Didier Stevens

Sunday 17 January 2021

Update: count.py Version 0.3.0

Filed under: My Software,Update — Didier Stevens @ 11:06

This is a Python 3 update for my count.py tool, a tool to count items.

count_v0_3_0.zip (https)
MD5: 52B9E424640983892FAD7734D0388860
SHA256: 4ED5A3FD913E6953A4635AB93F015BEDE08DF3448125DD95E1EFCB47A320D0D5

Sunday 10 January 2021

Update: oledump.py Version 0.0.58

Filed under: My Software,Update — Didier Stevens @ 0:00

This new version of oledump.py adds an overview of indicators to the end of the man page (-m) and adds simple password cracking to plugin_biff for Excel 95 files.

oledump_V0_0_58.zip (https)
MD5: 46CACE8791487EC18FAC250B6F5ECC7F
SHA256: 241E182CE5E1CC8B6EB612CF1EC09418BE263529501B6C54C5E683B88A3C5ABB

Saturday 9 January 2021

Update: Python Templates Version 0.0.3

Filed under: My Software,Update — Didier Stevens @ 11:02

Here is an update to my Python templates (binary and text files).

I use these templates as a starting point for new tools or for quick development of ad-hoc tools.

python-templates_V0_0_3.zip (https)
MD5: 177ABEC23A09F489893823C5D3409C09
SHA256: A0F5F316E4EB858F9D8257039D68CF25AE0B2ADBCB3602A5FD1C12A9FC92706A

Thursday 31 December 2020

Update: rtfdump.py Version 0.0.10

Filed under: My Software,Update — Didier Stevens @ 10:38

This is a Python 3 update for my tool to analyze RTF files. There are some new features, like option -O, to produce an overview:

More details in upcoming maldoc analysis posts.

rtfdump_V0_0_10.zip (https)
MD5: E7D235AC14A83DAABCD433DE1948E989
SHA256: 750430C0DA0B9D25B0BBBB972F107D1459FEAF45A2D61EAB6C10E84CB8AA01F8

Sunday 27 December 2020

Update: 1768.py Version 0.0.4

Filed under: My Software,Update — Didier Stevens @ 0:00

This is an update of my tool to analyze Cobalt Strike beacons.

Option -l can be used to generate YARA rules to search for Cobalt Strike beacons with a given license ID.

 

1768_v0_0_4.zip (https)
MD5: 35779393F2DC6171731446F8E0AC361B
SHA256: 59148C2DA13BE4DB203F9444E837911476BDE74E41E5A82C865E9729101336D2

Saturday 26 December 2020

Update: base64dump.py Version 0.0.13

Filed under: My Software,Update — Didier Stevens @ 0:00

This is an update to my tool base64dump.py: a tool to detect and decode encodings like base64, hexadecimal, …

A new decoding option was added with version 0.0.13: dec (decimal).

base64dump_V0_0_13.zip (https)
MD5: B322C1E55108FB1559009FC4C1CF12DE
SHA256: EE6527B4F558439916D9854980D6980EECA9F130F37BBF4034453ABBD8BF3260

Friday 25 December 2020

Update: zipdump.py Version 0.0.21

Filed under: My Software,Update — Didier Stevens @ 0:00

This is a Python 3 bug fix version of my tool to analyze ZIP files.

zipdump_v0_0_21.zip (https)
MD5: 9B2839C1028FA5D07F2E07FDB56306D9
SHA256: 48653BB2B3009241C4C536BF64D16A6DFDA4B66D6658EC6BCFA79647AE4D5FA8

Thursday 24 December 2020

Video: Using numbers-to-string.py To Analyze FireEye Maldocs

Filed under: My Software,video — Didier Stevens @ 0:00

I created a video where I use my updated numbers-to-string.py tool to analyze a maldoc created with FireEye’s red team tool.

Wednesday 23 December 2020

Update: byte-stats.py Version 0.0.8

Filed under: My Software,Update — Didier Stevens @ 0:00

This is a Python 3 version of my byte-stats.py tool to produce statistics for arbitrary binary input.

byte-stats_V0_0_8.zip (https)
MD5: 2F6E672D821356EDBDA51A83662075E8
SHA256: 23A108A849FEB84002505463101D7DC47C52D12C80F812465B25996DBB34775C

Tuesday 22 December 2020

Update: cut-bytes.py Version 0.0.13

Filed under: My Software,Update — Didier Stevens @ 0:00

This is a bug fix version for cut-bytes.py, my tool to select (cut) bytes from binary input.

cut-bytes_V0_0_13.zip (https)
MD5: E16C2B6358A2AA642BCC9CC9B033FAEC
SHA256: 2276257173FD1DF65338CFA53DDE5522ED8A7D7E94BCC302117F535F584F14CF

« Previous PageNext Page »

Blog at WordPress.com.