Didier Stevens

Saturday 16 February 2019

Overview of Content Published in January

Filed under: Announcement — Didier Stevens @ 7:46

Here is an overview of content I published in January:

Blog posts:

YouTube videos:

Videoblog posts:

SANS ISC Diary entries:

Tuesday 1 January 2019

Overview of Content Published in December

Filed under: Announcement — Didier Stevens @ 0:00

Here is an overview of content I published in December:

Blog posts:

YouTube videos:

Videoblog posts:

SANS ISC Diary entries:

Sunday 2 December 2018

Overview of Content Published in November

Filed under: Announcement — Didier Stevens @ 12:32

Here is an overview of content I published in November:

Blog posts:

YouTube videos:

SANS ISC Diary entries:

Friday 2 November 2018

Overview of Content Published in October

Filed under: Announcement — Didier Stevens @ 0:00

Here is an overview of content I published in October:

Blog posts:

SANS ISC Diary entries:

Sunday 21 October 2018

Release: Python Tool Templates

Filed under: Announcement,My Software — Didier Stevens @ 0:00

I’m releasing the templates for Python tools I shared and used during my BruCON and Hack.lu 2018 workshops.

There’s a template for text files and one for binary files.

python-templates_V0_0_1.zip (https)
MD5: 99E9D87681470F1BAE020B68F2853F49
SHA256: 2CA24AD6928FA2FE2DE894FEFBD1B41238B723D46ADED4064D26374A805BA1C4

Monday 1 October 2018

Title: Overview of Content Published in September

Filed under: Announcement — Didier Stevens @ 0:00

Here is an overview of content I published in September:

Blog posts:

YouTube videos:

Videoblog posts:

SANS ISC Diary entries:

Wednesday 5 September 2018

Overview of Content Published in August

Filed under: Announcement — Didier Stevens @ 0:00

Here is an overview of content I published in August:

Blog posts:

YouTube videos:

Videoblog posts:

SANS ISC Diary entries:

NVISO blog:

Monday 20 August 2018

Obtaining Malware Samples for Analysis

Filed under: Announcement,Malware — Didier Stevens @ 0:00

In my malware analysis blog posts and videos, I always try to include the hash or VirusTotal link of the sample(s) I analyze. If I don’t, it means I’m not at liberty to share the hash.

For every video that I post on YouTube, I create a corresponding video blog post (https://videos.DidierStevens.com) with more info like the sample’s hash and a link to VirusTotal.

In the description of the YouTube video, you will find a link to the video blog post.

Example:

I will often use the MD5 hash, but since I include a link to VirusTotal, you can consult the report and find other hashes like sha256 in that report.

Regarding MD5: I don’t worry about hash collisions for malware samples. Actually, if there is an MD5 hash collision, VirusTotal will inform me, and that would make my day 🙂 .

Don’t ask me for the malware samples I analyze, I don’t host or send these malware samples. If you or your organization have a VirusTotal Intelligence subscription, you can download the sample from VirusTotal.

If you don’t, there are several free repositories online (sometimes they require free registration). Lenny Zeltser has a list of repositories.

 

 

Thursday 2 August 2018

Overview of Content Published in July

Filed under: Announcement — Didier Stevens @ 0:00

Here is an overview of content I published in July:

Blog posts:

YouTube videos:

Videoblog posts:

SANS ISC Diary entries:

NVISO blog:

Wednesday 11 July 2018

New Tool: file-magic.py

Filed under: Announcement,My Software — Didier Stevens @ 0:00

I find the *nix tool file very useful. There’s no equivalent on Windows, that’s why I use a Windows port of this tool.

But it has some limitations, the most annoying to me being the lack of support for stdin. This prevents me from using it in a chain of commands.

That’s the main reason I developed file-magic.py, a Python tool that is essentially a wrapper for the Python magic module.

On Windows and OSX, install module python-magic-bin with pip (this will install binaries too), while on Linux install module python-magic.

Here is an example showing how output from base64dump is piped into file-magic:

And here is an example with jsonoutput I mentioned before:

You can also add your own definitions to file file-magic.def.

For example, I added a definition for VBE/JSE files (encoded .vbs/.js scripts).

file-magic_V0_0_2.zip (https)
MD5: EAE684E74731FF493D5EC5D243EB16B6
SHA256: 9B0E7B47CAED8F5627DEFCE19B737554BBF998EF380187D6DE4FC1C9572EC9ED

Next Page »

Blog at WordPress.com.