I will release free stuff on my company’s website Didier Stevens Labs. Like this new XORSearch video.
XORSearch is one of my popular tools, but I hadn’t made a video for it yet:
Wednesday 10 October 2012
Tuesday 9 October 2012
Thursday 20 September 2012
Didier Stevens Labs – Brucon 2012
I founded my own company: Didier Stevens Labs
You can find videos of my workshops for sale on this new website.
And I will give a brand new workshop at Brucon next week: Windows x64: The Essentials
I will sell CDs with my workshops videos at Brucon with a 20% discount.
Friday 14 September 2012
New Authenticode Tools
I’ve worked on a couple of new tools to analyze the digital signature found in PE files. In this post, I’m sharing some invalid signatures I found on my machines.
This signature is invalid because the certificate expired:
Normally, the fact that it expired shouldn’t cause the signature to become invalid, but here it does because the author forgot to countersign the signature with a timestamping service:
I also found several files where the root certificate used in the signatures uses a signature algorithm based on the MD2 hash:
And last a signature with a revoked certificate:
Remember Realtek Semiconductor? Their private key was compromised and used to sign Stuxnet components.
Friday 17 February 2012
Article: White Hat Shellcode
The latest (IN)SECURE Magazine issue includes my article on White Hat Shellcode.
Thursday 19 January 2012
Analyzing IOS Core Dumps (SOPA-style)
Do you need to analyze a Cisco IOS Core Dump?
Read this.
“But that doesn’t explain how to analyze a core dump“, you say? Correct, unfortunately. That’s all you get with SOPA/PIPA enacted.
“But SOPA blackout day” was yesterday, you say? Correct. But I’m not following the crowd 😉
Tuesday 9 December 2008
Updates: bpmtk and Hakin9; PDF and Metasploit
Hakin9 has published my bpmtk article. The article mentions bpmtk version 0.1.4.0; however, this new version has no new features. But it comes with extra PoC code, like a LUA-mode keylogger and “rootkit”. New blogposts will explain this new PoC code.
And upcoming bpmtk version 0.1.5.0 contains a new feature to inject shellcode. Just have to update the documentation.
On the PDF front: I’ve produced my first Ruby code ;-). I worked together with MC from Metasploit to optimize the PDF generation code in this util.printf exploit module. It uses some obfuscation techniques I described 8 months ago.
Monday 8 December 2008
@TweetXmasTree
Tuesday 5 August 2008
How Is My Hacking? (.com)
My new stickers arrived today:
From now on, winners of my little puzzles can expect a little prize (I’ll contact winners of past puzzles)…
Saturday 19 April 2008
Taking the GSSP-C Exam
I’ve a blogpost over at the PaulDotCom Community Blog about my GSSP-C certification.
Didier Stevens 