This is a Python 3 update for my count.py tool, a tool to count items.
count_v0_3_0.zip (https)
MD5: 52B9E424640983892FAD7734D0388860
SHA256: 4ED5A3FD913E6953A4635AB93F015BEDE08DF3448125DD95E1EFCB47A320D0D5
This is a Python 3 update for my count.py tool, a tool to count items.
count_v0_3_0.zip (https)
MD5: 52B9E424640983892FAD7734D0388860
SHA256: 4ED5A3FD913E6953A4635AB93F015BEDE08DF3448125DD95E1EFCB47A320D0D5
This new version of oledump.py adds an overview of indicators to the end of the man page (-m) and adds simple password cracking to plugin_biff for Excel 95 files.
oledump_V0_0_58.zip (https)
MD5: 46CACE8791487EC18FAC250B6F5ECC7F
SHA256: 241E182CE5E1CC8B6EB612CF1EC09418BE263529501B6C54C5E683B88A3C5ABB
Here is an update to my Python templates (binary and text files).
I use these templates as a starting point for new tools or for quick development of ad-hoc tools.
python-templates_V0_0_3.zip (https)
MD5: 177ABEC23A09F489893823C5D3409C09
SHA256: A0F5F316E4EB858F9D8257039D68CF25AE0B2ADBCB3602A5FD1C12A9FC92706A
This is a Python 3 update for my tool to analyze RTF files. There are some new features, like option -O, to produce an overview:
More details in upcoming maldoc analysis posts.
rtfdump_V0_0_10.zip (https)
MD5: E7D235AC14A83DAABCD433DE1948E989
SHA256: 750430C0DA0B9D25B0BBBB972F107D1459FEAF45A2D61EAB6C10E84CB8AA01F8
This is an update of my tool to analyze Cobalt Strike beacons.
Option -l can be used to generate YARA rules to search for Cobalt Strike beacons with a given license ID.
1768_v0_0_4.zip (https)
MD5: 35779393F2DC6171731446F8E0AC361B
SHA256: 59148C2DA13BE4DB203F9444E837911476BDE74E41E5A82C865E9729101336D2
This is an update to my tool base64dump.py: a tool to detect and decode encodings like base64, hexadecimal, …
A new decoding option was added with version 0.0.13: dec (decimal).
base64dump_V0_0_13.zip (https)
MD5: B322C1E55108FB1559009FC4C1CF12DE
SHA256: EE6527B4F558439916D9854980D6980EECA9F130F37BBF4034453ABBD8BF3260
This is a Python 3 bug fix version of my tool to analyze ZIP files.
zipdump_v0_0_21.zip (https)
MD5: 9B2839C1028FA5D07F2E07FDB56306D9
SHA256: 48653BB2B3009241C4C536BF64D16A6DFDA4B66D6658EC6BCFA79647AE4D5FA8
I created a video where I use my updated numbers-to-string.py tool to analyze a maldoc created with FireEye’s red team tool.
This is a Python 3 version of my byte-stats.py tool to produce statistics for arbitrary binary input.
byte-stats_V0_0_8.zip (https)
MD5: 2F6E672D821356EDBDA51A83662075E8
SHA256: 23A108A849FEB84002505463101D7DC47C52D12C80F812465B25996DBB34775C
This is a bug fix version for cut-bytes.py, my tool to select (cut) bytes from binary input.
cut-bytes_V0_0_13.zip (https)
MD5: E16C2B6358A2AA642BCC9CC9B033FAEC
SHA256: 2276257173FD1DF65338CFA53DDE5522ED8A7D7E94BCC302117F535F584F14CF