Didier Stevens

Monday 1 November 2021

Overview of Content Published in October

Filed under: Announcement — Didier Stevens @ 0:00

Here is an overview of content I published in October:

Blog posts:

YouTube videos:

Videoblog posts:

SANS ISC Diary entries:

NVISO blog posts:

Friday 22 October 2021

New Tool: cs-decrypt-metadata.py

Filed under: Announcement,Encryption,My Software,Reverse Engineering — Didier Stevens @ 0:00

cs-decrypt-metadata.py is a new tool, developed to decrypt the metadata of a Cobalt Strike beacon.

An active beacon regularly checks in with its team server, transmitting medata (like the AES key, the username & machine name, …) that is encrypted with the team server’s private key.

This tool can decrypt this data, provided:

  1. you give it the file containing the private (and public) key, .cobaltstrike.beacon_keys (option -f)
  2. you give it the private key in hexadecimal format (option -p)
  3. the private key is one of the 6 keys in its repository (default behavior)

I will publish blog posts explaining how to use this tool.

Here is a quick example:

cs-decrypt-metadata_V0_0_1.zip (https)
MD5: 31F94659163A6E044A011B0D82623413
SHA256: 50ED1820DC63009B579D7D894D4DD3C5F181CFC000CA83B2134100EE92EEDD9F

Saturday 2 October 2021

Overview of Content Published in September

Filed under: Announcement — Didier Stevens @ 19:33
Here is an overview of content I published in September:
Blog posts: YouTube videos: Videoblog posts: SANS ISC Diary entries:

Sunday 19 September 2021

Overview of Content Published in August

Filed under: Announcement — Didier Stevens @ 15:07
Here is an overview of content I published in August: Blog posts: YouTube videos: Videoblog posts: SANS ISC Diary entries:

Monday 2 August 2021

Overview of Content Published in July

Filed under: Announcement — Didier Stevens @ 22:11
Here is an overview of content I published in July: Blog posts: YouTube videos: Videoblog posts: SANS ISC Diary entries:

Saturday 3 July 2021

Overview of Content Published in June

Filed under: Announcement — Didier Stevens @ 19:01
Here is an overview of content I published in June: Blog posts: YouTube videos: Videoblog posts: SANS ISC Diary entries:

Friday 4 June 2021

Overview of Content Published in May

Filed under: Announcement — Didier Stevens @ 0:00
Here is an overview of content I published in May: Blog posts: YouTube videos: Videoblog posts: SANS ISC Diary entries:

Sunday 2 May 2021

Overview of Content Published in April

Filed under: Announcement — Didier Stevens @ 19:16

Here is an overview of content I published in April:

Blog posts:

YouTube videos:

Videoblog posts:

SANS ISC Diary entries:

Sunday 18 April 2021

metatool.py

Filed under: Announcement,My Software — Didier Stevens @ 17:56

metatool.py is a tool to help with the analysis of Metasploit or Cobalt Strike URLs.

More info can be found in my SANS Internet Storm Center diary entry “Finding Metasploit & Cobalt Strike URLs“.

It is still in my Github beta repository here.

Thursday 1 April 2021

Overview of Content Published in March

Filed under: Announcement — Didier Stevens @ 0:00

Here is an overview of content I published in March:

Blog posts:

YouTube videos:

Videoblog posts:

SANS ISC Diary entries:

« Previous PageNext Page »

Blog at WordPress.com.