97BB8BD5EBB5FAD18FA658
Referenced in post(s):
Release: emldump.py Version 0.0.3

emldump_V0_0_4.zip (https)
MD5: 79DF66048849439E6034F082606A37A1
SHA256: B4AFDE89B6F3B025595A6FD1ACC5F60498BF900D18E624F134F618115DAC0E08
Referenced in post(s):
Update: emldump.py Version 0.0.4

emldump_V0_0_5.zip (https)
MD5: 5FAEDF1459114306D57FEABEF3CDDEFD
SHA256: B3D08E1768E1211C44680DD502AC096A324FF209330657F4ABC0CD09B888254C
Referenced in post(s):
Update: emldump.py Version 0.0.5

emldump_V0_0_6.zip (https)
MD5: 682793840D895E473647F2A1F85A9867
SHA256: D76BADF2A332C3417BB7DD46B783CE90757DD76648D2313083982BFD74902C41
Referenced in post(s):
Update: emldump.py Version 0.0.6

emldump_V0_0_7.zip (https)
MD5: 819D4AF55F556B2AF08DCFB3F7A8C878
SHA256: D5C7C2A1DD3744CB0F50EEDFA727FF0487A32330FF5B7498349E4CB96E4AB284
Referenced in post(s):
More Obfuscated MIME Type Files

emldump_V0_0_8.zip (https)
MD5: B6FBAF2AB403AFE30F7C3D7CA166793B
SHA256: 7A7016B29F291C3D42B43D43B265DAD86B96DA519DB426163CC2D15C556896E3
Referenced in post(s):
Even More Obfuscated MIME Type Files

emldump_V0_0_9.zip (https)
MD5: 752A6F06290E2A35ACB4C564FA7D72C5
SHA256: 52CA4FB61B3B6FD9AECBA974AB73DCFA5D667086EBE7FDC84DE6F90E4DCC6853
Referenced in post(s):
Update: emldump.py Version 0.0.9


EnforcePermanentDEP: Enable permanent DEP in the loading process (Windows XP)
EnforcePermanentDEP_V0_0_0_1.zip (https)
MD5: B0A89B0CE8DC5BA2472B3D744D40E4A3
SHA256: 525BA6EF82BD2B0ABD30DAD0D676CE085A9FA6E0DE3E3A8A0ADD6DF050F5A635
Referenced in post(s):
EnforcePermanentDEP


extractscripts: Utility to check HTML file and generate a separate file for each script in the HTML file
extractscripts.zip (https)
MD5: D40AFBB62A304C20B0BF06DA70B6DBF4
SHA256: 23245B1999973E6D8619BCEDB9090CF94D7ECD3F0865B1F47402AD77B18CD356
Referenced in post(s):
ExtractScripts


file-magic: Essentialy a wrapper for file (libmagic)
file-magic_V0_0_2.zip (https)
MD5: EAE684E74731FF493D5EC5D243EB16B6
SHA256: 9B0E7B47CAED8F5627DEFCE19B737554BBF998EF380187D6DE4FC1C9572EC9ED
Referenced in post(s):
New Tool: file-magic.py

file-magic_V0_0_4.zip (https)
MD5: CCF170F09B1442D27AE6519A0BB0CBAB
SHA256: F240BAEE78C8AE4DB29724D8A8F2A5DEDEFE47570219D700FB3BB9A6707432BB
Referenced in post(s):
Update: file-magic.py Version 0.0.4


file2vbscript: Embeds executable into vbscript script
file2vbscript_v0_3.zip (https)
MD5: B6B364BE69F8B2A4D554E9196B3D5A6D
SHA256: 2091DDB9C4B9F0A7450DD7B9BF0731D4C9D38BD5B145C1B151FC2E508DEA0ADE
Referenced in post(s):
Quickpost: Embedding an Executable in a VBscript


FileGen: Command-line program to create test files of different lengths
FileGen_V1_0_0.zip (https)
MD5: 6AAAB254D4BB10AC6320C7106C04FA79
SHA256: D7BE1E64BAD8DE33EDAD6A218E0B8E4BC53E011E3B1175F05E384A63C4BF24D7
Referenced in post(s):
FileGen


FileScanner: Tool to scan files for patterns
FileScanner_V0_0_0_1.zip (https)
MD5: 9EE883A4E28A6D0649F6D7787BD76ED4
SHA256: 5AA71E6F4FED8E45A22B49FD9A0417933F7218AF9300FDEF24FEF696CF012F61
Referenced in post(s):
Introducing Filescanner.exe

FileScanner_V0_0_0_2.zip (https)
MD5: 9A89333C13DBB669A94226F57E5D919A
SHA256: 5F46312B06AE865957A36B95A4C2DDC41F20113B0E51B7F083A50929B38BD0F9
Referenced in post(s):
FileScanner.exe Part 2

FileScanner_V0_0_0_3.zip (https)
MD5: D9A7BA5874C10B10BF380D03E49C82A6
SHA256: C89FF7DBDB71A22E2A88C16ECD65E36619BD8EA39A77036404B6F4B1049D21E5
Referenced in post(s):
FileScanner.exe Part 4

FileScanner_V0_0_0_4.zip (https)
MD5: 4BB8F475328B9EB214E6B9405F84816E
SHA256: 5D3B1408C5D2BD17C0441D0D9D0DA565E8D690DE792971092956F4CA10D5A071
Referenced in post(s):
Update: FileScanner Version 0.0.0.4


find-file-in-file: Check if a file is embedded inside another file, even non-contiguous
find-file-in-file_v0_0_1.zip (https)
MD5: 2984F01404770B92953823D39907B055
SHA256: 1AD124A9A31DACFE1FC9F3B89B3117D3A70D5BC15B712CC1748BEA893612686C
Referenced in post(s):
Finding Contained Files

find-file-in-file_v0_0_3.zip (https)
MD5: 8691158700079C786F6905F0CA0F32BC
SHA256: 84506CED140F309503E723831A9EFB99A8CC213532BEB56E00BC4BA5FE235797
Referenced in post(s):
Update: find-file-in-file.py Version 0.0.3

find-file-in-file_v0_0_4.zip (https)
MD5: CD381616158BD233D94B368554B824C6
SHA256: FD5C4E3EC99371754E58B93D3D96CBA7A86C230C47FC9C27C9B871ED8BFB9149
Referenced in post(s):
Update: find-file-in-file.py Version 0.0.4

find-file-in-file_v0_0_5.zip (https)
MD5: 1463DBAB808BBE40AC7919BC9A77303D
SHA256: C269B1995B61F0EDE24E4E9C64D5DD64E79B5ED6DD2126E94AF52E15D90C427F
Referenced in post(s):
Update: find-file-in-file.py Version 0.0.5


format-bytes: This is essentialy a wrapper for the struct module
format-bytes_V0_0_2.zip (https)
MD5: A859C5B5789246734647322CDEE38001
SHA256: 8FD7EEDB57ED257EAED67EAE30CF820C10B1845BC547EEC727268B46426E0F2D

format-bytes_V0_0_3.zip (https)
MD5: CFE426B605DEDA6E388C1F62D2655A31
SHA256: 227C3911A0D2B9D8E524B44D5B4F80EBAABD34810A11A9189B09ADFA5D2FB67A
Referenced in post(s):
New Tool: format-bytes.py

format-bytes_V0_0_4.zip (https)
MD5: EBCF854E9525D470171D7D8E99F836FD
SHA256: CEE2E5B71E1BE8E5D5C934ACCD10BC0FEE2B60DFB6FDB6472F1014CEC4E509EC
Referenced in post(s):
Update: format-bytes.py Version 0.0.4

format-bytes_V0_0_5.zip (https)
MD5: 3D92BCAF8E31BFBF6F4917B3AAB64AEF
SHA256: AD43756F69C8C2ABF0F5778BC466AD480630727FA7B03A6D4DEC80743549845A
Referenced in post(s):
Update: format-bytes Version 0.0.5

format-bytes_V0_0_6.zip (https)
MD5: D73C88AB15B8AE3B30BA2C5EBE8CC77E
SHA256: 3FB480B52F5BF535A54B66CABBD853666B3E306EFAE4BD9247B45255F223E0B6
Referenced in post(s):
Update: format-bytes.py Version 0.0.6

format-bytes_V0_0_7.zip (https)
MD5: 58D3380B48593B3497AD04ACB1719CF3
SHA256: 8E07C1462AE88416CF8D5218A70BCFAE34F89B284684BFD0AC6B943A39E3CA8E
Referenced in post(s):
Update: format-bytes.py Version 0.0.7

format-bytes_V0_0_8.zip (https)
MD5: 22F216C2304434A302B0904A9D4AF1FE
SHA256: A38D9B57DDB23543E2D462CD0AF51A4DCEDA1814CF9EAD315716D471EAACEF19
Referenced in post(s):
Update: format-bytes.py Version 0.0.8


fuzzer: 010 Editor Script implementing a simple fuzzer
fuzzer_v0_0_1.zip (https)
MD5: E9B7114952E81A504C7CF3B06B99B5CF
SHA256: CF399EE2D86B6039236608F4FE882E579D7DCFED1DA980B4124ED06FD0C5807A
Referenced in post(s):
fuzzer.1sc


generate-hashcat-toggle-rules_v0_0_1.zip (https)
MD5: 170F54D69C8581B9379E11E14F31C39E
SHA256: 93AE3CC8123425CEBC85D6CA4DE1ED1DD14F492AB744368729FB38D24436B5D9
Referenced in post(s):
Tool To Generate Hashcat Toggle Rules


hash: This is essentialy a wrapper for the hashlib module
hash_V0_0_1.zip (https)
MD5: 8ECC05DEFBD4AB494A37DE02615A8FE1
SHA256: 07A1ED7FD00FB18B616540CB108AA1D2134B07CC509E11257E4E43FFF9A185C2
Referenced in post(s):
New Tool: hash.py

hash_V0_0_2.zip (https)
MD5: 7C9EF6D52793D6FFAAF4EB6FCEB934B4
SHA256: F768BCBE035ADF099C2AFA41CADB2ABD9514D54E6D361AF5610277B8A70D6B7D
Referenced in post(s):
Update: hash.py Version 0.0.2

hash_V0_0_3.zip (https)
MD5: CB4BCB40CA50ED23AC7E47510B308811
SHA256: 6C3C44C5B98C7C7415E332D15B6EA887CD54170DADDDC726B3544F1696F4E324
Referenced in post(s):
Update: hash.py Version 0.0.3

hash_V0_0_4.zip (https)
MD5: 6DAC25432338BEA40B9141A791B8A958
SHA256: D66BF64B91B1BCBA5EA99EA03439A12835C5427BB1C447E6B515F94D9F468137
Referenced in post(s):
“Here Files” and my Tools

hash_V0_0_5.zip (https)
MD5: 2A4D61F692D935E27E4BECA642F19D97
SHA256: 5DA5B59EBC6EB0FADEA868E631057BF14C29486405F75D8183C48FE4631B81A2
Referenced in post(s):
Update: hash.py version 0.0.5
Validating Your Downloads

hash_V0_0_6.zip (https)
MD5: DE0AC3F7809E55E1577EB049A5F34EDF
SHA256: D66FF1D5173E3DDAFC842087B9E4E8447C18EF0AA8C03E02A365E3F9028BA8D9
Referenced in post(s):
Update: hash.py Version 0.0.6


headtail: Output head and tail of input
headtail_V0_0_1.zip (https)
MD5: F5FD067F94411D22B939D753B803ACFE
SHA256: CBB66EA335299801A4D3D80A6A9BD686C56058B203ABB1BC6144B3A2E2370979
Referenced in post(s):
New Tool: headtail.py


HeapLocker: Process hardening tool, a bit like EMET, but open source
HeapLocker64_V0_0_1_0.zip (https)
MD5: F3D43A29CE64F9418AA154C66B0B06A4
SHA256: 7EFF1D9EA20B522D76034DC4CB66E2FD7AC43E585987FC9ABF7EF8EB801FBC6C
Referenced in post(s):
HeapLocker
HeapLocker 64-bit

HeapLocker_V0_0_0_1.zip (https)
MD5: EE0ED3FC2C9A5A3497A7286BFB476978
SHA256: C2B7F0BB8F1D1EDCCFCFE612412B40A12B89F4BE888BB50F872E04FD2F9BBA5F

HeapLocker_V0_0_0_2.zip (https)
MD5: 66204745155E8F75B9A152F2E8D416EB
SHA256: A334957AC8707DFC947C6B70F8F3D7337902969CFF3D6099597B3CB31BC3D4A8

HeapLocker_V0_0_0_3.zip (https)
MD5: F4F9AD7139C4D7FB3B0B149FA5961A56
SHA256: 7DD72256EE9C189A234234FD7758E9251F813FF253E0387C9D8188D8155FDDA4
Referenced in post(s):
HeapLocker


hex-to-bin: convert hexadecimal to binary
hex-to-bin_V0_0_1.zip (https)
MD5: 18FC870888B333D8B081CE3E31428A1B
SHA256: 17B4257C6951C792FFE64EDDDFF20674AD07DE2699EF066BDF7A548DA09E6592
Referenced in post(s):
BlackEnergy .XLS Dropper

hex-to-bin_V0_0_2.zip (https)
MD5: 4F415E4117EC497C52E244A7087E36B9
SHA256: D283C312CC169419BC16D9199F5EC850D5D7565B9FDB272CA5236F97EDAD22C3
Referenced in post(s):
Update: hex-to-bin.py Version 0.0.2


inner.5873c1b5b246c80ab88172d3294140a83d711cd64520a0c7dd7837f028146b80.zip (https)
MD5: B576ADA3366908875E5CE4CB3DA6153A
SHA256: 5873C1B5B246C80AB88172D3294140A83D711CD64520A0C7DD7837F028146B80


InstalledPrograms: List installed programs with Excel/VBA
InstalledPrograms_V0_0_1.zip (https)
MD5: 0BF27B9D4B6316381E0AADC1777B7F8F
SHA256: 60AF8234BD10E12221CAD3D2544222819CB0CC0834E339084590860F30E0D580
Referenced in post(s):
InstalledPrograms.xls

InstalledPrograms_V0_0_2.zip (https)
MD5: 383D9EC2B520E930A8484F1BD0B99534
SHA256: B174A5A9A366799B5C7CB99D6FD83643E5AE8155FBC52ADCEDA836FFF9281766
Referenced in post(s):
Update: InstalledPrograms.xls V0.0.2


InteractiveSieve: GUI tool to visualize and analyze logs, data, … by “sifting”
InteractiveSieve_V_0_6_0.zip (https)
MD5: 37DDEA0A289AB7E6F826A7BDF46B5C81
SHA256: 2AA5F24A3432C4D16837A7B9BA818D19C54C6047745A9B3E1DE30B51BE9B2AC5

InteractiveSieve_V_0_7_2_1.zip (https)
MD5: 0312B5884B59619AFD2BD8C2A087E333
SHA256: 79DF1AF0020B0A8174F1A745EFBC922509990CE643703E69FFDA96FA4ACD3D78

InteractiveSieve_V_0_7_3_0.zip (https)
MD5: F36B245584DE143A15F484AA6220D67F
SHA256: AE0804EA739AEDC5FA32B7F6FD99AB99A35F7742B98953A653E0C24725E0FE6F
Referenced in post(s):
InteractiveSieve

InteractiveSieve_V_0_7_5_0.zip (https)
MD5: F9E3D74F4BE3C140FA415C6E525A5346
SHA256: 1981665BEF13E52A03A53AD4755891D25AE6A3D8D986666107D295CE8AE31C02

InteractiveSieve_V_0_7_6_0.zip (https)
MD5: 37C18D2E41CB311442E033F253818057
SHA256: 5758289A939388FDB73617DAD686EBD2B79D1E48444A772946E7606DAF49DB05
Referenced in post(s):
Update: InteractiveSieve 0.7.6


jpegdump: JPEG file analysis tool
jpegdump_V0_0_1.zip (https)
MD5: 8266BD2E8190AD8FBD727AC3B5C30758
SHA256: 68EE75A22C2EC27569AB40358EB1CE0CFF4EBBD8C3A70F497602681A7E1F669D

jpegdump_V0_0_3.zip (https)
MD5: 929F3EC096AEBEC642C44C6A6EE2895E
SHA256: C5C1CA151C7E24FB6E305E5116BE7B6BC4C417810217249D3831BE5805BBAA9F
Referenced in post(s):
New Tool: jpegdump.py

jpegdump_V0_0_4.zip (https)
MD5: 496B6F2B0C0EEF919F7C6E20B9C1ADF6
SHA256: 5D150AE050610B6DB11FBE8B44E385A80800971AF1810F67531BB17A1373C770
Referenced in post(s):
Update: jpegdump.py Version 0.0.4

jpegdump_V0_0_5.zip (https)
MD5: D7157E7FDEEA4257220F60E0081EE138
SHA256: D6940A82CDECEB9D1FB27561E7B748837D666568FC857AEB6680E135D08E897C
Referenced in post(s):
Update: jpegdump.py Version 0.0.5

jpegdump_V0_0_6.zip (https)
MD5: 14FFB9016A9181DB3A59370B2E0DAFF2
SHA256: 13B610A9BDE68CDB64E482AADBC522DDAABD6F6D746AA032C6FEDDAF6BF4169B
Referenced in post(s):
Update: jpegdump.py Version 0.0.6

jpegdump_V0_0_7.zip (https)
MD5: DF600AAADD1E6335CB1DC5FEF895B2AE
SHA256: 123CDBACA0533BE975751F935EA9C6CEF75B7F8E67CC0FBAD36F8C66DD9354D8
Referenced in post(s):
Update: jpegdump.py Version 0.0.7


js-1.5-mod: SpiderMonkey JavaScript interpreter modifications
js-1.5-mod-0.3.tar.gz (https)
MD5: 59D7C7F67903A00AFC97C9BEDD7E1F54
SHA256: B1B51F3FD357635AD6BE90D183416DAA7783972F9BAF15E36B0A5B9BF748A570


js-1.7.0-mod: SpiderMonkey JavaScript interpreter modifications
js-1.7.0-mod-b.zip (https)
MD5: 85B369B5650D4C041D21E8574CF09B9A
SHA256: D3827DF7B2EA81EEE91181B2DE045320E1CFEC46EED33F7CD84CA63C3A36BC38
Referenced in post(s):
Update: SpiderMonkey

js-1.7.0-mod-c.zip (https)
MD5: B14B522E81366D6AAF3B7EB235B62707
SHA256: 2CCB2F57DF706A8EE689C54B18A0EA7BB052EF08BA233F1319119825DB32927B
Referenced in post(s):
SpiderMonkey
Update: Patched SpiderMonkey

js-1.7.0-mod.tar.gz (https)
MD5: A64B079FAEFD6BA23CAC3FCC7EF41AC7
SHA256: 74DD063F13647505ABB11FA3D1A5D44DA35A3F73F18FE973F93FBA5E349B8BA9


js-unicode-escape: 010 Editor Script to convert bytes to a Unicode escape encoded string for JavaScript
js-unicode-escape_v0_0_3.zip (https)
MD5: B86B7E73D93C5A4C086384C2FF89303C
SHA256: 81F26C328FD67FB7512CD60485481D7FFD8B7FE5ACE95455D45F4F635EADF81C
Referenced in post(s):
js-unicode-escape.1sc


js-unicode-unescape: 010 Editor Script to convert a Unicode escape encoded string to bytes
js-unicode-unescape_v0_0_1.zip (https)
MD5: E4FF29FB631142AC995636EED4CFB2AB
SHA256: C5659BCED1C6A7F92C2F7F9058DAA5807D2907283041E4F9DD1E4B6F318F2BBD
Referenced in post(s):
js-unicode-unescape.1sc

js-unicode-unescape_v0_0_2.zip (https)
MD5: 6200C4F235CA527E8C0DCD5076CB1C09
SHA256: 2CACC9EE1BB1D1BC4C9FABC6EC3B3440CFF304AA560966B0B531279C369549BB
Referenced in post(s):
Update: js-unicode-unescape.1sc


keihash: Calculate SSH Key Exchange Init (KEI) hash: KEIHash
keihash_V0_0_1.zip (https)
MD5: 674D019A739679D9659D2D512A60BDD8
SHA256: DB7471F1253E3AEA6BFD0BA38C154AF3E1D1967F13980AC3F42BB61BBB750490
Referenced in post(s):
KEIHash: Fingerprinting SSH


ListModules: Analyze digital signature of all executables in processes
ListModules_V0_0_0_1.zip (https)
MD5: 56D6BD9479915E6FF1C29A9D9F8F7950
SHA256: 43DFAD3F18C2F317E283BCDD453311BB17F6216C6748C25D102778DF63021069
Referenced in post(s):
ListModules V0.0.0.1

ListModules_V0_0_0_2.zip (https)
MD5: F1FDFAA37D23E3B61E2E1F018C1D2B83
SHA256: F0AE681AB70281920B219B6733A2F0D7BC8AE959621DC3107B49F1EED4A1E523

ListModules_V0_0_0_3.zip (https)
MD5: 872C03B1C3FACBA81B79BE3884466EC5
SHA256: FFFEC015E6F5916EEF018A5ABFDBB8FE45614DC8EDB23123523D3BBF9DD1C558

ListModules_V0_0_0_4.zip (https)
MD5: 36D05A56C06493A3EB1BAD6F9F5BB2E5
SHA256: FDB262E043F86EA4F147D50B2DD48707C63E0751B655AB3AF9577C1E54017CE6
Referenced in post(s):
Authenticode Tools


ListSharesSecurityWithWMI-VS2001: C# example for share security enumeration with WMI
ListSharesSecurityWithWMI-VS2001.zip (https)
MD5: A27793BB9C3F19AFB25F1F64CEBE5C94
SHA256: 10FF939F3B73BDF383EA330B89B5B3BD794FD78EA66DEE564C94380F1A9E7E5D
Referenced in post(s):
Programs


LNKTemplate: 010 Editor Template for LNK file format
LNKTemplate.zip (https)
MD5: CD7C486DBB9A1CA48D0A3CD67492B404
SHA256: EDECFE72280DB904969C599E313CB6DD93BB37A0B55B5786014DEC1BC1B61738
Referenced in post(s):
Quickpost: 2 .LNK Tools
Quickpost: .LNK Template Update


LoadDLLViaAppInit: DLL to load other DLLs via appinit registry key
LoadDLLViaAppInit64_V0_0_0_1.zip (https)
MD5: 94C38717690CE849976883FFE4B22CA1
SHA256: 447C8F61A6398CBE6BD5E681FCE28C55D426D4E4EA49BBE367AE5B334B073A55
Referenced in post(s):
LoadDLLViaAppInit 64-bit

LoadDLLViaAppInit_FI.zip (https)
MD5: 2867B6AADF6C9FFA224D2D6A0153AD91
SHA256: E732451401B37087FAC619BD500E370FE3C21FB764F2E2E99C76EDBADEC86204
Referenced in post(s):
LoadDLLViaAppInit with FORCE_INTEGRITY

LoadDLLViaAppInit_V0_0_0_1.zip (https)
MD5: 60B93BAF4B0F973C3EC920F2F4A180E8
SHA256: 3B528A3BAF593A2740D5655CF18BC0932801D4DF1750DE8F9C8229C0FF51E8BE
Referenced in post(s):
LoadDLLViaAppInit

LoadDLLViaAppInit_V0_0_0_2.zip (https)
MD5: F458DAEAB1A3E68870EE0608E2A1FFFC
SHA256: 9C8BA52A68893F33E0019CC64264C24A7EEC09C5D0DAE6F43C110ACFD45E621F
Referenced in post(s):
Update: LoadDLLViaAppInit


LockIfNotHot: Automatically lock Windows computer when user walks away, requires IR thermometer
LockIfNotHot_V0_0_1.zip (https)
MD5: 188BE76E0A5BCCA26A8736F8F0C4061C
SHA256: CA915265D3B224DF3AA95E5C59B7C0E7EDF239DF50FC1C03F2C991A8B1800AD2
Referenced in post(s):
LockIfNotHot


lookup-tools: IP-address and hosts lookup tools
lookup-tools_V0_0_1.zip (https)
MD5: EB9C5BEF25EC5ED0F44297AA8A04679E
SHA256: 755E98BA0BC09C31E58ED4BF7B08CD42467BBF9B129C77DD6D558FD6B6E27124
Referenced in post(s):
Looking Up Hosts and IP Addresses: Yet Another Tool

lookup-tools_V0_0_2.zip (https)
MD5: 310904722F900FA34C567FC38634124E
SHA256: 85626574A99BF4D2AB786D8C2FF5B8F6649F1FC7410F1786A24EF0201AAF64AA
Referenced in post(s):
Update: Lookup Tools


LowerMyRights: Restricts the rights of an existing process
LowerMyRights_V0_0_0_3.zip (https)
MD5: FF937173AB1CD2C7A9DF050D7ADF0696
SHA256: 9AA83F24031029F60862CAAE477B02DF0C0887BD6E9078A1E186FEF6DF873253
Referenced in post(s):
LowerMyRights


make-pdf: Set of Python programs to generate all kinds of PDF files
make-pdf-jbig2_V_0_0_1.zip (https)
MD5: 334D59CE634914CA89661A6DE03CE78C
SHA256: 153AFCA0E5269477772D920DF230DB9ED1CDC9715F0FDF4A9572A679B24BD116
Referenced in post(s):
Quickpost: /JBIG2Decode Essentials

make-pdf_V0_1_0.zip (https)
MD5: 7682A66DCD0C3AF1D4A2AFA30D44AA8C
SHA256: 7E92B7EE4A3EE2FCFCAF0AC1398381E4F649A6E7C899351721D78D37D6018AA0

make-pdf_V0_1_1.zip (https)
MD5: 9AF2E343B78553021C989E8E22355531
SHA256: C604679ABEB0469C1463159E02E74F12487B2755A6096B416A8F4F638DEB8AA9

make-pdf_V0_1_2.zip (https)
MD5: 305D57692C27DD3CD91D8C85A3932948
SHA256: A030BBCB8B54137D8047A4CB5C350725599383A4B113CABBA8871AC221378C5B
Referenced in post(s):
Embedding and Hiding Files in PDF Documents

make-pdf_V0_1_4.zip (https)
MD5: D2630ABDE44DFFDD5640AEF391CE591D
SHA256: 11578A938F9FFCC16456519375AF8817C1F8F0D9C41C68BBF78882BFB36B8058

make-pdf_V0_1_5.zip (https)
MD5: A6B9C9C411EDE77B95541505DC713051
SHA256: FCA43E7A47248CAB0E7E553ACE293E3D669F6F553C4C53CEE53494FF8B0D91FC

make-pdf_V0_1_6.zip (https)
MD5: 85DA11252AD5990A1F5514BCD5D4501B
SHA256: EE23A178727C8505A864083EBA8B5464CC897D80FB8EE60D4C47B29810A056A1

make-pdf_V0_1_7.zip (https)
MD5: 73DBC0CEC9A425DE3317EB48B9A7EA81
SHA256: DCEA54C2C260152A01278C6262D82255B5944ED616663B83DC158F74F27F509E
Referenced in post(s):
PDF Tools


md5_authenticode: MD5 Authenticode collision PoC
md5_authenticode.zip (https)
MD5: 332078ECB5609A09F6412450EB41CAA8
SHA256: 72E54C3F052D7E8C7414F524CD40541244BB57D1F346477CFAFC037F42DA50AA
Referenced in post(s):
Playing With Authenticode and MD5 Collisions


MIFAREACR122: Python program to read and write 1K MIFARE RFID tags with ACR122 contactless reader/writer
MIFAREACR122_V0_0_1.zip (https)
MD5: 368BE885EF3BA0E8CBDA25F8EC022833
SHA256: D721EC111C2FC7D4A9CD0A1ED4DCF29554C68E56C6F4DA789A4228715A32D732
Referenced in post(s):
Shellcode On a MIFARE RFID Tag


MovingXORSelection: 010 Editor Script to perform a moving XOR of the current selection
MovingXORSelection_V1_0.zip (https)
MD5: C0B069044E0CA64856B74DE03250F837
SHA256: CE4D0F139728DBCD7F3B817BB3B610FFAA893B3B5BDF73715345EE170166F36C
Referenced in post(s):
MovingXORSelection.1sc


msoffcrypto-crack: Crack MS Office document password
msoffcrypto-crack_V0_0_1.zip (https)
MD5: F67060E0DE62727A1A69D0FD6F39013A
SHA256: 1466B94B56595BA0B91F0A2606F699E1D737E964F3F1A4DFDF7EAA47843DD063
Referenced in post(s):
New Tool: msoffcrypto-crack.py

msoffcrypto-crack_V0_0_2.zip (https)
MD5: 010B7FA68FCF9CE84427815EFDFE1C42
SHA256: 6B368E40EEE8A907D444A49963B37F456A3645991201CE06F0E46A0F2E188A74
Referenced in post(s):
Update: msoffcrypto-crack.py Version 0.0.2

msoffcrypto-crack_V0_0_3.zip (https)
MD5: 45BAB81D744DA62182EC58A8F2E05BFE
SHA256: CF9DE02C72C07C07786BE09551CD17F6DBB83BCEF2A1C5435E06A695D7C6770E
Referenced in post(s):
Update: msoffcrypto-crack.py Version 0.0.3


my-shellcode: My shellcode collection
my-shellcode_v0_0_1.zip (https)
MD5: F215B29BA3C8F24CFBA5C24BED65B68A
SHA256: EA1DB8028954CEB18B8AD2EB37CA6BA0CD7CDC6B9A64F10561382152701C013F
Referenced in post(s):
MessageBox Shellcode

my-shellcode_v0_0_2.zip (https)
MD5: 324AC5DABA30198C66B58B234D4D8E80
SHA256: E947C6B3087008BFC6B327A8066D29DC4F0D3753032775A3A1B602436FF3EE0E

my-shellcode_v0_0_3.zip (https)
MD5: 914FB82B15D84108E023714DFF5B8658
SHA256: B72BD9DAAAD37100A6C011752E305FDDFED0F9C5ABB27EF1F19F24D05CB2C939

my-shellcode_v0_0_4.zip (https)
MD5: 79A46202171D558876F41E2A9352B301
SHA256: D7D3A06BC82CE5FA5082FAA2AB266F971A5C4DDEA06645B119975EDC100730A3

my-shellcode_v0_0_5.zip (https)
MD5: CFF4F0FB67C5ECCCB7EE5F3C35FB0578
SHA256: B0E444A16719B0196C4038B398DF0333D29B202283E523B1CF3D4267ECD4D0BB

my-shellcode_v0_0_6.zip (https)
MD5: B6BC3081E1D2CA823AC4F814FD972E6B
SHA256: 414E2A933DB6C6B7F3605834F18F52DC7F39113AC7F7120EBF91F2C30B749A1F

my-shellcode_v0_0_7.zip (https)
MD5: E3D7866D59506696C3CEDE97FA742997
SHA256: C575FC6128ED65F83C19B2E5E6AC5554B8C1D27F27EA16E5CDC147927AD2AF76

my-shellcode_v0_0_8.zip (https)
MD5: 456F014F88A759B0A5CD15DC2C9F4BBD
SHA256: B924200D2F4674F9BC25AAB2C43397647E3F97AF27CBB394CBECCFBF2789D507
Referenced in post(s):
Shellcode


MyEFSService: PoC for Malicious Cryptography blogpost
MyEFSService.zip (https)
MD5: 457B7A671AC28C533BD3B6A62FD1DF13
SHA256: 2F2D9BDA5C00E7DA3619AD86EAA6B2DC302447FBDA67399263FA2A7F71281E46
Referenced in post(s):
Malicious Cryptography


MySafeModeService: PoC for Playing with Safe Mode blogpost
MySafeModeService.c (https)
MD5: 6A9EC31F58B803EDA6032BD5D3EB6996
SHA256: FDF45508EDC33896BB8C723492B82246AA75B5391FECF1B8ED9F5D4247739395
Referenced in post(s):
Playing with Safe Mode


NAFT: Network Appliance Forensic Toolkit
NAFT_V0_0_5.zip (https)
MD5: DDA7D6B34DD55895F144DD2E39A96455
SHA256: A8C08580447AB5F5DAD105BFF70E3CE8DC397DA81A08C2B344DE073D4B5296C0

NAFT_V0_0_6.zip (https)
MD5: 58FE5A59084B30843C44D0DF9A753B53
SHA256: 3970EE86A1747B22BE7427DD97D21398DCF3A32DBD22F11E58B5DDB10C55D362

NAFT_V0_0_7.zip (https)
MD5: 247DD8703F1AB1AEF0764367706EEA19
SHA256: 0CAAD5C024E16664F5EC36CDDB19F57D2EEA402DAFB72A259F1542C99D4CC11D

NAFT_V0_0_9.zip (https)
MD5: FEBBDB892D631275A95A0FEA59F8519F
SHA256: 95F42F109623F2BA6D8A9FFB013CBB0B5E995F02E5EB35F8E83A62B8CA8B86D0
Referenced in post(s):
Network Appliance Forensic Toolkit
Update: NAFT Version 0.0.9


NetworkMashup: Network utilities (ping, DNS) written in Excel/VBA
NetworkMashup_V0_0_1.zip (https)
MD5: AE0CD3879483930B82500FA40D6ECF20
SHA256: B46C670B7677BD08DCFC8AF5E8C16881836A8BD29CC3F574F1CB4011828BDB39

NetworkMashup_V0_0_2.zip (https)
MD5: D6393F7A77517177DAE708019393E4FF
SHA256: 91983017EB2C069D6EE36EF7F0CE4043C3BA7E5CB7C46D86AE8C323D7EB27B81
Referenced in post(s):
Quickpost: NetworkMashup.xls


NewPasswordStats: Password auditing password filter
NewPasswordStats_V0_0_0_1.zip (https)
MD5: FAF362F49C7B3FA8CCE7AF600B6D91A8
SHA256: 3D9BBD195F55FBB8F6CE523B3E7BE95A531725570336C55911EE0F312FE95A4D
Referenced in post(s):
Password Auditing With a Password Filter


nmap-xml-script-output: nmap xml script output parser
nmap-xml-script-output_V0_0_1.zip (https)
MD5: 772B6371C1F5E27E68D9BF14955A02D4
SHA256: C86E42E7FA8EFA42C60062759E69DC8DE7F017D9113CF304D9515ACA59815790
Referenced in post(s):
nmap Grepable Script Output – Heartbleed


nocalcpoc: No calc PoC
nocalcpoc_V0_0_0_1.zip (https)
MD5: 05798543571B45E19536181DC7346330
SHA256: ED0FEDC6096420F6F09F4980A1CE36F7C4BC0A8C9191F4DFC27FA4C77D547976
Referenced in post(s):
Why Isn’t my PoC Launching calc.exe?


nsrl: NSRL tool
nsrl_V0_0_1.zip (https)
MD5: 5063EEEF7345C65D012F65463754A97C
SHA256: ADD3E82EDABA7F956CDEBE93135096963B0B11BB48473EEC2C45FC21CFB32BAA
Referenced in post(s):
nsrl.py: Using the Reference Data Set of the National Software Reference Library

nsrl_V0_0_2.zip (https)
MD5: 816DD5BEF94D289F489399A95824083D
SHA256: 65C4AF8F139651942062EB78D820AD3BE5DBEE2C4331B3105BAE62B220CD4F44
Referenced in post(s):
Update: nsrl.py Version 0.0.2


numbers-to-hex: convert decimal numbers into hex numbers
numbers-to-hex_V0_0_1.zip (https)
MD5: 9050768633DDADF34900DAB0061F3B24
SHA256: 00B099F3939251F2027F2705AD08AE352C0FC447C86EB3271721FB2935CF71B6
Referenced in post(s):
BlackEnergy .XLS Dropper

numbers-to-hex_V0_0_2.zip (https)
MD5: 911D2BF2EC0839DD595C48FF4BE5E979
SHA256: 41D5B19E401516CB134521E1F6973A16DBFE491303BD93429EEBE55C0B3AFEF6
Referenced in post(s):
Update: numbers-to-hex.py Version 0.0.2

numbers-to-hex_V0_0_3.zip (https)
MD5: EB8CE35EA272042211B1EADBE4606BE2
SHA256: 1CE2E7C6EF930C56024C0313C9FCE6E96A7FA6FC07893EAF06ACCC05A3D2C528
Referenced in post(s):
Update: numbers-to-hex.py Version 0.0.3


numbers-to-string: convert numbers into a string
numbers-to-string_v0_0_1.zip (https)
MD5: A5BB5F9F711D090416431ABD0E0151A0
SHA256: 5B08018077CB6578553AA3E4D7B2FA663DCC2CF21F4C108C2B4A19680F5A4132

numbers-to-string_v0_0_3.zip (https)
MD5: 6FD49062058E6A03A4A7BF3A3D26408A
SHA256: 9457AFA699B61DA52F07921D3F7AB486585036654D64AD126B933345E71BC07F
Referenced in post(s):
Update: numbers-to-string.py Version 0.0.3

numbers-to-string_v0_0_4.zip (https)
MD5: DFBA2CE60D59A5DF25D7BE415D55B0FF
SHA256: DA75A6BEB7DCD0F71C008EFE43EE3D3831B545BC916AA5176F4E2004FE97A250
Referenced in post(s):
Update: numbers-to-string.py Version 0.0.4

numbers-to-string_v0_0_6.zip (https)
MD5: 283003C9B328A3DB79BC83AD3C3B0FB1
SHA256: E96417C26EA1231748C6A5DE2F12F56D816F2F875795ED7412ED5D6458CF7B93
Referenced in post(s):
Update: numbers-to-string.py Version 0.0.6

numbers-to-string_v0_0_7.zip (https)
MD5: C23E49A24B54365F469BB35CCDA12701
SHA256: 3E9E7DF84359BEB4A054FC82E73C3E94219FC85E462FFBE3676C16E115F61AB3
Referenced in post(s):
Update: numbers-to-string.py Version 0.0.7


oledump: Analyze OLE files (Compound Binary Files)
oledump-beta.zip (https)
MD5: 6B2F81410C9DB409E55A05AEB2E8342B
SHA256: E80244C87E11E516F5D7245224828BA15C4079EFE16582FE785D6E307C04B657

oledump_V0_0_10.zip (https)
MD5: 450C28232254F8FF3AF5E289F58D2DAB
SHA256: 139671E5E69200CECCE0EF730365C1BF1B7B8904B90E3B1E08E55AB040464C73
Referenced in post(s):
Update oledump.py Version 0.0.10

oledump_V0_0_11.zip (https)
MD5: 02AEF764545213E1B1A5895AD0706F78
SHA256: 162EE94B1A4533956EE2CE0CB13ECDF2FF6C18A0597685E690B8524526FD694E
Referenced in post(s):
A New Type Of Malicious Document: XML

oledump_V0_0_12.zip (https)
MD5: 0AB5F77A9C0F1FF3E8BE4F675440A875
SHA256: 6F87E65729B5A921079B9E5400F63BE6721673B7AC075D809B643074B47FB8D3
Referenced in post(s):
Update oledump.py Version 0.0.12

oledump_V0_0_13.zip (https)
MD5: 6651A674F4981D9AEDE000C1F5895B69
SHA256: 4452DF48F7D852140B4CD662AD95C6BC695F5F04009B37A367EB392384935C51
Referenced in post(s):
oledump And XML With Embedded OLE Object

oledump_V0_0_14.zip (https)
MD5: 5ECD8BC3BD1F6C59F57E7C74DACCF017
SHA256: 7EEF509D84F7185C299A17882D3BD71481B7B1E41654F463F58492455FBDBD11
Referenced in post(s):
Update: oledump.py Version 0.0.14

oledump_V0_0_15.zip (https)
MD5: 3E3930262DF06AB96B576004F8C930A5
SHA256: 2E256ACB0E8DF4174B5EB3260EF832133556A1F9CDF27212A85CB01D278C152E

oledump_V0_0_16.zip (https)
MD5: 774BF99A8E0607C6B611F4DBF021638A
SHA256: 8C1F22E0EEDB2556641BAF5724A41E25B87AA9ECDF3FA13F175D7C81316ED7EE

oledump_V0_0_17.zip (https)
MD5: 5AF76C638AA300F6703C6913F80C061F
SHA256: A04DDE83621770BCD96D622C7B57C424E109949FD5EE2523987F30A34FD319E1
Referenced in post(s):
Update: oledump.py Version 0.0.17 – ExitCode

oledump_V0_0_18.zip (https)
MD5: 88C9999726C0157267E2FF31E137D66C
SHA256: 1FC9EE7A0BB5A016339C73CBE5DE2F2C0A9C006BC924A5F9346F9F4EDE060939
Referenced in post(s):
Dump Tools: Cut Cut Cut …

oledump_V0_0_19.zip (https)
MD5: DBE32C21C564DB8467D0064A7D4D92BC
SHA256: 7F8DCAA2DE9BB525FB967B7AEB2F9B06AEB5F9D60357D7B3D14DEFCB12FD3F94
Referenced in post(s):
Analysis Of An Office Maldoc With Encrypted Payload: oledump plugin

oledump_V0_0_2.zip (https)
MD5: B493FAB9AC85749D49C4E1843BE19961
SHA256: 27386E61E0B4744EB9363040649B53488DA9139B7C33AFAC6E329F8C777DAD1B

oledump_V0_0_20.zip (https)
MD5: 715B33E8E090F2A061DB2EA5A913055F
SHA256: 056CC911AEDFFB48B756F1B941E14660EBA8B613C65B1026F5DA77FB3047DAE3
Referenced in post(s):
Update: oledump V0.0.20

oledump_V0_0_21.zip (https)
MD5: F72CBB797CE8FB810ACE5E54DC832129
SHA256: 016C772575DF381C274F6408B242945DE35679904B7C8B1B693ABFB2B3C023FB
Referenced in post(s):
Update: oledump.py Version 0.0.21

oledump_V0_0_22.zip (https)
MD5: CA91850BBC92E82D705F707704000F82
SHA256: 16763BCF15BFB3301FFAE0BDA26F18EE2946EDD7478994B798127DBBEF5FF9E7
Referenced in post(s):
Update: oledump.py Version 0.0.22

oledump_V0_0_23.zip (https)
MD5: 991910FF4AA47808A5BBCE0CC109D41A
SHA256: 612B6FD06856C7790D2F66B29286E7B89D35D8354ADB167CA512CC1CDE3F6C47
Referenced in post(s):
Update: oledump.py Version 0.0.23

oledump_V0_0_24.zip (https)
MD5: F1BFD24FBC72966D54C365B57E662700
SHA256: 4C175874EFDF7DB3264038BFACFD44F1B9060E834189FF3CBAA6C8EBD9D7F680
Referenced in post(s):
Update:oledump.py Version 0.0.24

oledump_V0_0_25.zip (https)
MD5: CED1602AEF505AE0388DB95414F9C00A
SHA256: 54510A54264E4EA3C4559545B5CE43A20D8AB290B4EDDA7B57983AD1396E29FC
Referenced in post(s):
Update: oledump.py Version 0.0.25

oledump_V0_0_26.zip (https)
MD5: 62030DEC6DBC2F69A37893FF1624F8EE
SHA256: A0DE8FD414A0B78FE8D72CAA58D8FA15159A7ABEA9842181C4C3C4EC1DE2EEC5
Referenced in post(s):
Update: oledump.py Version 0.0.26

oledump_V0_0_27.zip (https)
MD5: A6C6728E20AE46A4FECC5F3976AF33BF
SHA256: 54FE550D5102A0E9428F6BD9B5170B50797EDA2076601634519CDBB574004A3C
Referenced in post(s):
Update: oledump.py Version 0.0.27

oledump_V0_0_28.zip (https)
MD5: D89C1E0DA9A95A166EF8F36165F6A873
SHA256: 58F44B68BC997C2A7F329978E13DC50E406CCCCD2017C0375AA144712F029BFB
Referenced in post(s):
Update: oledump.py Version 0.0.28

oledump_V0_0_29.zip (https)
MD5: 7F98DB95E0E9FF645B8411F421387214
SHA256: E00567490A48A7749DF07F0E7ECD8FD24B3C90DC52E18AFE36253E0B37A543C5
Referenced in post(s):
Update: oledump.py Version 0.0.29

oledump_V0_0_3.zip (https)
MD5: 9D5AA950C9BFDB16D63D394D622C6767
SHA256: 44D8C675881245D3336D6AB6F9D7DAF152B14D7313A77CB8F84A71B62E619A70
Referenced in post(s):
Introducing oledump.py

oledump_V0_0_30.zip (https)
MD5: BBD53C65FC40891E2125B9808F507E4A
SHA256: 78CDC8C8BCD651A3578F567D24FD88300600E02520B2D75F45448E4FB480FEB0
Referenced in post(s):
Update: oledump.py Version 0.0.30

oledump_V0_0_31.zip (https)
MD5: 63B2B5ECE2BC46B937D33A6494F7F6A0
SHA256: D2CF42662897642DF27C863F6C246CE70019EDF03F275354A7A505DCE27632D1
Referenced in post(s):
Update: plugin_biff.py Version 0.0.2 / oledump.py Version 0.0.31

oledump_V0_0_32.zip (https)
MD5: 10D8995B6AF5C783B1F8AAF70B8FDB03
SHA256: 0E38BAF12B066A100F97F3362402E1999F2DE223A09491E3D44C20EA4BDBD8AB
Referenced in post(s):
New oledump Plugin: plugin_msg.py / oledump.py Version 0.0.32

oledump_V0_0_33.zip (https)
MD5: E5F879766B5C1C899E75E2F2A8ED9533
SHA256: 2B7C9565880F14E8A431F7819926EE801DE129458E682FAAF99FEF41AFA49934
Referenced in post(s):
Update: oledump.py Version 0.0.33

oledump_V0_0_34.zip (https)
MD5: 1BE4E08DE1B1E73D5808AECE1BD09852
SHA256: 74F1B05E50D2AF8072505587438BB8959F174BAF76ED6255116E806642E6C4B0
Referenced in post(s):
Update: oledump.py Version 0.0.34

oledump_V0_0_35.zip (https)
MD5: 2089AFC496FFE2E44F67CF9C44EB101B
SHA256: C232282BD8AE050EECA1455E6A58EAB8D5CBBDF0D61E9FE2077CDA3DEB15D325
Referenced in post(s):
Update: oledump.py Version 0.0.35

oledump_V0_0_36.zip (https)
MD5: D8C9FBFD1AA2238D6EB3CA164EE91A65
SHA256: BE609FD0D976984A8856939B76D7DF54AB5ED4934F58F7AD47E4D6E42CDFCCBF
Referenced in post(s):
Update: oledump.py Version 0.0.36

oledump_V0_0_37.zip (https)
MD5: BBC2F3B57266B557307E12E8BC950F98
SHA256: 573C73110CA35EE6451FD14EE7B7DCA3B53FF624ECCFF824799DA59F7767DA68
Referenced in post(s):
Update: oledump.py Version 0.0.37

oledump_V0_0_38.zip (https)
MD5: C1D7F71A390497A516F67D798BA25128
SHA256: 4CADEE69D024E9242CDA0CE3A9C22BCB1CAFF9D5BA2D946519C6B7C18F895B81
Referenced in post(s):
Update: oledump.py Version 0.0.38
Analyzing PowerPoint Maldocs with oledump Plugin plugin_ppt

oledump_V0_0_39.zip (https)
MD5: 5C9A1D94E1BC857877116E425D80A197
SHA256: DF7FFA0C707C8D66C0E0FBEE583286DBA9970824782C6B7AB6BFDC30A85BB419
Referenced in post(s):
Update: oledump.py Version 0.0.39

oledump_V0_0_4.zip (https)
MD5: 8AD542ED672E45C45222E0A934033852
SHA256: F7B8E094F5A5B31280E0CDF11E394803A6DD932A74EDD3F2FF5EC6DF99CBA6EF
Referenced in post(s):
oledump: Extracting Embedded EXE From DOC

oledump_V0_0_40.zip (https)
MD5: 4013CC3A01D4CAE481EAA099A080B07F
SHA256: C5EC0B7B1EFA69D9EB6572F61D866ECEA7952FEADA06943377F8178C7A252E70
Referenced in post(s):
Update:oledump.py Version 0.0.40

oledump_V0_0_41.zip (https)
MD5: 4FD7E627F5078245705526EBE09D7989
SHA256: 0793CA920DA8B4BD09A040FEE12463BE7D8AF8AE6DFB0968CADCE478BC153CD8
Referenced in post(s):
Update: oledump.py Version 0.0.41

oledump_V0_0_42.zip (https)
MD5: C5CCF18F9F10CB6916CC74C002C78EDE
SHA256: 14A1FDA4AB57B09729AEB2697818782FAE498369A760FEC8AEE5CFB0A0E9D126
Referenced in post(s):
oledump.py
Update: oledump.py Version 0.0.42

oledump_V0_0_5.zip (https)
MD5: A712DCF508C2A0184F751B74FE7F513D
SHA256: E9106A87386CF8512467FDD8BB8B280210F6A52FCBACEEECB405425EFE5532D9
Referenced in post(s):
Update: oledump.py Version 0.0.5

oledump_V0_0_6.zip (https)
MD5: E32069589FEB7B53707D00D7E0256F79
SHA256: 8FCEFAEF5E6A2779FC8755ED96FB1A8DACDBE037B98EE419DBB974B5F18E578B
Referenced in post(s):
Update: oledump.py Version 0.0.6

oledump_V0_0_7.zip (https)
MD5: 7A953BAFFA1E5285651699996FA2DF84
SHA256: F5DC5F650F005E530A7D0CF510C33E3A4EF29AD85B1DA2618B237F53A46B86B5
Referenced in post(s):
Update: oledump.py Version 0.0.7

oledump_V0_0_8.zip (https)
MD5: 29EBF73F5512B0BC250CD0A0977A2C72
SHA256: 09C451116FCDE7763173E1538C687734D92267A0D192499AFD118D8D923165B9
Referenced in post(s):
Update: oledump.py Version 0.0.8

oledump_V0_0_9.zip (https)
MD5: 849C26F32397D2508381A8472FE40F90
SHA256: 74887EA3D4362C46CCBF67B89BB41D7AACE9E405E4CB5B63888FEDCE20FD6A07
Referenced in post(s):
Update: oledump.py Version 0.0.9


OllyStepNSearch: Plugin for OllyDbg
OllyStepNSearch_V0_6_0.zip (https)
MD5: 6302043B90834E6EE39F720C94C9D772
SHA256: B46F3A03D6C459EC36571948D84D933E4339F225B561FAC04DE4FB4525E70C9C

OllyStepNSearch_V0_6_1.zip (https)
MD5: D32BA4B0042BF9342B05FCBC0CF573B6
SHA256: 61ACA61F3399322B797EB58425A13AF3E68EB590AC747D1D244385E0923ABA52
Referenced in post(s):
OllyStepNSearch


password-history-analysis: Program to analyze password history
password-history-analysis_v0_0_1.zip (https)
MD5: 2ED7FB5E6968B25AEBF623754E5513B0
SHA256: DA75A8E2C92DCD31FB3C05732C660C3996EAEBADFA198535C051DC02AE94805B
Referenced in post(s):
Password History Analysis


Paste: paste does the opposite of clip, read the clipboard and write it to stdout
Paste_V1_0_0_1.zip (https)
MD5: 2107C78DEA38EA98825BB686DB2291AD
SHA256: 329A0AA96E855219ACB99D7BC35F78CE552645F7829D1B475924F895BA614637
Referenced in post(s):
The Paste Command


pcap-rename: program to rename pcap files with a timestamp
pcap-rename_V0_0_1.zip (https)
MD5: 5F844411E178909970BC21349A629438
SHA256: AB706DB3470A915A3031EC248B8DAF83C08F42DBF6AC2EACB1A2DB2493B0AEEE
Referenced in post(s):
pcap-rename.py

pcap-rename_V0_0_2.zip (https)
MD5: 6EFFA5313946DEAF3363835B1D3C684E
SHA256: 3BA23CC936B49AF83306E486B0BFC9ABAF5BD0B5E3DEF81D8564BCC3810C06B9
Referenced in post(s):
Update: pcap-rename.py Version 0.0.2


pdf-parser: PDF analysis program
pdf-parser_V0_2_0.zip (https)
MD5: 973E57E5EA8706F92EB0D6BA46EE9EFD
SHA256: 637C95018653C406F0A3AF62E72D9BF396C4AC56A8189586EB59467BD364A7D6

pdf-parser_V0_3_0.zip (https)
MD5: DC34F3B9E0436BA985B53DD44BEEBFA6
SHA256: 9DB432CDEA25E3408E07C612FED8A8B245EF378DDC737914F04248953567A691

pdf-parser_V0_3_1.zip (https)
MD5: 07CDA54844CD6567473CBF2B0DFC601C
SHA256: 7614AEC453502EEF43F9EA04A82092C4ACDD32AB86D1C4D744B7B590C74152EC

pdf-parser_V0_3_5.zip (https)
MD5: 07EA2C47766ADF248102E378C65D03F3
SHA256: 5EAD0F9BE9693EF836CF67FF2B796324ED5E7053D34BF4FA588D250A7DA2E761
Referenced in post(s):
Update: pdf-parser Version 0.3.5

pdf-parser_V0_3_7.zip (https)
MD5: BDC0E5A82EB6D7C287E7360D8901023D
SHA256: C83D39F8938A00A3EB2BDE3134EFAF3A2BE11E72C2C8A92841D4E1E82366D7E1

pdf-parser_V0_3_9.zip (https)
MD5: 6C91F8D4E8EA8BEF6F60CEDA4E1CDEA0
SHA256: 9D4549B6A93BF83EA74A905E3271272EBCEC6B6329867F1C0FCB59920C3C3CB4

pdf-parser_V0_4_0.zip (https)
MD5: 9C2680974DCF11714F743F6C7885A7FA
SHA256: 0035C2304FC85B696EB7E9E64B19A4E1EAE25BA4719D5B0FF91D7D306981CEE4

pdf-parser_V0_4_1.zip (https)
MD5: A0314C0CD8AAE376C7448E74D4A7472C
SHA256: 633B7400015B2C936103CC64C37435FB333B0F2634B2A6CD3A8949EAB1D18E9B
Referenced in post(s):
Update: pdf-parser Version 0.4.1

pdf-parser_V0_4_2.zip (https)
MD5: B0C8F02358B386E7924DACB3059F8161
SHA256: E90620320AF6ED8E474B42BF6850E246446391878F87AE34DCDBD1D9945A6671
Referenced in post(s):
pdf-parser: Searching Inside Streams

pdf-parser_V0_4_3.zip (https)
MD5: 2220FFE37AEA36FC593AE33440385E76
SHA256: 1416624938359FDD375108D922350D1B7B0E41B3A40A48F778D6D72D8A405DE6
Referenced in post(s):
Update: pdf-parser V0.4.3

pdf-parser_V0_6_0.zip (https)
MD5: 25CC4907B862259500A3EB73DE83BBFD
SHA256: 8902ABE1A9BDB61887D501546CCF333724BCF7B3E3E02CE2541BC311AD8E98DF

pdf-parser_V0_6_2.zip (https)
MD5: D6717F1CA6B9DA2392E63F0DABF590DD
SHA256: 4DC0136062E9A5B6D84C74696005531609BD0299887B70DDFFAA19115BF2E746
Referenced in post(s):
pdf-parser: A Method To Manipulate PDFs Part 1

pdf-parser_V0_6_3.zip (https)
MD5: 62D1AFACA8C124FB2AC279F22C088BB3
SHA256: 339E8D18BE21BAD6B2B33BDD29721F32624F3D842087D3AE353C6F8D6B92D185

pdf-parser_V0_6_4.zip (https)
MD5: 47A4C70AA281E1E80A816371249DCBD6
SHA256: EC8E64E3A74FCCDB7828B8ECC07A2C33B701052D52C43C549115DDCD6F0F02FE
Referenced in post(s):
Update: pdf-parser Version 0.6.4

pdf-parser_V0_6_5.zip (https)
MD5: 7F0880EB8A954979CA0ADAB2087E1C55
SHA256: E7D2CCA12CC43D626C53873CFF0BC0CE2875330FD5DBC8FB23B07396382DCC85
Referenced in post(s):
Bugfix: pdf-parser Version 0.6.5

pdf-parser_V0_6_6.zip (https)
MD5: 47326468E1B5A1AF7BB8AD63688804D9
SHA256: 51C9B25B939B135D9949E51463F58ECEC0BEBEFB9C0EAA0B93326CBFB4D8F061
Referenced in post(s):
Update: pdf-parser Version 0.6.6

pdf-parser_V0_6_7.zip (https)
MD5: D04D7DA42F3263139BC2C7E7B2621C91
SHA256: ED863DE952A5096FF4BE0825110D2726BA1BE75A7A6717AF0E6A153B843E3B78
Referenced in post(s):
Update: pdf-parser Version 0.6.7

pdf-parser_V0_6_8.zip (https)
MD5: 7702EEA1C6173CB2E91AB88C5013FAF1
SHA256: 3424E6939E79CB597D32F405E2D75B2E42EF7629750D5DFB39927D5C132446EF
Referenced in post(s):
Update: pdf-parser.py Version 0.6.8

pdf-parser_V0_6_9.zip (https)
MD5: 27D65A96FEAF157360ACBBAAB9748D27
SHA256: 3F102595B9EAE5842A1B4723EF965344AE3AB01F90D85ECA96E9678A6C7092B7
Referenced in post(s):
Update: pdf-parser.py Version 0.6.9

pdf-parser_V0_7_0.zip (https)
MD5: CDE355BB3FCACE3C4EDBC762E632F9AB
SHA256: 219FF0BB729C4478679A79163CA9942296ACF49E4EC06D128CBC53FBEE25FF05
Referenced in post(s):
Update: pdf-parser.py Version 0.7.0

pdf-parser_V0_7_1.zip (https)
MD5: 1480D3BF602686C9E7C2FE82AC6C963B
SHA256: D2C8E0599A84127C36656AA2600F9668A3CB12EF306D28752D6D8AC436A89D1A
Referenced in post(s):
PDF Tools
Update: pdf-parser.py Version 0.7.1


pdfid: PDF triage program
pdfid_v0_0_10.zip (https)
MD5: A06B023457DACE24FDFBF537282E1A76
SHA256: 18D88B15C90504BE6A2FF2814BD15A7B20B945337252018A0072AEFD99D5AAC8

pdfid_v0_0_11.zip (https)
MD5: 99BFA4916EC5E005953E3D9D8AD96C83
SHA256: C831569C8139D5CA5709600B987C929716FE58B1DD6B65F18EC84473A83B4075

pdfid_v0_0_12.zip (https)
MD5: 628BB84D7A4FE1A32F23954DD067E667
SHA256: A10B3C0B9BFB467A2C4C2EE6C786CF5E98A7CAD32AC5BEA498DD9796031A77D5

pdfid_v0_0_2.zip (https)
MD5: 21093726A57F39E08A679A11B6616931
SHA256: C3B190DD5E07FCEA2954D5686096155B39B5CAB6A21C17DD0C8D1838CACD4ED3

pdfid_v0_0_6.zip (https)
MD5: CE809DAC132BA2BD1C74413F125C2A70
SHA256: 0DB423F0E01197977C676C14B5BDA2FBBC9840CDD86160716A43CED0F84753FE
Referenced in post(s):
Quickpost: Disarming a PDF File

pdfid_v0_0_7.zip (https)
MD5: 06DA1B6E621F373CBAF0F9514B3F433A
SHA256: 3AE403684F9EE141838C7CDAD674FCE06807C983C1078EC68EF94AF4A02823C0

pdfid_v0_0_8.zip (https)
MD5: 9769FB96899F3AD15510C903A4FB29EF
SHA256: 542734C2613439851AF99B59725B1607F96A6E9396B447C5BD3AF197AABB0231
Referenced in post(s):
Update: PDFiD Version 0.0.8

pdfid_v0_0_9.zip (https)
MD5: 1C731D6204C09AAFF219876A8FB5E834
SHA256: 24A9B16E67A84E85488A16879CB611128B2E5921044E48EFB60D784BD785CBD0

pdfid_v0_1_0.zip (https)
MD5: 6A5FF56C22EF2745C3D78C8FD8ACA01F
SHA256: D72FE8555DC89808EE7BFC9F791AD819A465106A95801C09C31B0FD2644B3977
Referenced in post(s):
Update: PDFiD Version 0.1.0

pdfid_v0_1_1.zip (https)
MD5: 069F0286A99AF03712DB2992B464833D
SHA256: 875CE564837D9B72BC3055A617795A96245D337CC20BEC235A2F6857F42C9114

pdfid_v0_1_2.zip (https)
MD5: 60FC17757201F014A6ADA0744B74A740
SHA256: 1CF36C50427A2206275C322A8C098CD96A844CAF6077B105ADE9B1974789856F
Referenced in post(s):
Update: PDFiD Version 0.1.2

pdfid_v0_2_0.zip (https)
MD5: D4D07B43961D548F428C5FF6236FD6DD
SHA256: 19ABC7F2B88A794A1718949020F88C80AAFA2DEC9D23891A1AF5EDF764AD1F40

pdfid_v0_2_1.zip (https)
MD5: 7463412536678B321276F8720F52DE81
SHA256: F1B4728DD2CE455B863B930E12C6DEC952CB95C0BB3D6924136A6E49ACA877C2
Referenced in post(s):
Update: PDFiD With Plugins Part 1

pdfid_v0_2_2.zip (https)
MD5: 20614B44D97D48813D867AA8F1C87D4E
SHA256: FBF668779A946C70E6C303417AFA91B1F8A672C0293F855EF85B0E347D3F3259
Referenced in post(s):
Update: pdfid.py Version 0.2.2

pdfid_v0_2_3.zip (https)
MD5: 65966E8BBF932D3C0830B755FDE094FE
SHA256: 9482176D173EFA6F2F33EE409B091BFA45685FC285B87F7219A4E9418B47F739
Referenced in post(s):
Update: pdfid.py Version 0.2.3

pdfid_v0_2_4.zip (https)
MD5: 36D5554BC881E7E21382ADA1305ED6F4
SHA256: C1DA287C9C06E3158F79CECF9C2E9A7773FC57FC92021F17B79DDD4B1E5DBB2A
Referenced in post(s):
Update: pdfid.py Version 0.2.4

pdfid_v0_2_5.zip (https)
MD5: 9B835D9E934A7AA7E68C3649A7AA5DAF
SHA256: 4DD43D7BDA885C5A579FC1F797E93A536E1DB5A4AB52A9337759A69D3B0250E0
Referenced in post(s):
PDF Tools
Update: PDFiD.py Version 0.2.5


PDFTemplate: 010 Editor Template for PDF file format
PDFTemplate.zip (https)
MD5: C124200C3317ACA9C17C2AE2579FCFEB
SHA256: 24C4FEAD2CABAD82EC336DDCFD404915E164D7B48FBA7BA1295E12BBAF8EB15D
Referenced in post(s):
PDF Tools


pecheck: wrapper for pefile
pecheck-v0_4_0.zip (https)
MD5: 27041C56B80B097436076B7366A6F3B2
SHA256: F9C73ED054AE4D5E9F495916D1B028FD8D6E9B2800DCE1993E568E2A2BFD9A71
Referenced in post(s):
Update: pecheck.py Version 0.4.0

pecheck-v0_5_0.zip (https)
MD5: B873F8B5F6D408E4026010F010EA5FC4
SHA256: 7FCE12A8B10BEFF0C991B652CEDE376C187E74F23C603BF1A9250C9E7756AB48
Referenced in post(s):
Update: pecheck.py Version 0.5.0

pecheck-v0_5_1.zip (https)
MD5: F045A67AC1ECCF129030DFCE316383A9
SHA256: 9F6EFD34455D530BD3A867FEDD40C1E9538E8B7299E538AAC73D936EDF9904EF
Referenced in post(s):
Update: pecheck.py Version 0.5.1

pecheck-v0_5_2.zip (https)
MD5: A4FF0507C206535FA9224F65CCD3497D
SHA256: DE4D06F00FD9EC74FD52689B711FBF10F953F14DAFACBDE214E0A4947E60D8A6
Referenced in post(s):
Update: pecheck.py Version 0.5.2

pecheck-v0_6_0.zip (https)
MD5: D3A9C71AAF63D83884B4FEF2C2C21D03
SHA256: 08DB82F190AEEB065A65FEE0DD03D20B0CC788878C4864B537BBD1807E4D6B71
Referenced in post(s):
Update: pecheck.py Version 0.6.0 – Overview Of Resources

pecheck-v0_7_0.zip (https)
MD5: 7BE550EC71BF99FC31704C2DD4ED3C8A
SHA256: 12C03369362045DF5A9AAB83002E59A4A31050EC008DF45F777C87186D611F6E
Referenced in post(s):
Update: pecheck.py Version 0.7.0

pecheck-v0_7_1.zip (https)
MD5: D5907442424C527A9937CFA65377C9BD
SHA256: BF2F162D108F17F350111645B8DFFE5D3641065CB6EE3CE318FCBEC83507917B
Referenced in post(s):
Update: pecheck.py Version 0.7.1

pecheck-v0_7_2.zip (https)
MD5: 2A501CD2D15E1108B909B7FCEDFBDA13
SHA256: 9CACA5A41A84049FE6B0D5807A31B7FC5B1A5AC71B3FD3BE4EAC71A96BBDFB3E
Referenced in post(s):
Update: pecheck.py Version 0.7.2

pecheck-v0_7_3.zip (https)
MD5: 480C9AC4BEE09CAAFB1593E214A39832
SHA256: 359A44751BAA34450B2DA92539AB425507EBB90F8F57CF50E561CCE111809637
Referenced in post(s):
Update: pecheck.py Version 0.7.3

pecheck-v0_7_4.zip (https)
MD5: E0F90B85576F7BC42BB8601E650134FB
SHA256: E011CD82F5E3244553FBA52DDF3F0D3076E88A6F35E50AA18AC0DAAC6ED91389
Referenced in post(s):
Update: pecheck.py Version 0.7.4

pecheck-v0_7_5.zip (https)
MD5: 62EC77D9DD51252F5E3E299574FF9395
SHA256: 983895B49A0B71A76E99568DC0D2D9B9AE6D3AFEAB7F7D22816EC718400DBB29

pecheck-v0_7_6.zip (https)
MD5: C07704E37FB1C18B769BB5336CD2478A
SHA256: 312E730F6DE784808B6E5BE355752803F281F7DC838E4B9C6B3FE924622F47F8
Referenced in post(s):
Update: pecheck.py Version 0.7.6

pecheck.zip (https)
MD5: EE42C8FF3C90B4F5466A9AEFD152156F
SHA256: 679690A1377617E9FEFF31F535A3CCBB3D951FFEBA697FBBD830D653D483AA65
Referenced in post(s):
Sampling a Malicious Site

pecheck_v0_3_0.zip (https)
MD5: C2AC9FED3C7F1787854C8D0E651B2591
SHA256: 3CDEBADA4C594DD3622E234747C6AABD41573C94087C0554CBA65D0472F6B413
Referenced in post(s):
pecheck.py


peid-userdb-to-yara-rules: Convert PeID userdb to YARA rules
peid-userdb-to-yara-rules_V0_0_1.zip (https)
MD5: D5B9B6FA7EC50A107A70419D30FEC9ED
SHA256: F8A12B5522B92AE7E3EDF11ACFAEEA7FDCC7FBDA8DC827D288A2D92B2B2CA5E2
Referenced in post(s):
Converting PEiD Signatures To YARA Rules

peid-userdb-to-yara-rules_V0_0_2.zip (https)
MD5: BE287BE1CB4EAFC360B1105C47F81819
SHA256: DC673DC90420F880EBDC8A0298410B3B8D90AFBCCE868A3E075DB5AAF898A188
Referenced in post(s):
Update: peid-userdb-to-yara-rules.py


PFTemplate: 010 Editor Template for PF file format
PFTemplate.zip (https)
MD5: 11F6BB8EC0D29CBCC7C2F269E9900AF0
SHA256: 4429380778C94E47427C1753BAF91E0D8AF78985AA9F3868CF3FC07456F7BAFA
Referenced in post(s):
Prefetch File 010 Template

PFTemplate_V0_0_2.zip (https)
MD5: 56A98A78BD4E8D1AED88385AF1DD8446
SHA256: E15D721E46FFB8158C6D14C9A38DE4E3DD5DCD0972896441DF17590C540DBCC3
Referenced in post(s):
Update: Prefetch File 010 Template


psurveil: Photo Surveillance for N800
psurveil-0.2.1-source.zip (https)
MD5: 0CFDCA784E15D45AB882BC5BB7E635ED
SHA256: 0A9132C7B4A72A1289652CC307F2C92B0DAD9BB43706CDEE90BCCA06440A0A60
Referenced in post(s):
Looking for N800 Beta Testers, No Voyeurs Please 😉

psurveil-0.2.1.zip (https)
MD5: 6B0E8C000EA4FF7EBAA4E50A07589EB5
SHA256: B399FBDCED4F3F1CC79782652D30A9A9CD96FCE5F3F948493A0929C7DE3318FD
Referenced in post(s):
Looking for N800 Beta Testers, No Voyeurs Please 😉


python-per-line: Program to evaluate a Python expression for each line in the provided text file(s)
python-per-line_V0_0_1.zip (https)
MD5: B7C1146D44D6B3F8B04C571E8C205191
SHA256: 6D7931B33F8A1D81539E892897D301145A63502A181B2B89A01466D599D53787
Referenced in post(s):
New Tool: python-per-line

python-per-line_V0_0_2.zip (https)
MD5: AB2377D366AB33992A535AF1EE489CBD
SHA256: 045F398FBCF6DDFF4A25B38007ADDF89B3256C21C8808B58FBC96855D55E6171
Referenced in post(s):
Update: python-per-line.py Version 0.0.2

python-per-line_V0_0_3.zip (https)
MD5: 40B787E184EBAAD91A9104BF1BF1BF1A
SHA256: 1D7CAE95B5EA169286E4B1528D834D814A474A86240B9975385968B2BADF59AB
Referenced in post(s):
Update: python-per-line version 0.0.3

python-per-line_V0_0_4.zip (https)
MD5: FE8E875E2A7B8CD89FCAAB3B5830206C
SHA256: 7A6DACBAFC13DDE164F2AAB49DA766613F23BE78FF9BCAF5392EEA01F71620D0
Referenced in post(s):
Update: python-per-line.py Version 0.0.4

python-per-line_V0_0_5.zip (https)
MD5: 1CED1F84FD44E64BF448558BA02E0978
SHA256: 8E6845006BD3463135CE7AA0AA05FA596AC10E6E2ACC4B45C5909B624A20D6A5
Referenced in post(s):
Update: python-per-line.py Version 0.0.5

python-per-line_V0_0_6.zip (https)
MD5: FDA3365E2DC54EF65B2E8F6EE8D0DB9E
SHA256: E7496229BF64B2772AF5C49E4BC065281F06043192453E96A783808F6F3E61D1
Referenced in post(s):
Update: python-per-line.py Version 0.0.6


python-templates_V0_0_1.zip (https)
MD5: 99E9D87681470F1BAE020B68F2853F49
SHA256: 2CA24AD6928FA2FE2DE894FEFBD1B41238B723D46ADED4064D26374A805BA1C4
Referenced in post(s):
Release: Python Tool Templates


re-search: Program to use Python’s re.findall on files
re-search_V0_0_1.zip (https)
MD5: 5700D814CE5DD5B47F9C09CD819256BD
SHA256: 8CCF0117444A2F28BAEA6281200805A07445E9A061D301CC385965F3D0E8B1AF
Referenced in post(s):
Extracting Dyre Configuration From A Process Dump

re-search_V0_0_10.zip (https)
MD5: A4A22FBA70990B57C811DD290C6F0DAA
SHA256: BF5084E4CE7A528AB2701D5AAA6C7366A3A43B8768C712263133A6E302569E86
Referenced in post(s):
Update: re-search.py Version 0.0.10

re-search_V0_0_11.zip (https)
MD5: 72F160A83E214351162704EB4B94EB9E
SHA256: 624E2864738008F6A63CC4E3F7B5FCB3738389DBC7E6EF29BC8C2F749ABAD9DE
Referenced in post(s):
Update: re-search.py Version 0.0.11

re-search_V0_0_12.zip (https)
MD5: 8CA8D767BDB126B097E41F0D4B1F197B
SHA256: 69752CF9862FC4EC29DD96289A21D1C8C82FB4C3C3083BE622C169BA658F0A40
Referenced in post(s):
Update: re-search.py Version 0.0.12

re-search_V0_0_13.zip (https)
MD5: 241464482856756FF1C0C2386AF84CD5
SHA256: 9409EC639C4C6E988ADFC2401CA89200712BE171894D214B56E4ACC84C32E489
Referenced in post(s):
Update: re-search.py Version 0.0.13

re-search_V0_0_2.zip (https)
MD5: FC921EAF48774B6E113FAE76867B69E1
SHA256: B07BF53FE476E6FC4D5B568BA2B0B70DD3BC037478A2CBF3A08A1AA6CCDD402C
Referenced in post(s):
Update: re-search Version 0.0.2

re-search_V0_0_3.zip (https)
MD5: 6C4F59C4BA5DAC1D16D3E09D1E333FD0
SHA256: BFB019F1350F7D63FB3704322F62894A4B17D8EE03CC186156F2A97045E47F58
Referenced in post(s):
Update: re-search.py Version 0.0.3

re-search_V0_0_4.zip (https)
MD5: 965C484CC5BF447B390BA4E176698972
SHA256: D2F3A52F7590CD38E796B6F6209FC87A1BD6451F1787010557FA39E25AFDBC2F
Referenced in post(s):
Update: re-search.py Version 0.0.4

re-search_V0_0_5.zip (https)
MD5: A03CBBA9F2C5900A368BC064D3CC3D00
SHA256: 940B12CA8E3ADCC0266BC788B5A7AE2C830115BDB9FC04C3A7A178FDD7D44F02
Referenced in post(s):
Update: re_search.py Version 0.0.5

re-search_V0_0_6.zip (https)
MD5: 0FFBDC31D2257BA85251F9C54D0804A1
SHA256: E05008772AB3C97478749FE383E04155466D6DF6BF22E1BBDC5A6B8B6BB3E0C8

re-search_V0_0_7.zip (https)
MD5: 38EBBC6B45476AA2FB03DC9604D2F7EE
SHA256: 7BE3B986126C3E40A886A66A08EA360EEE01A29F064F2D3235A1311C4FB4E45E
Referenced in post(s):
Update: re_search.py Version 0.0.7

re-search_V0_0_8.zip (https)
MD5: D4895B54268683BFBE0126D02B01A4A2
SHA256: 85919EB964FF9CF0EDE7DA64E9BCE6619480DAC71D0CB65B5EE667322B18DDBB
Referenced in post(s):
Update: re-search.py Version 0.0.8

re-search_V0_0_9.zip (https)
MD5: E9BC3AFF3FA3D6ED0F14EC4941955C2D
SHA256: 4AA92E513A478D02DD12110D3759FFCB2996A3E8A5D2D812124922C5023C3B50
Referenced in post(s):
Update: re-search.py Version 0.0.9


regedit-dll: ReactOS regedit.exe transformed into a dll
regedit-dll_v0_0_1.zip (https)
MD5: A736AE075FE12656D4A8DB7421AB035B
SHA256: 8392D6C814670F7198BFFF9741F4589D806FFF1C89A964AD14C9DA4047F45C6F
Referenced in post(s):
Excel with cmd.dll & regedit.dll


RegistryScanner-beta.zip (https)
MD5: 5D05A681A5F3C51B61EE1D73BF76286B
SHA256: 6117206A039DA6248167506EA7AC42262F2AF58D2864EF11AEF433C77397D5FF


rtfdump: Analyze RTF files
rtfdump_V0_0_2.zip (https)
MD5: 368CCACC556E283D5E1759ED5E164BFF
SHA256: DA9B0AB231B1ADBC1083FC0F915A789EF19A5F7540C317CFA80BF3DE038C7952
Referenced in post(s):
Releasing rtfdump.py

rtfdump_V0_0_3.zip (https)
MD5: 59DC23EE55F76C065A2A718DDFDB0E4E
SHA256: 46F9D768C6976AD5D4018EFDFD35DAE4212FEAE57871434A33CAEF028CB4CBA2
Referenced in post(s):
rtfdump: Update And Videos

rtfdump_V0_0_4.zip (https)
MD5: C384FD5356DA4E2129E44903BA20966A
SHA256: 0B73AB16577BDB1DC0B1431013E28893004DD563DD4C4D00BA1D20B1DBAED917
Referenced in post(s):
Update: rtfdump Version 0.0.4

rtfdump_V0_0_5.zip (https)
MD5: 14475C70D992FB72306D5F83815DDE19
SHA256: A26A60536509BA7CF55FF1876E8BC3A6DBA43F1EF8841F159D55411FD11B5078
Referenced in post(s):
Update: rtfdump.py Version 0.0.5

rtfdump_V0_0_6.zip (https)
MD5: B4F9264F2431322F52BAAB834A5A144D
SHA256: C15918E89313D03F01BC8A3BCB68376B6E21558567BDFD81889F48196DC80986
Referenced in post(s):
Update: rtfdump.py Version 0.0.6

rtfdump_V0_0_7.zip (https)
MD5: 59F86BA57D67CB78B9D863AFEA710709
SHA256: 1A8EDD4F73F020F44B0AAB39FC3A1C313C81BF8A1E031A76D8B8C85E34116DD6
Referenced in post(s):
Update: rtfdump.py Version 0.0.7

rtfdump_V0_0_8.zip (https)
MD5: 5EB2E1CBD0EFFF14BC4EEC43A10B1A84
SHA256: 6B9AD22FD55D28A1CFCD5660E4200F38152601DE74DC2566B1749AD7A334B328

rtfdump_V0_0_9.zip (https)
MD5: 26BE358EC8D42BB7532B6C0C1EBAD1F2
SHA256: 3F6410AC7880116CDDE4480367D3F5AA534CCA3047B75FEA0F4BA1F5EAA97B07
Referenced in post(s):
Update: rtfdump.py Version 0.0.9


RTStego: Rainbow table steganography
RTStego.zip (https)
MD5: 8DE76B0E81314CF8614678621CB7D162
SHA256: E8E8AA7A397E576D2BEB761B045D974D4D25E22AC6E3680154940A586AFEB91F

rtstego2.zip (https)
MD5: E8C7CBDD6B5C2FF56A2BDC3B04401AFB
SHA256: 31CBEFDCB5C865E9AE243BC1C0261DD08CF1FFABE792AEAA9DE9F903E9CAECA9
Referenced in post(s):
Hiding Inside a Rainbow, Part 3


runasil: Launches program with a low integrity level
runasil_V0_0_0_1.zip (https)
MD5: 5B8CE64715903DD7EEF4AF3B89E6E6FD
SHA256: 15841A9D9985E626C5B70B4BC3B2BF2CD68C38102B6BB1D92BA352D19F5C8A65
Referenced in post(s):
Runasil


RunInsideLimitedJob: Start program and run it inside a limited job
RunInsideLimitedJob-DLL64_V0_0_0_1.zip (https)
MD5: A6048613CE00C9F401A8AC7943A451E3
SHA256: 279F6BE0EB124814D37A5E70F2D906B1756B27CDDC7E7AEA40B2B42B39C0CFCA
Referenced in post(s):
RunInsideLimitedJob 64-bit

RunInsideLimitedJob_V0_0_0_1.zip (https)
MD5: 90055BA2928D06EC7A883DEF6E7F37C6
SHA256: EF88A2963436F5893727A90413CE624B473352190E936E35EEF85E246655486D
Referenced in post(s):
RunInsideLimitedJob


SE_ASLR: Force ASLR on Windows Explorer Shell Extensions
SE_ASLR_V0_0_0_1.zip (https)
MD5: 9D6AE1A96D554AEE527EB802FE59FB20
SHA256: 8A6C1406A757CD9788A2630D76A497E2C058333EE4D44CA0B85B2A05A39F257E
Referenced in post(s):
Force “ASLR” on Shell Extensions

SE_ASLR_V0_0_0_2.zip (https)
MD5: C835D1DDB64A68A1CD48CCF87AE03D18
SHA256: 1560BEE96CFC956A5E8954FEFD92ED227293418B19FE6B06D4ED703B6C50F4AC
Referenced in post(s):
Update: SE_ASLR Version 0.0.0.2


search-and-replace-with-wildcards: 010 Editor Script for search and replace with wildcards
search-and-replace-with-wildcards_v0_0_1.zip (https)
MD5: 7D620E8BEFFD4ED5563D9944C9B0B859
SHA256: B7F074304660A8DBF7AB2261D8619FFFFD461EFB5EE4C6E42880C87A3C1A4AB7
Referenced in post(s):
search-and-replace-with-wildcards.1sc


SelectMyParent: Launch a program and select its parent
SelectMyParent_v0_0_0_1.zip (https)
MD5: AF327175764886FB41304F7BC157FC58
SHA256: 16F40EB7996BAC1084DA366B1CF89ADA40093099373DB1FDBAE81CDCA5D2B560
Referenced in post(s):
Quickpost: SelectMyParent or Playing With the Windows Process Tree


SendtoCLI: GUI tool for CLI commands
SendtoCLIBeta.zip (https)
MD5: F672206A863642E2706A328ECCC18AE2
SHA256: 3EAB27C2496233816AD76E0EB0E35D274D4C711D7EFF8AE236BF0154DE55A423


setdllcharacteristics: Tool to set DEP, ASLR, … flags of a Windows executable
setdllcharacteristics_v0_0_0_1.zip (https)
MD5: F96358BF90AA4D8C6B32968B2068BFCB
SHA256: 5A9D3815F317C7C0FF7737F271CE0C60BE2CB0F4168C5EA5AD8CEF84AD718577
Referenced in post(s):
setdllcharacteristics


sets: Set operations on 2 files: union, intersection, subtraction, exclusive or
sets_V0_0_1.zip (https)
MD5: DF0AE1EF67B4BA04750A39EF7FAEE09C
SHA256: A5FF61610AD67CA0638E53A10DD083612C2F5BF42218DD2393AFD20035E89B9F
Referenced in post(s):
New Tool: sets.py

sets_V0_0_2.zip (https)
MD5: F744A900D3EBF7A0D0927F5244FA65F9
SHA256: B205B766D0FB4D12DD334BD6CD20748E14EF1136D545F7EFBB5CEAC6B3F0D942
Referenced in post(s):
Update: sets.py Version 0.0.2


shellcode2vba: Convert shellcode to VBA
shellcode2vba_v0_3.zip (https)
MD5: 44AF2685975346F9DE09E48E7FB855CE
SHA256: 04C42FA26717CCC7BC17A7BEDA02C746CA1A8BC8C6CE184670CD686796B5FF10
Referenced in post(s):
shellcode2vba

shellcode2vba_v0_4.zip (https)
MD5: DA1580DEF5B5CFF08ACF5FA921AF0822
SHA256: BDC0A5EC3E918B3DA27C392E1B2F909B7BDAD319C43A4250689DD38C81FF876F
Referenced in post(s):
Update: shellcode2vba.py Version 0.4

shellcode2vba_v0_5.zip (https)
MD5: BAD6684A6887F9E90FF755609B4CA2D5
SHA256: C403CD8196593F2ADD6BED40E9E7A14E49DB48909788DE8BB27A95D71E58A13A
Referenced in post(s):
Update: shellcode2vba.py Version 0.5


shellcode2vbscript: Convert shellcode to VBA
shellcode2vbscript_v0_1.zip (https)
MD5: AAB0431127C657C9A3EF67E1C73E6711
SHA256: D1CDDAFCB734EC3F35E558DECFF2EDB73DC0C394936814B602B605F09DE4A5E5
Referenced in post(s):
Shellcode 2 VBScript


ShellCodeLibLoader: ShellCode With a C-Compiler
ShellCodeLibLoader_v0_0_1.zip (https)
MD5: F6D4779097A8A11C412BDD47B7B1C8AE
SHA256: 3294A4322926476562AF34A80B8155638EFEEF38E401E69D6DB9BBB652C3EB58
Referenced in post(s):
Shellcode


ShellCodeMemoryModule: Generates DLL-loading shellcode from memory
ShellCodeMemoryModule_V0_0_0_1.zip (https)
MD5: CEABB3A8A9A4A507BA19C52EE2CC5DA9
SHA256: 284344C909E623B0406BB38A67F5A7A1AEE2473721244EED52CCEBB8846B0500
Referenced in post(s):
Shellcode


shift: 010 Editor Script to shift bytes in a file or selection
shift_v0_0_1.zip (https)
MD5: 0E98DD182D12839FD86A30E696414E0A
SHA256: 07D849E9E898AFA705E57474FADFF001C9CAF9DB1D51AD8C9EB7E9A2A765D714
Referenced in post(s):
shift.1sc


simple-shellcode-generator: Python program to generate 32-bit shellcode (assembler code)
simple-shellcode-generator_V0_0_1.zip (https)
MD5: 3A6D00C6EBC1F20589C952817174653E
SHA256: FEFD4059810DA7855CC3CBC6A198FD75607C4F7B7B2F71817689E1520B454C58
Referenced in post(s):
simple-shellcode-generator.py


SimpleEncoder: 010 Editor Script to encode current selection by shifting characters
SimpleEncoder_V1_0.zip (https)
MD5: 02C7BA20D8BF9EB965B3957BE8D26094
SHA256: 7C98B404F49F5E22A8A052AB4E100BF4ABCE37F39518293FC697D21C1D36A4F3
Referenced in post(s):
New Tool: SimpleEncoder


snort-rules-V0_0_1.zip (https)
MD5: 526AAC1CE1E8576633498223DFA07E3D
SHA256: 7694E4E884E12068BC2A32714D3B0C48060B12C80E4093AFB6B1563E2EDA5E8D
Referenced in post(s):
Detecting Network Traffic from Metasploit’s Meterpreter Reverse HTTP Module


split: Split a text file into X number of files (2 by default)
split_V0_0_1.zip (https)
MD5: 49C0A77DA89376541073D09E010F7375
SHA256: 09D50C104AA4A32D963EB4254F48520ADB94A43BFF08FF68F8ADBA3C0ECC896A
Referenced in post(s):
split.py


ssltest.zip (https)
MD5: 1B50D6A10637BB6472ED541733BBE68D
SHA256: DA744643CF06645DA9C27A7DD62853E15123D7481AE5D6776E6393A6312847E1
Referenced in post(s):
Heartbleed: Testing From a Cisco IOS Router – ssltest.tcl


strings: Strings command in Python
strings_V0_0_3.zip (https)
MD5: DE008589A0B4B3C33B52BE3A171EB14D
SHA256: 9EBA69933B44DF41F4B51EE45B510E15FA85BCB38AD4CE45C863E8BBDAFED489
Referenced in post(s):
Release: strings.py


Suspender: DLL that suspends its host process
Suspender_V0_0_0_3.zip (https)
MD5: C87FCAB2586C6154B58FB0F95FBB1FBE
SHA256: 56D0C641569E99AC31C7590DE513025E21166747565B73C5EBE34346616FFB2F
Referenced in post(s):
Suspender.dll

Suspender_V0_0_0_4.zip (https)
MD5: 629255337FE0CA9F631B1A7177D158F0
SHA256: 8E63152620541314926878D01469E2E922298C147740BDEAF7FC6B70EB9305EF
Referenced in post(s):
Update: Suspender V0.0.0.4


TaskManager: Windows Task Manager written in Excel/VBA
TaskManager_V0_0_1.zip (https)
MD5: A0A7584C83F4DD85F57F8511E332893B
SHA256: A0A128DA6297968CB2F434628AD4F045E14EBDC8AE3B05DD3D0F21CC954C13CE
Referenced in post(s):
TaskManager.xls

TaskManager_V0_0_3.zip (https)
MD5: BF40B4317C7E04E1F65B8CEE55ED3A7A
SHA256: 0D48C2E6986F1DD8FA3A0671A1A53F0FC489923701963031FDC4FA516603EEC1
Referenced in post(s):
Update: TaskManager.xls Version 0.0.3

TaskManager_V0_1_0.zip (https)
MD5: 5ED2AB6036CA94FAC7DEE5352718D07C
SHA256: EBCF4832C4DBAB0AFE778E19423EBB56CA4644DA1FDB5B2EB1BB4C27A26DB18C
Referenced in post(s):
TaskManager Runs on 64-bit Excel

TaskManager_V0_1_1.zip (https)
MD5: 57D0ED69E034872DE7DF217DD491B732
SHA256: 08FD64B90E34150BD48A54904F04905D84249E7042BF31E6A5AA642B2B855D91
Referenced in post(s):
Signed TaskManager

TaskManager_V0_1_2.zip (https)
MD5: DEDB20DA6EE1A622DD3C234D07F5FE08
SHA256: 23EC10C7206BA43B56EF185E7C18EF528FD551FC0B34FFF9E4E183C37A114FF8
Referenced in post(s):
Update: TaskManager.xls V0.1.2

TaskManager_V0_1_3.zip (https)
MD5: 38DED14A7A468923C3552A6135CC570C
SHA256: CABD1F73C8D069A85EA439D7AFF736723B5759A6ED929FB3F21A4ADD3D0605BC
Referenced in post(s):
Update: TaskManager.xls V0.1.3 Killer Shellcode

TaskManager_V0_1_4.zip (https)
MD5: FBB30486CF0E7A1BEB7342EF4672DE52
SHA256: 30779E09B5B0D1D1AFE9C33B12EDD0982E775A9FA0B0D2A1189835004750FB5F
Referenced in post(s):
Update & Split: TaskManager.xls Version 0.1.4

TaskManagerSC_V0_1_4.zip (https)
MD5: 61C6657B2E36F3240A67960BCA413E56
SHA256: FAAB1044318A1EB6FEA09109ABDD982CDFFAEE54DC1C81D3416CC2A69DEEEC70
Referenced in post(s):
Update & Split: TaskManager.xls Version 0.1.4


TestIntegrityCheckFlag: Test program for Using DLLCHARACTERISTICS’ FORCE_INTEGRITY Flag blogpost
TestIntegrityCheckFlag.zip (https)
MD5: 7F6E9A0B0440BE80F2287AE4C30A5176
SHA256: 2E60E121C5AE9AFDAA7595E0A2177D65A1F08D39ADA4F1E14605749DEE22B3CE
Referenced in post(s):
Using DLLCHARACTERISTICS’ FORCE_INTEGRITY Flag


translate: Python script to perform bitwise operations on files (like XOR, ROL/ROR, …)
translate.zip (https)
MD5: B76FF05E3CB8015F716AC6BF0111BC5A
SHA256: F715854D5C0C7E280515B0A3496B8020C4170288BFA9930FDE58C380F2FB6670

translate_v2_0_0.zip (https)
MD5: 31739EEE90E303A8DA5A995344BA6F5B
SHA256: CFB11380C4193E91D7843F195D9EA086A59829F9CF3DF4016C12ACE8378B052C

translate_v2_1_0.zip (https)
MD5: AF8B1FB7A48AFC519F7656763A95980C
SHA256: 6C65ABE811263E1F687DEDB0A1064C141FFEEA5105BE3C925972BC0B9CE73FC0
Referenced in post(s):
Update: translate.py V2.1.0

translate_v2_2_0.zip (https)
MD5: D561D9987A3E5264E40A4B5C4057A732
SHA256: BC532BD5C7DD86DCADDF7B7B9A34453E983E226E103E0591E7D480BB43C350E0
Referenced in post(s):
Update: translate.py Version 2.2.0 for Locky JavaScript Deobfuscation

translate_v2_3_0.zip (https)
MD5: 3C21675A2792DCBAF2EB0222C3D14450
SHA256: B51D4D47213AE7E79E3C9D157F5FC8E26C41AB9A5F3A26CD589F588C03910F2A
Referenced in post(s):
Update translate.py Version 2.3.0

translate_v2_3_1.zip (https)
MD5: A3C30A3534DC96B28C1C18B425E2A82D
SHA256: BBD24406BC3038620807E8C4116B325BE6124BE92D041173A8E4BAB56D06C7E2
Referenced in post(s):
Update: translate.py Version 2.3.1

translate_v2_4_0.zip (https)
MD5: B33830C68D8A8A7534AF178243658E70
SHA256: A01AB10FCE42664869C4E31DB1AB2E1E0237172D0AE9685549A09BF866D7F885
Referenced in post(s):
Update: translate.py Version 2.4.0

translate_v2_5_0.zip (https)
MD5: 768F895537F977EF858B4D82E0E4387C
SHA256: 5451BF8A58A04547BF1D328FC09EE8B5595C1247518115F439FC720A3436519F
Referenced in post(s):
Update: translate.py Version 2.5.0

translate_v2_5_1.zip (https)
MD5: A73F9E76A3471C5DD48BBC69AA52EF90
SHA256: 9E47D27A6509EFD210F6F23DC19D644E61DEAEF82466254185B4DD9931B9029F

translate_v2_5_2.zip (https)
MD5: 1499C7D9C03928F2CE90BAA813A982DA
SHA256: 34451966781CA9821CD66AEF54379A3B47576CD4FCE8CBEFD9EFA3DA06E49CE9
Referenced in post(s):
Update: translate.py Version 2.5.2

translate_v2_5_3.zip (https)
MD5: F3C01FCA74A84F1712BAF187E9FE479F
SHA256: 4CA311456EDE5A43097D4E567F225CFF2A68D47B96A261FC935F2A0F1CD4EB0F
Referenced in post(s):
Update: translate.py Version 2.5.3

translate_v2_5_4.zip (https)
MD5: C07B37F7AFA0386315843E6A493721C1
SHA256: A2203C643FC8BC64A98DCA3EE1F9444BE16F5D5C2036AC0200A6BA657786C5EC
Referenced in post(s):
Update: translate.py Version 2.5.4

translate_v2_5_5.zip (https)
MD5: 0BBB0E7E569BCB08D5A9278C974A3EE6
SHA256: 78E0BAC87DF47D06BB9C351FBF3CA623EE10B3993E071E7C9A0C9C4DB0FFF1D4
Referenced in post(s):
Update: translate.py Version 2.5.5

translate_v2_5_6.zip (https)
MD5: 9615167810202129C0CFC3D5125CC354
SHA256: F926E474B966790A1077B76C029F912100128C4F1CE848781C14DF4B628395D7
Referenced in post(s):
Translate
Update: translate.py Version 2.5.6


ultraedit_scripts: Collection of UltraEdit scripts
ultraedit_scripts_v0_0_1.zip (https)
MD5: C218BF518291499600B7B769AD3D14EE
SHA256: CE8FAFF9F7708B6CF596EE455735656F902C5DC99A47EB8AA35F217E6E03656C
Referenced in post(s):
UltraEdit Scripts

ultraedit_scripts_v0_0_2.zip (https)
MD5: 41AAAFEE0A7E5BAC98B754A57222C656
SHA256: 3977077CF09219E303A8F2E8FD8F6BD7784889EAA5EBBD502D3E84ACE195264B


UndeletableSafebootKey: Tool to generate an undeletable Safeboot registry key
UndeletableSafebootKey_V0_0_0_1.zip (https)
MD5: 2FAC291AD547657E31B157B8581D4601
SHA256: 7A1E42A57BBF8E804491318671AE992947C82DCC9C2001E3033B45E4AEAB2DDE
Referenced in post(s):
The Undeletable SafeBoot Key


USBVirusScan: Launch a program, like an AV scanner, each time USB removable storage is plugged-in
USBVirusScan_V1_0_0.zip (https)
MD5: CAC7ACD6F91C35BD5A4FBD9C3CFE92EC
SHA256: BBF6A971D55FF6A5A410C29E0A65E6D53F14F607C528BEDB39C14B90CB0C0CCE
Referenced in post(s):
USBVirusScan

USBVirusScan_V1_1_0.zip (https)
MD5: AEC062146B3CF589DDE43FB912A5C6C2
SHA256: 2DDA12E79B05762A8512F27CA2D706E0807BD3542ED6D9D05BE202B764739E5E

USBVirusScan_V1_2_0.zip (https)
MD5: 9E9BAD87B7A16A16597A6EAB6735DB11
SHA256: 629193F33D52281CC073CAAEE0BD77D42CE0863A1E92618636F3DE9A490443F7

USBVirusScan_V1_3_0.zip (https)
MD5: 603F5716EFA4AED4E874353767D32B79
SHA256: 88357BABAE2B19B37EA7C59E56A0230F0F88729DC9A709542538669856411C19

USBVirusScan_V1_4_0.zip (https)
MD5: DB12C83F3ABB8BF56AA21B34E36302B2
SHA256: FC0B850E8F7B5BAED18D10CC09290BBD6FE4E23437C4BE8BD2FE24B9FC7FDBCE

USBVirusScan_V1_5_0.zip (https)
MD5: 93CA837B23F8428CB7C6E93A5B0658EC
SHA256: 5BD2CAEC35FC6B58DF84C79AFEF62E8B8A3BF6F39E2674DCA795E40C61B193A7

USBVirusScan_V1_6_1.zip (https)
MD5: 66F4B177F43ACA511B39E06F3D9EBE84
SHA256: 4618247B522294CF0D6543006892E687A2E1E42C1481648EA829B88E1F58698E

USBVirusScan_V1_7_0.zip (https)
MD5: 84FCDF8FF85378425A3E3F532B7E62F7
SHA256: 26C7C9346AA3B5EB90BE4962CA7CC1EAA39902528D4C954290EBA36DC3122180

USBVirusScan_V1_7_1.zip (https)
MD5: A1BB3B6B92F435F12EB0C1AADA39A401
SHA256: BC79AEDB98A4DBA0AABC13C1448BF2D44B911C6AACC91CC7E1C3CF66656ABFCB

USBVirusScan_V1_7_2.zip (https)
MD5: BDEF7BAE13C10B2B6CD650A89FD910ED
SHA256: 0090C73D6A3725E75C3388387A7A9E869C5D6BEA83E0D4D612E1CB25458163F3
Referenced in post(s):
Update: USBVirusScan 1.7.2

USBVirusScan_V1_7_3.zip (https)
MD5: 82A6A55D377D4DD5A200392C4117E39C
SHA256: 13C1FE0DF02D600352A329D4866F76AF60BD837F50930013D2D98D5781348621

USBVirusScan_V1_7_4.zip (https)
MD5: D6893EBD33FFD13C08C32B05DCD534C9
SHA256: C8187C36CBF0F46AD2D999F4EA32E9E18EE05BE9A16D9589C12E3BF91DF0FB30

USBVirusScan_V1_7_5.zip (https)
MD5: 614F200C34C56C4E9FF44506B2776633
SHA256: F5525276A647747336106683D2E7DD17CDDF0E8D6580D15C0299931215954CCA
Referenced in post(s):
USBVirusScan


UserAssist: Decode the UserAssist registry data
UserAssist.cab (https)
MD5: DE9D576C0F5FF8D33E039A5064BD8AFF
SHA256: C2417FDA1FE76B12D54366941CB2765AB7825F78AEDF0221C20B262010EAF2CF
Referenced in post(s):
A Windows Live CD plugin for my UserAssist utility

UserAssist_V2_3_0.zip (https)
MD5: DAB8BC639839A0CC5328BFE83B1105E6
SHA256: 887227ECBA99AE6D35FADDD549755DFF77A76C9AD24AEE806188D441B4A0C53A

UserAssist_V2_4_0.zip (https)
MD5: 3DA55E23088F07641914E55099913FD4
SHA256: FD10329BE02AFE504C1407EA5A7E28982BBC81C135FBF2208A1DA1DC66BFA3BD

UserAssist_V2_4_1.zip (https)
MD5: 306AE2A04B4B81EAEDE7FD37FDDBB9A5
SHA256: 1FE21D7F77D82B624BB41CB34BE8B7341BC267292DFD6F2DAB9B4A1D2B0D2539

UserAssist_V2_4_2.zip (https)
MD5: C576E0A3F3C1999640D20C03AF815578
SHA256: B314140BEC313A227EF229F94BFE1ACA3D7308D29D7814439E51B3EBD571D1B4

UserAssist_V2_4_3.zip (https)
MD5: A5244C7F83E0DE70600E27F5D3B8AD7D
SHA256: 7E2D107BE84FBBF7E79F1BD11703401A374B5138B2F77E4FF8AFE1A3E749CCDA
Referenced in post(s):
Update: UserAssist Tool Version 2.4.3

UserAssist_V2_6_0.zip (https)
MD5: 04107FE15FC676B7A701760C9C6D2F81
SHA256: F6F73F4E00905A7727ED4136DE875DD1FBCF4B90FFEE4B93D4A46E58C0314D45
Referenced in post(s):
UserAssist
UserAssist Windows 2000 Thru Windows 8

UserAssistWindows7LaunchParty.zip (https)
MD5: 2921432E1DC65C3A4D12F738372A02BE
SHA256: EB7ED7052F194B19B73E697467A1FE25D1DDF1D58F16CED60EC711EC97797667
Referenced in post(s):
A Windows 7 Launch Party Trick!


virtualwill: HTML program to store your will
virtualwill.html (https)
MD5: C5DA37020D74F96F4D3762C9557CD15C
SHA256: 59789A484F46072CE23C57005B81F487901DA6F2B5C80B018DE6C25A07EE26C0
Referenced in post(s):
The Ultimate Disaster Recovery Plan


VirusAlert: C# PoC program that monitors the event log for virus alerts and displays customized messages for the user
VirusAlert.zip (https)
MD5: 2812C7377C9A6D185DE2F3D0B004FCC9
SHA256: 20255CEBC3341F4E28C5ABC75D388291CB5DD270109A04F35B95F5140E170BD2
Referenced in post(s):
Customized Anti-Virus alert messages


virustotal-search: Search VirusTotal for provided hashes
virustotal-search_V0_0_1.zip (https)
MD5: 0F3A1E18C79DFDB143CCC2F860E2C4B2
SHA256: BD213BBC55A9048DBB7B890209E2831EF81049B45ABE9091E01F0692F4F23283

virustotal-search_V0_0_2.zip (https)
MD5: 0D3C70213DD59CC935ED999A038237D6
SHA256: 83DBC2428901CA2AE308D6A2863EB3B0FDC170C3F0801FC755FF4EA7AAE5ADE1
Referenced in post(s):
Searching With VirusTotal

virustotal-search_V0_0_3.zip (https)
MD5: 89D48483B8CF48A11A26314CC3A7631C
SHA256: A66A264A772CB9AEE356E1CF902E93FCA8CDE77233A09DB4999BCF15FA45EDF9
Referenced in post(s):
Update: virustotal-search

virustotal-search_V0_0_8.zip (https)
MD5: 011C88A9C9026A32DA473187A64E880C
SHA256: 30711202BB0CD01A17AFA7BB8BBFE1545B6A840BDB91D83C7753300EF7E71A8F
Referenced in post(s):
VirusTotal: Searching And Submitting

virustotal-search_V0_0_9.zip (https)
MD5: FECD02796889CDFE9FA67287F2DE567C
SHA256: 0CE06CBAFC6341835EB8A62377F5C4EB067747EE28E7ED8BB25FD69A4B99FA97
Referenced in post(s):
Update: virustotal-search.py

virustotal-search_V0_1_0.zip (https)
MD5: 0141D3677F759317034C416EBF9FF30D
SHA256: FE07859C3FA09DA120D3104FF982AF0D78ADFCF099A10E46E254823502DF4EE4
Referenced in post(s):
4 Times Faster virustotal-search.py

virustotal-search_V0_1_1.zip (https)
MD5: 67571F6926D0D652FD5E39019A503DB5
SHA256: E576E67AB3F91625942B93B106E94EFEFE769B4F19A3CD8BA1E1D506786F658F

virustotal-search_V0_1_2.zip (https)
MD5: 62C8031738E6E20FEC38337010496DF6
SHA256: 317AF862A62CF78FC58604EDB77AA3C00EC1543D2337EC634749C25CC5E4908C
Referenced in post(s):
Update: virustotal-search Version 0.1.2 Daily Quota Handling and CVEs

virustotal-search_V0_1_3.zip (https)
MD5: 6D93F6CCE56AA74C830D66F9AE2E88C0
SHA256: 09D3BA6BCE1A69E8292AD0D44FB216FBCBF5686EA3C64DCD5FC877E91D4141F4
Referenced in post(s):
Update: virustotal-search.py Version 0.1.3

virustotal-search_V0_1_4.zip (https)
MD5: 867D6272792965D11317BFB6308E20A9
SHA256: 8C033B3C46767590C54C191AEEDC0162B3B8CCDE0D7B75841A6552CA9DE76044
Referenced in post(s):
VirusTotal Tools
Update: virustotal-search.py Version 0.1.4


virustotal-submit: Submit files to VirusTotal for scanning
virustotal-submit_V0_0_1.zip (https)
MD5: 8793C3276822DDE36BA0804D3390AD4D
SHA256: F17B9EEC408833039AE63FCED9F6114F99AADFBE9D547AE88B2C3A6E54AE91B4
Referenced in post(s):
VirusTotal: Searching And Submitting

virustotal-submit_V0_0_2.zip (https)
MD5: 1152A8507FE7A668DCDF5C44DEAD11DF
SHA256: D5A4E5C3E80F98D4A82A128D8C9DBA395C2B9CDFE9F37E2B0882904D47673CE5
Referenced in post(s):
Bugfix virustotal-submit.py Version 0.0.2

virustotal-submit_V0_0_3.zip (https)
MD5: 3F9F5421F711E2930AB6F80D87DF9E2B
SHA256: 37CCE3E8469DE097912CB23BAC6B909C9C7F5A5CEE09C9279D32BDB9D6E23BCC
Referenced in post(s):
VirusTotal Tools
Update: virustotal-submit.py V0.0.3


vs: Python program to take surveillance pictures from IP-cameras
vs_v0_2.zip (https)
MD5: DB806B49705D544F4B928A8F76622125
SHA256: 042FA2CE1F5AEBD433D59B9D4755783E6CE58014FE59086C6A2A8E8781C63B45
Referenced in post(s):
Quickpost: More Picture-Taking with Python

vs_v0_4.zip (https)
MD5: A2AFAD9E581798F1D986A0AE9DF64577
SHA256: C3AC4892A71DF79E3BA87714CB6323D157C7E74C838EDE81013C96DD4EAD0238
Referenced in post(s):
Update: vs.py

vs_v0_5.zip (https)
MD5: 83B6DE93E6E26B510E2FBC80C0FF3C17
SHA256: DE3D4DC8D00692BE57F4A8B0A13BB4E3FAE9564ECE444EA04A890B65EED2D538
Referenced in post(s):
Update: vs.py Version 0.5


what-is-new: Tool to monitor new items
what-is-new_V0_0_1.zip (https)
MD5: 02067A60EA2EBEE29E98CAF31CEDDF37
SHA256: A4499A230D1925C164531A68C0E8F4FE016882A44D6EDBFF9F4D7BFFA29D14A4
Referenced in post(s):
New Tool: What Is New?


whoami: Firefox addon to identify your profile
whoami_-0.1.0-fx.zip (https)
MD5: A786464D84C4AFD09FB76467EE8AB27C
SHA256: 735B7B883ED673C3FDD439E9B3B61714ED742250B7AA43AA9CDA123CD8C4A7EC

whoami_-0.1.1-fx.zip (https)
MD5: BFFA2F2518146347D2067BFAA002D523
SHA256: FA90B8B4F3AB2A8CD34A2978C6C042D74BE24DC99B88840BA892DC21FC7FF90F
Referenced in post(s):
WhoAmI? Firefox Extension

whoami_-0.1.2-fx-puzzle.zip (https)
MD5: 2D68D7782B0D2249C10B5BE9AEBD9A51
SHA256: 7D9CEFEB78B6E028CE153CAF42A0D128CA8352B60886E799BF3963E1A217113F
Referenced in post(s):
A New Version of WhoAmI? and Another Little Puzzle

whoami_-0.1.2-fx.zip (https)
MD5: 0A366D2D56FC93F3A3314C09732E2377
SHA256: C53FF78CBD84F7F4E7F302D95F094456F3D20E8681B0394CA261A066265B202D
Referenced in post(s):
A New Version of WhoAmI? and Another Little Puzzle

whoami_-0.1.3-fx.zip (https)
MD5: 624548E28B6AADB6E4E7F2CA35CA62DC
SHA256: BB3BFEFBBBD3AD5CDB2698375579DEF171433EE31DB661174F6475A4DEC5B181
Referenced in post(s):
Update: WhoAmI? Version 0.1.3

whoami_-0.1.4-fx.zip (https)
MD5: 7FFB2092549079A111C09A7E4A5EFE10
SHA256: CF9EAD524AEE04F1AD8F9893CF9DC558D03FABC25875B6BB52CAC567E3C1465E


wireshark-export_v0_0_1.zip (https)
MD5: B339EFD0898B6506CBEAAFCBCE08B3A6
SHA256: 557B39246FAC3BD91CE24EAD3DF07F8B68100778241393A26C67A566756C404B
Referenced in post(s):
Wireshark-export


wireshark-lua-dissectors_V0_0_1.zip (https)
MD5: F1F9F1E70CDC5B9931D6086E633698BB
SHA256: B608A83409F2EB3D15155845D4DA5473230DCD970A18AB3DCD28A7C4211478D0


wireshark-lua-dissectors_V0_0_2.zip (https)
MD5: 0C4891A9F6E7CEB809C98439D227A6DC
SHA256: D5470327788FD31DDC8067C86AE1A78262010399058963E3187DD1AB6C4F4DEE


wireshark-lua-dissectors_V0_0_3.zip (https)
MD5: 73F9BB860F2204DBDE7FF3A7E5CA413F
SHA256: 900A21C862973294AB25A8966299386BD058A352CEA21CA97BA546DA12964465
Referenced in post(s):
TCP Flags for Wireshark


wireshark-tools-v0_0_1.zip (https)
MD5: 30232A81CBD0DEE275C2A3CDAF7E333C
SHA256: E45CE8AF5417A8A1C857FDF84F2FD92860738CF2E723A64A730F606D2C495064
Referenced in post(s):
The Credentials Listener


wireshark-tools-v0_0_2.zip (https)
MD5: 0099A5AA5CBBF0789BCA2FCD9468153D
SHA256: 2C367B872E3DBEAAA58F85D424F8342AB67B20FAF5E63159B4E958B2BFD166D8


WMFTemplate: 010 Editor Template for WMF file format
WMFTemplate.zip (https)
MD5: F3B1480744EDED9A07DE060EE04B3F33
SHA256: 9F441E5E37A93F36222307902FE167DA3D0C11EFCC63D30528928053D4798082
Referenced in post(s):
Analyzing a Suspect WMF File


wmi-sc: WMI script for Security Center data
wmi-sc.zip (https)
MD5: 116274B40CDC5E82D9B5C7A9FFF24F2B
SHA256: 6994694B622C047DFE25EED0022CECAE235BEB4CED3E2981965721568DC0C8D3
Referenced in post(s):
Windows Security Center: Under the Hood


wsrradial: wi-spy radial WiFi plotting tool
wsrradial.zip (https)
MD5: 1BFAEC5138F76AE567BE460B1267E8BC
SHA256: B3BFEF73628388E58E13DC1E1D7BED1AED3204F03AAF3A2175F2C863E6D83FF2
Referenced in post(s):
wsrradial


wsrtool: wi-spy wsr files tool
wsrtool.zip (https)
MD5: 2781D0ED2EF6A490C5C8A857E4FD4350
SHA256: 3B2E076EBA9E73EAF8E7D70C1B155E087D9642822AD4C48FE9A82282D9CFAC3A
Referenced in post(s):
wsrtool

wsrtool_v0_2.zip (https)
MD5: 812ED5DA71AFEB55627540CB69657FF5
SHA256: 0FB288F02452D0927F9D8C36A4FADA89B4125852CBE6D0EB6FF7ED89D66F83EE
Referenced in post(s):
Update: wsrtool


xmldump: This is essentially a wrapper for xml.etree.ElementTree
xmldump_V0_0_1.zip (https)
MD5: 23D5643E45B97D6AE641DF6CAFA79370
SHA256: A999F2297EE44FAABCA5A025DAEC7E84CB30D34C68F181357BA439EBFE38A660
Referenced in post(s):
New Tool: xmldump.py

xmldump_V0_0_2.zip (https)
MD5: 8ABFA4FFE259F61B7C42B2D19EADD8CB
SHA256: 0A8B94EE8C77B404A507F4BEA4C5464146F3745A1FA9017ED3DCE8D7C2D18C15
Referenced in post(s):
Update: xmldump.py Version 0.0.2

xmldump_V0_0_3.zip (https)
MD5: 70D67100DDD30F6178C3E06B7CE97329
SHA256: C0A3199EA69494962CAC6EC3BA3AD47130BE5BB3D9D7D330579856AC9C314BF0
Referenced in post(s):
Update: xmldump.py Version 0.0.3


xor-kpa: XOR known-plaintext attack
xor-kpa_V0_0_1.zip (https)
MD5: 4265BB1AFCD470A98070FFBDFCB1B52A
SHA256: CF41CEDE7281459FA47061B366AA9B4A5F579CC9BA46E73098B52EA8CAB6E816
Referenced in post(s):
XOR Known-Plaintext Attack

xor-kpa_V0_0_2.zip (https)
MD5: CA4DB797A7C12E3E81F55D9634EE77BF
SHA256: 76344E06A2C1F121D4CDD1B063DC109E59B9D2351BA5CFDDEE8613DCD220283B
Referenced in post(s):
Update: xor-kpa.py Version 0.0.2

xor-kpa_V0_0_3.zip (https)
MD5: 228B9DE1D3005F75190113369A91E1D4
SHA256: A30C20668BA0939DD936BB2706AEC636E5260EFB0B0F16F4770F9B1B59E780A9
Referenced in post(s):
Update: xor-kpa.py Version 0.0.3 With Man Page

xor-kpa_V0_0_4.zip (https)
MD5: FCE75B6125104D8AFC56A67B65FF75C0
SHA256: 3DCCA479D4C8CAC9B248B24F799184A69D0F10403593CB002248DD35CCE60FD4
Referenced in post(s):
Update: xor-kpa.py Version 0.0.4

xor-kpa_V0_0_5.zip (https)
MD5: 023D8E3725E0EF7CEC449085AA96BB3A
SHA256: 7517DD44AFBFA11122FD940D76878482F50B7A2A2BCD1D7A2AF030F6CAC4F4E3
Referenced in post(s):
Update: xor-kpa.py Version 0.0.5


XORSearch: Bruteforce a file for XOR, ROL, ROT, SHIFT, … encoding and search for a string
XORSearch_V1_0.zip (https)
MD5: 3BECC4447C7318E4122503AD20606E93
SHA256: E6A52997C5AE7F2DBF32D1400FE4726314B0D9E2A369932FE46C5542EDB98B87

XORSearch_V1_10_0.zip (https)
MD5: 23809A03C63914B0742B7F75B73E1597
SHA256: 97BFBC5E8C59F60E10ABDA2D65DF4200B10BE14662D4A447797B341C9AAE17D8
Referenced in post(s):
XORSearch: Finding Embedded Executables

XORSearch_V1_11_0.zip (https)
MD5: 7313A198033C0A1F69B79F96894462C7
SHA256: 1700D037D7A9902108F3986D75A9BA250ACBD96E38CC43C5B4BC1FB90761B320
Referenced in post(s):
Update: XORSearch With Shellcode Detector

XORSearch_V1_11_1.zip (https)
MD5: D5EA1E30B2C2C7FEBE7AE7AD6E826BF5
SHA256: 15E9AAE87E7F25CF7966CDF0F8DFCB2648099585D08EAD522737E72C5FACA50A
Referenced in post(s):
XORSearch: Hexdump Support

XORSearch_V1_11_2.zip (https)
MD5: 2B76F6C730BAC6324E92A731F42FEB74
SHA256: 4206B843AC2B9417A85A4B5381023EC4613C5B5095A6A0A19A072C21C66DE93F
Referenced in post(s):
XORSearch & XORStrings
Update: XORSearch Version 1.11.2

XORSearch_V1_1_0.zip (https)
MD5: 6783AE78ECCE5FEBA3FF6128D0BB0FA8
SHA256: 819CC5BF930059EB8A19C95C6C5BE8EC5722BBC79A843DA8D198603B23FB09BE

XORSearch_V1_2_0.zip (https)
MD5: F4AECC366048AA429A1FE1E6EA220C8E
SHA256: 04AACEED17AFA98283110BDE49B6A72988BCE0E2328575F37253DB3958E03AD2

XORSearch_V1_3_0.zip (https)
MD5: 0A1F5DD50924E574A6624DF872A98C78
SHA256: FFC7E2D48512DB0BD2F13A0074E374E1BFE658A620A40E38FC451E07C9F7807C

XORSearch_V1_4_0.zip (https)
MD5: AA04084644BD49174CDD41020E16396E
SHA256: 6E41A34C1867F78FC28533FFBDC793AD46C5F927088CBF9828D9A774BB2D7986

XORSearch_V1_6_0.zip (https)
MD5: F672F95F49DD72ECCF93D1779BB0EBCC
SHA256: B2D0E60C5A04164E176A3B3CA8C91631FFE145D3E4DFE0118C091262626B6242

XORSearch_V1_7_0.zip (https)
MD5: EA4C659568720CE69EC5DF6EA5688C3F
SHA256: E14584DE3ECE565CFCA2D1D193E6F6DCD0348FE6C80F949784CF3F4F56191E69

XORSearch_V1_8_0.zip (https)
MD5: 0C252EDEBC85D8F0F9DDB8D1AA11E12E
SHA256: C193D8275C80BE64D7734D8464C7F7F4AA394A983BC4939D531DD488E8550E66

XORSearch_V1_9_0.zip (https)
MD5: 6DA3B4ADD5187067D26FEBFD341502CA
SHA256: DC9283222D68696E67ED7D8BCBFD043F1ABF2B67C8DB8E9B29072948EFD3890D

XORSearch_V1_9_1.zip (https)
MD5: A2B82226E7B5D38BEF0981A815A96864
SHA256: BD6D9A88E673119D37A52D2F224A12B2F7CCABC1EB84D1F75CA3DE1D172E6DEB

XORSearch_V1_9_2.zip (https)
MD5: BF1AC6CAA325B6D1AF339B45782B8623
SHA256: 90793BEB9D429EF40458AE224117A90E6C4282DD1C9B0456E7E7148165B8EF32
Referenced in post(s):
Update: XORSearch Version 1.9.2


XORSelection: 010 Editor Script to encode current selection with XOR
XORSelection_V3_0.zip (https)
MD5: EAF49C31C20F52DDEF74C1B50DC4EFA1
SHA256: 755913C46F8620E6865337F621FC46EA416893E28A4193E42228767D9BD7804A
Referenced in post(s):
XORSelection.1sc

XORSelection_V4_0.zip (https)
MD5: 1B3DB8C8DA51224DDE7CA0E4BDAAC945
SHA256: 22E60E10BC99BD24A408C12CC674858DB6F318088CD34B7C70782833401AACF2
Referenced in post(s):
Update: XORSelection.1sc Version 4.0


XORStrings: Bruteforce a file for XOR, ROL, ROT, SHIFT, … encoding and dump strings
XORStrings_V0_0_1.zip (https)
MD5: 27DA0B3BC5296179CB58181BDFF99F8D
SHA256: 5EA7E063A41E38E9E6277F1CD73FCEA2AEF50C33C44D75C226900314FF84A1B5
Referenced in post(s):
XORSearch & XORStrings
New Tool: XORStrings


yara-rules-V0.0.1.zip (https)
MD5: 4D869BD838E662E050BBFCB0B89732E4
SHA256: 0CA778EAD97FF43CF7961E3C17A88B77E8782D082CE170FC779543D67B58FC72
Referenced in post(s):
YARA Rules


yara-rules-V0.0.2.zip (https)
MD5: 701B40BB29D8D05EB0C76DFD4F48F9F5
SHA256: E040D142B091FD41640431FF692D924BD7C74AA42D348A6BD2C510B4C3A1698D


yara-rules-V0.0.3.zip (https)
MD5: EC51148410A3581320C51D6038B2C892
SHA256: 3E7A2AA90B0E4E851D58D4E8B69176C2903ACDD6B181A07EE51E2D13B96AC788


yara-rules-V0.0.4.zip (https)
MD5: 0B56680932AE24B57FCA998FBC60A0D4
SHA256: 369B0E9A51976FE4F08F7FA08834889B81216E97720307BDBAAF0F68E4E83211


yara-rules-V0.0.5.zip (https)
MD5: 298EB636B3A3CB6A073815A83A6D1BA6
SHA256: EA00D044A3A0FE29265817407E382034593E0DAAD9887416E7FC128DA24B8830
Referenced in post(s):
Update: YARA Rule JPEG_EXIF_Contains_eval


yara-rules-V0.0.6.zip (https)
MD5: 01CB37759AC30EEA8D2B66226609C73E
SHA256: 1B56C1D7D0E1A8F500674B74F93F3E7DE6B2EFC85259ABE3A57F1DCA458CCFF8
Referenced in post(s):
YARA Rule To Detect VBE Scripts


yara-rules-V0.0.7.zip (https)
MD5: F290FEB72CAA3D8305E649CBA8A6DB6A
SHA256: F72EEA1209EF77EBFD67615DEE366E5E2D76A4D7DE010E59DC4914D844734F4E


yara-rules-V0.0.8.zip (https)
MD5: 83D10B0A18D3F8E2C744B8FEA10F5E67
SHA256: 2D47165757F909440F6D1A95FF5C0EA1355B355AE7475D2A0CF821D3B9A6235A
Referenced in post(s):
YARA Rules
New YARA Rule: PE_File_pyinstaller


zipdump: ZIP dump utility
zipdump_v0_0_1.zip (https)
MD5: 72594B985FDBE326C6852D9E34DFFA73
SHA256: 7BD6377885A218D691077C837BBCB33B0DC3BA1C673495EF6CE8A5C5C5E8E8AB

zipdump_v0_0_10.zip (https)
MD5: 71B2483D24C4258DD34406CC433A3AF0
SHA256: 1259ABC36FDC13A2738D9C38549AB95A83D5039190ADAF44590E07AF6785BF7A
Referenced in post(s):
Update: zipdump.py Version 0.0.10

zipdump_v0_0_11.zip (https)
MD5: E97E0191757230D2C7F9109B91636BF7
SHA256: 6640F971F61F7915D89388D3072854C00C81C47476A96CAC7BE6740DA348467B
Referenced in post(s):
Update:zipdump.py Version 0.0.11

zipdump_v0_0_12.zip (https)
MD5: 7110FB8B873BFDCF10E4A1C2AB89ACC2
SHA256: EA2D852C132DEF7947EBA0FFDB3E4CC8C69032413D36E67BBB3F943FA7B44B18
Referenced in post(s):
Update: zipdump.py Version 0.0.12

zipdump_v0_0_13.zip (https)
MD5: 264D32D0DC863FC29FED161D4A73560F
SHA256: 14D11D5244973A484E5754F20747D4B544C228AC951C885FE8B9FC6D26C86088
Referenced in post(s):
Update: zipdump.py Version 0.0.13

zipdump_v0_0_14.zip (https)
MD5: FB7D1A9F90E8453DF7F3154EC52AF4E7
SHA256: ADFF99677DB512A27EBDEBBAC77FA08FFF8B180EF620CB6F9725C06511FC38BF
Referenced in post(s):
Update: zipdump.py Version 0.0.14

zipdump_v0_0_15.zip (https)
MD5: 148D49FC54477C12EBB620FDCEF61AA2
SHA256: DE6FE35FA281FAD9BBF8C56883212519E60FDF0BCAFB3AFBBF964E5C808CCA2D
Referenced in post(s):
Update: zipdump Version 0.0.15

zipdump_v0_0_3.zip (https)
MD5: 100E4B1E1E9F542EB244C9A0766C35FF
SHA256: A5219D7C88FF78A8D7C93B9EEF19D085F9FA92944CAE492F293164213329988F
Referenced in post(s):
Major Update For zipdump.py

zipdump_v0_0_4.zip (https)
MD5: 64EE6575309654B6671554D0A4DA50E5
SHA256: C323C0580E95F87406A72A542A7FBF5DE39EBEF7CAFC970A7C428CA1E870F9CF
Referenced in post(s):
Update: zipdump.py Version 0.0.4

zipdump_v0_0_5.zip (https)
MD5: 5F49895D3EA97A870ECB1E262A738A04
SHA256: E16CE5A426840D2804E5EF544CF334715F501D0892496D02B6C5000B18CE10BA
Referenced in post(s):
Update: zipdump.py Version 0.0.5

zipdump_v0_0_6.zip (https)
MD5: B605DEABFC5458488B6487B1E9104085
SHA256: DDC2CE94D250CBDE62AD1EBE650654E4A50C51F97CADF412B16A553242819772
Referenced in post(s):
Crack A ZIP Password, And Fly To Dubai …

zipdump_v0_0_7.zip (https)
MD5: 7B3D165B68B4E66D7EFCF54B25E08115
SHA256: DC794679CFDEA57AC532E11BC338F6823EECC26A36CB844B29EF15F93B6BA1C1
Referenced in post(s):
Update: zipdump.py Version 0.0.7

zipdump_v0_0_8.zip (https)
MD5: 51B971B57800D126B2067DC53303355A
SHA256: 095EE6000E99B9193C830B8BA11139907CB9445FD7D94D81E3F97A8B458D5D16
Referenced in post(s):
Update: zipdump.py Version 0.0.8

zipdump_v0_0_9.zip (https)
MD5: 2700AF663980204075107164AA12750A
SHA256: 5686F24373AF64E1F5D866C71B29A22CE97964EC563A2219681A6268CC9A1153
Referenced in post(s):
Update: zipdump.py Version 0.0.9


ZIPEncryptFTP: Zip files, encrypt ZIP file, upload via FTP
ZIPEncryptFTP_V1_2_1.zip (https)
MD5: 8C11212F459BF9D540F53D1213BC1323
SHA256: 90BA06D33B09F1E0150830A243FDBB052D4AD24CAC5403847A39995DDD1F6929
Referenced in post(s):
ZIPEncryptFTP

ZIPEncryptFTP_V1_2_1_Source.zip (https)
MD5: 75DC4992552A1A07F634A989D5E1436B
SHA256: A575D77D96C089CDA54E9EC2054B200B6C50830206E2498D40D9A0333A60F52C
Referenced in post(s):
ZIPEncryptFTP

Blog at WordPress.com.