Didier Stevens

Sunday 1 November 2020

Overview of Content Published in October

Filed under: Announcement — Didier Stevens @ 0:00

Blog posts:

YouTube videos:

Videoblog posts:

SANS ISC Diary entries:

Thursday 1 October 2020

Overview of Content Published in September

Filed under: Announcement — Didier Stevens @ 0:00

Here is an overview of content I published in September:

Blog posts:

SANS ISC Diary entries:

NVISO blog posts:

Tuesday 29 September 2020

“Epic Manchego” And My Tools

Filed under: Announcement — Didier Stevens @ 0:00

Over the last months, I’ve been quite busy working with my colleagues on report “Epic Manchego – atypical maldoc delivery brings flurry of infostealers“: we’ve tracked an actor creating a new type of malicious Office document.

To help with the automatic analysis of all the maldocs produced by this actor (several per day), I added new features to existing tools and created new tools.

I’m releasing this work in the coming months (some has already been published: oledump.py and zipdump.py).

Monday 7 September 2020

Overview of Content Published in August

Filed under: Announcement — Didier Stevens @ 6:12

Here is an overview of content I published in August:

Blog posts:

SANS ISC Diary entries:

Sunday 23 August 2020

New Tool: XORSearch.py

Filed under: Announcement,My Software — Didier Stevens @ 19:42

XORSearch, written in C, is a tool of mine I started 10+ years ago. But more and more security tools don’t like it.

So I decided to stop adding new features to XORSeach in C, and start programming a Python version to implement new features. This is a work in progress.

For the moment, the Python version only supports XOR-encoding with a one-byte key, and can only search for printable content.

Take a look at my SANS ISC diary entry to see how I use it.

I will still maintain the C version: perform bug fixes and add new features that require the speed of compiled C.

But features like detecting printable content will normally be used on small files, and then speed is not an issue.

Saturday 1 August 2020

Overview of Content Published in July

Filed under: Announcement — Didier Stevens @ 0:00

Here is an overview of content I published in July:

Blog posts:

YouTube videos:

Videoblog posts:

SANS ISC Diary entries:

Wednesday 1 July 2020

Overview of Content Published in June

Filed under: Announcement — Didier Stevens @ 16:00

Here is an overview of content I published in June:

Blog posts:

YouTube videos:

Videoblog posts:

SANS ISC Diary entries:

NVISO blog posts:

Tuesday 16 June 2020

FalsePositive GitHub Repository

Filed under: Announcement — Didier Stevens @ 0:00

As I’m fed up with Google’s false positives on some of my tools on DidierStevens.com, I’m moving them to a new GitHub repository: FalsePositives.

FYI, here is their User Agent String:

Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US) AppEngine-Google; (+http://code.google.com/appengine; appid: s~virustotalcloud)

Monday 1 June 2020

Overview of Content Published in May

Filed under: Announcement — Didier Stevens @ 0:00

Here is an overview of content I published in May:

Blog posts:

YouTube videos:

Videoblog posts:

SANS ISC Diary entries:

Monday 25 May 2020

AdHoc GitHub Repository

Filed under: Announcement — Didier Stevens @ 0:00

Next to GitHub repositories DidierStevensSuite and Beta to share my tools, I have now repository AdHoc.

AdHoc is a repository for adhoc scripts: scripts that serve a very specific purpose, and that will most likely not be maintained, maybe just a few cycles.

For example, it contains script excel_brute_force_formula_fill.py, a script that I wrote to try to decode the current Zloader Excel 4 macro maldocs.

Next Page »

Blog at WordPress.com.