Sunday 1 February 2026
Overview of Content Published in January
Here is an overview of content I published in January:
Blog posts:
SANS ISC Diary entries:
Saturday 3 January 2026
Overview of Content Published in 2025
Here is an overview of content I published in 2025:
Blog posts:
Blog posts:
- Update: strings.py Version 0.0.11
- Quickpost: Electrical Power & Mining
- Update: Python Templates Version 0.0.12
- Update: cs-decrypt-metadata.py Version?0.0.5
- Update: zoneidentifier.exe Version 0.0.2
- Update: oledump.py Version 0.0.79
- Update: 1768.py Version 0.0.23
- Update: pdfid.py Version 0.2.10
- Update: pdf-parser.py Version 0.7.11
- Update: xmldump.py Version 0.0.10
- Update: zipdump.py Version 0.0.31
- Quickpost: Electrical Power & Mining: Dissipated Heat
- Update: xorsearch.py Version 0.0.2
- Update: xorsearch.py Version 0.0.3
- Quickpost: Testing The Capacity Of My New Power Bank
- Update: xorsearch.py Version 0.0.4
- Update: basedump64.py Version 0.0.28
- Update: emldump.py Version 0.0.15
- Update: pecheck.py Version 0.7.17
- Update: rtfdump.py Version 0.0.13
- Update: zipdump.py Version 0.0.32
- Update: oledump.py Version 0.0.80
- Update: pdf-parser.py Version 0.7.2
- Update: re-search.py Version 0.0.23
- Update: xorsearch.py Version 0.0.5
- Update: myjson-filter.py Version 0.0.7
- Update: oledump.py Version 0.0.81
- Update: process-binary-file.py Version 0.0.11
- Quickpost: Airplanes & Radiation
- Update: oledump.py Version 0.0.82
- Update: myjson-filter.py Version 0.0.8
- Update: myjson-transform.py Version 0.0.2
- Update: search-for-compression.py Version 0.0.4
- Quickpost: Firefox Profiles and Multiple Instances
- Quickpost: emldump Bulk Extraction
- DSS_DEFAULT_HASH_ALGORITHMS
- Python Requirements for Didier Stevens Suite
- Quickpost: USB-C Couplers
- Update: pngdump.py Version 0.0.7
- My Fridge & My Portable Power Station
- Update: pecheck.py Version 0.7.18
- Update: search-for-compression.py 0.0.5
- Update: myjson-filter.py Version 0.0.9
- Update: virustotal-search.py Version 0.1.9
- New Tool: myipaddress.py
- Update: teeplus.py Version 0.0.2
- Quickpost: Doorbell & Condensation
- Quickpost: 12V Portable Power Station
- Update: pdf-parser.py Version 0.7.13
- Quickpost: PEP 515 ? Underscores in Numeric Literals
- Update: dnsresolver.py Version 0.0.4
- Bytes over DNS Tools
- Update: cs-parse-traffic.py Version 0.0.6
- Update: numbers-to-hex.py Version 0.0.4
- Quickpost: Power Requirements Of A Keylogger
- Quickpost: CR1225 vs CR1220
- Copy/Paste Delays In Excel Because Of Default Printer
- Quickpost: USB Electric Razor
- Quickpost: USB-C Rechargeable Batteries
- USB Trigger Boards
- Update: pecheck.py Version 0.7.19
- Using a USB-C Trigger Cable To Power An FM Radio
- Wireshark 4.4.3 Released
- Multi-OLE
- Partial ZIP File Downloads
- Crypto Wallet Scam
- Crypto Wallet Scam: Not For Free
- Reminder: 7-Zip & MoW
- Wireshark 4.4.4 Released
- Wireshark 4.4.5 Released
- Mark of the Web: Some Technical Details
- Static Analysis of GUID Encoded Shellcode
- XORsearch: Searching With Regexes
- xorsearch.py: Searching With Regexes
- Wireshark 4.4.6 Released
- xorsearch.py: “Ad Hoc YARA Rules”
- Steganography Analysis With pngdump.py
- Steganography Analysis With pngdump.py: Bitstreams
- Steganography Challenge
- Steganography Challenge: My Solution
- xorsearch.py: Python Functions
- YARA 4.5.3 Release
- Wireshark 4.4.7 Released
- Extracting With pngdump.py
- A JPEG With A Payload
- ADS & Python Tools
- Wireshark 4.4.8 Released
- WinRAR MoTW Propagation Privacy
- Wireshark 4.4.9 Released
- pdf-parser: All Streams
- BASE64 Over DNS
- Web Searches For Archives
- Wireshark 4.4.10 and 4.6.0 Released
- Kaitai Struct WebIDE
- Bytes over DNS
- Honeypot: Requests for (Code) Repositories
- Honeypot: FortiWeb CVE-2025-64446 Exploits
- SANS Holiday Hack Challenge 2025
- Finger.exe & ClickFix
- Decoding Binary Numeric Expressions
- Wireshark 4.4.1 Released
- YARA-X 1.10.0 Release: Fix Warnings
- Wireshark 4.6.2 Released
- DLLs & TLS Callbacks
Friday 2 January 2026
Overview of Content Published in December
Here is an overview of content I published in December:
Blog posts:
SANS ISC Diary entries:
Monday 1 December 2025
Overview of Content Published in November
Here is an overview of content I published in November:
Blog posts:
- Update: cs-parse-traffic.py Version 0.0.6
- Update: numbers-to-hex.py Version 0.0.4
- Quickpost: Power Requirements Of A Keylogger
- Quickpost: CR1225 vs CR1220
- Copy/Paste Delays In Excel Because Of Default Printer
SANS ISC Diary entries:
Saturday 1 November 2025
Overview of Content Published in October
Here is an overview of content I published in October:
Blog posts:
SANS ISC Diary entries:
Thursday 2 October 2025
Overview of Content Published in September
Here is an overview of content I published in September:
SANS ISC Diary entries:
Monday 1 September 2025
Overview of Content Published in August
Here is an overview of content I published in August:
Blog posts:
SANS ISC Diary entries:
Friday 1 August 2025
Overview of Content Published in July
Here is an overview of content I published in July:
Blog posts:
SANS ISC Diary entries:
Tuesday 1 July 2025
Overview of Content Published in June
Here is an overview of content I published in June:
Blog posts:
- Update: myjson-transform.py Version 0.0.2
- Update: search-for-compression.py Version 0.0.4
- Quickpost: Firefox Profiles and Multiple Instances
- Quickpost: emldump Bulk Extraction
- DSS_DEFAULT_HASH_ALGORITHMS
- Python Requirements for Didier Stevens Suite
- Quickpost: USB-C Couplers
- Update: pngdump.py Version 0.0.7
- My Fridge & My Portable Power Station
- Update: pecheck.py Version 0.7.18
- Update: search-for-compression.py 0.0.5
- Update: myjson-filter.py Version 0.0.9
- Update: virustotal-search.py Version 0.1.9
- New Tool: myipaddress.py
- Update: teeplus.py Version 0.0.2
Sunday 15 June 2025
New Tool: myipaddress.py
This is a new tool that I use for IPv4 operations, like generating a list of CIDRs based on ASNs, checking if IPv4 addresses are members of CIDRs, …
Here is the man page:
Usage: myipaddress.py [options] command ...
IP address tool
Arguments:
@file: process each file listed in the text file specified
wildcards are supported
Source code put in the public domain by Didier Stevens, no Copyright
Use at your own risk
https://DidierStevens.com
Options:
--version show program's version number and exit
-h, --help show this help message and exit
-m, --man Print manual
-u, --uniques Remove duplicates
-s, --sort Sort
-q, --quiet Quiet
-o OUTPUT, --output=OUTPUT
Output to file (# supported)
-v, --invert Invert selection
-e, --extra Include extra info
Manual:
4 commands are available: cidr2ip, asn2cidr, ipincidr and aso2cidr.
Command cidr2ip is used to generate IPv4 addresses for the given
CIDRs.
Example: myipaddress.py cidr2ip 192.168.0.0/24 10.10.10.0/30
Option -u (--unique) will remove all duplicates from the generated
list.
Option -s (--sort) will sort the list.
Command asn2cidr is used to generate a list of IPv4 CIDRs for the
given ASNs (autonomous system numbers).
Example: myipaddress.py asn2cidr 100 1234
Output:
100: 12.30.153.0/24 74.123.89.0/24 102.210.158.0/24 192.118.48.0/24
198.180.4.0/22 199.36.118.0/24 199.48.212.0/22 216.225.27.0/24
1234: 132.171.0.0/16 137.96.0.0/16 193.110.32.0/21
Option -q (--quiet) will produce a simple list of CIDRs, nothing more.
Example: myipaddress.py -q asn2cidr 1234
Output:
132.171.0.0/16
137.96.0.0/16
193.110.32.0/21
Option -u (--unique) will remove all duplicates from the generated
list.
This command requires CSV file GeoLite2-ASN-Blocks-IPv4.csv to be
present in the same folder as script myipaddress.py.
See below for more info.
Command ipincidr is used to generate a list of IPv4 addresses for the
text files.
The text files either contain a list of IPv4 addresses or a list of
IPv4 CIDRs (it can actually be a mix of both in the same file).
Then the command will produce a list for the given IPv4 addresses that
are contained in the given CIDRs.
If a line of the text file contains a / character, it is interpreted
as a CIDR, otherwise it is interpreted as a IPv4 address.
CIDRs can also be followed by an ASO with the tab character as
separator.
Example: myipaddress.py ipincidr cidrs.txt ipv4s.txt
Option -v (--inverse) will invert the logic: all given IPv4 addresses
that are NOT contained in the GIVEN CIDRs are listed.
Command aso2cidr is used to generate a list of IPv4 CIDRs for the
given ASOs substrings (autonomous system organisations).
Example: myipaddress.py aso2cidr sans-institute
Output:
SANS-INSTITUTE: 66.35.60.0/24 104.193.44.0/24
Example: myipaddress.py aso2cidr sans-institute amadeus
Output:
SANS-INSTITUTE: 66.35.60.0/24 104.193.44.0/24
Amadeus Data Processing GmbH: 82.150.224.0/21 82.150.248.0/23
168.153.3.0/24 168.153.4.0/22 168.153.8.0/23 168.153.32.0/22
168.153.40.0/22 168.153.64.0/22 168.153.96.0/24 168.153.106.0/24
168.153.109.0/24 168.153.110.0/23 168.153.144.0/22 168.153.160.0/22
171.17.128.0/18 171.17.255.0/24 185.165.8.0/23 193.23.186.0/24
193.24.37.0/24 195.27.162.0/23 213.70.140.0/24
Amadeus Soluciones Tecnologicas S.A.: 94.142.200.0/21
Amadeus is an international computer reservations system. A subsidary
is in Bangalore and t: 168.153.1.0/24
Amadeus India Pvt.Ltd.: 202.0.109.0/24
Amadeus India: 203.89.132.0/24
Option -q (--quiet) will produce a simple list of CIDRs, nothing more.
Example: myipaddress.py -q aso2cidr sans-institute
Output:
66.35.60.0/24
104.193.44.0/24
Option -e (--extra) will add the ASO (with tab character as
separator).
Example: myipaddress.py -q -e aso2cidr sans-institute
Output:
66.35.60.0/24 SANS-INSTITUTE
104.193.44.0/24 SANS-INSTITUTE
Option -u (--unique) will remove all duplicates from the generated
list.
This command requires CSV file GeoLite2-ASN-Blocks-IPv4.csv to be
present in the same folder as script myipaddress.py.
See below for more info.
File GeoLite2-ASN-Blocks-IPv4.csv can be obtained for free by creating
an account on maxmind.com and then download database known as:
GeoLite ASN: CSV Format
It's a ZIP file that contains file GeoLite2-ASN-Blocks-IPv4.csv.
MD5: 839550C3E5C6A07C088D27EFD51BE2F7
SHA256: F4DCF325E578F797B3D15316E797EB359E1DA13255E9644841593A1C1C5A9F54
Didier Stevens 