Update | Didier Stevens

Wednesday 23 November 2022

Update: what-is-new.py Version 0.0.2

Filed under: My Software,Update — Didier Stevens @ 0:00

This update of what-is-new-.py, my tool that reports what lines inside files are new (e.g., never seen before) has a new option: -a –action. It allows me to launch a command when something new is detected.

I use this for example to be alerted via TelegraM; More details in an upcoming blog post.

what-is-new_V0_0_2.zip (http)
MD5: 458B06FAF21F6BB150087196CCFEFAC2
SHA256: D020205346A778A4EE31B9C645F31BD4E14B465DC0B37BABD1DEEDFB6F347232

Leave a Comment

Thursday 10 November 2022

Update: pdf-parser.py Version 0.7.7

Filed under: My Software,Update — Didier Stevens @ 0:00

This is a small update: you can now select which hash algorithm to use for option -H by setting environment variable DSS_DEFAULT_HASH_ALGORITHMS.

And the statistics options (-a) also display a list of objects with streams.

pdf-parser_V0_7_7.zip (http)
MD5: BCAE193F171184F979603DFB1380FF43
SHA256: 576C429FA88CF0A7A110DAB25851D90670C88EC4CD7728329E754E06D8D26A70

Comments (1)

Monday 24 October 2022

Update: byte-stats.py Version 0.0.9

Filed under: My Software,Update — Didier Stevens @ 0:00

This new version of byte-stats.py, my tool to generate statistics for (binary) data, comes with an update to report the longest:

printable string (ASCII bytes between 0x20 and 0x7E included)
hexadecimal string (ASCII hexadecimal digits, not checking if the length is an even number)
BASE64 strings (ASCII BASE64 digits without padding character =, not checking if the length is a multiple of 4)

byte-stats_V0_0_9.zip (http)
MD5: 9187073EB63DE78BDACA1A3AB096DD19
SHA256: 6BC1F8A6FDAA4E8484B6C86E38E214BCBF24AB20F80C92D8AEE3C5EA402D2F0C

Leave a Comment

Saturday 22 October 2022

Update: rtfdump.py Version 0.0.12

Filed under: My Software,Update — Didier Stevens @ 11:35

This version adds support for ZIP files encrypted with AES, via the pyzipper module.

rtfdump_V0_0_12.zip (http)
MD5: C3D4F69908A49265E3877D4338462534
SHA256: A40CC2744DE2D4C5956F5FD306357E7E105EC693B8BEA6E7E006C48EC78055BB

Comments (1)

Thursday 13 October 2022

Update: base64dump.py Version 0.0.24

Filed under: My Software,Update — Didier Stevens @ 19:02

This is a small update, to add extra statistical information for decoded items.

base64dump_V0_0_24.zip (http)
MD5: 47FDC47A9235CEF2DF95D1FC12BC166E
SHA256: FAF376E267CE6937BAB7544EA4AF9DD40499886992E7DA3855C16C73C02276B1

Comments (2)

Wednesday 28 September 2022

Update: rtfdump.py Version 0.0.11

Filed under: My Software,Update — Didier Stevens @ 21:40

This new version of rtfdump, my tool to analyze RTF files, brings json output for options -O and -F.

rtfdump_V0_0_11.zip (http)
MD5: AFC884082B251BF288B05203DD5D4F69
SHA256: CB3984924137897F75E62C3A835BB9197CBF1DDBD6BCFB3E18423999B06A36C8

Leave a Comment

Sunday 25 September 2022

Taking A Look At PNG Files with pngdump.py Beta Version 0.0.3

Filed under: Beta,My Software,Update — Didier Stevens @ 20:10

Here’s a new beta version of my tool pngdump.py, a tool to analyze PNG files.

I took a look at all files on MalwareBazaar with a PNG tag, and made updates to pngdump.py to handle them.

I found 3 types of “PNG” files.

First, files spoofing PNG files: files that are not PNG files, but have a .png extension.

Like .exe and .rar files:

Second, valid PNG files with an appended payload:

Third, invalid PNG files. For example, PNG files with the right record structure, but where the Zlib compressed image is replaced by an RC4 encrypted payload (IcedID):

I also have other samples, but that’s for another blog post.

Beta version 0.0.3 is available on GitHub.

Leave a Comment

Tuesday 20 September 2022

Update: My Python Templates Version 0.0.8

Filed under: My Software,Update — Didier Stevens @ 0:00

This update adds the option –trim to template process-text-files.py.

python-templates_V0_0_8.zip (http)
MD5: 6C845823BB8AC4DB42993B994E93AF66
SHA256: 20EC1E6540DF31939686CA4B54C5312DF3724EB756B16BA724722C3196BDF93F

Comments (1)

Monday 19 September 2022

Update: strings.py Version 0.0.8

Filed under: My Software,Update — Didier Stevens @ 0:00

This version of my strings.py program adds option -N to select strings that end with a NUL character (C-strings).

strings_V0_0_8.zip (http)
MD5: 29015239E6385FFA63C2E33755C34CD9
SHA256: 449AC9AA39A464D7C5883DED3FE9CB21A2E8E700F7763AD4199C25D37DCBD296

Comments (3)

Thursday 15 September 2022

Update: virustotal-search.py Version 0.1.7

Filed under: My Software,Update — Didier Stevens @ 7:41

A new option was added to limit the amount of requests: -l (–limitrequests).

virustotal-search_V0_1_7.zip (http)
MD5: BB6E9D480F7BCF0FD3F0CB8EED1B49FE
SHA256: AEFEB5761A5BBEE998FA20A68213316522C7554796F47EB8C7EB2A5DF1D4E73D

Comments (1)

Didier Stevens

Wednesday 23 November 2022

Update: what-is-new.py Version 0.0.2

Thursday 10 November 2022

Update: pdf-parser.py Version 0.7.7

Monday 24 October 2022

Update: byte-stats.py Version 0.0.9

Saturday 22 October 2022

Update: rtfdump.py Version 0.0.12

Thursday 13 October 2022

Update: base64dump.py Version 0.0.24

Wednesday 28 September 2022

Update: rtfdump.py Version 0.0.11

Sunday 25 September 2022

Taking A Look At PNG Files with pngdump.py Beta Version 0.0.3

Tuesday 20 September 2022

Update: My Python Templates Version 0.0.8

Monday 19 September 2022

Update: strings.py Version 0.0.8

Thursday 15 September 2022

Update: virustotal-search.py Version 0.1.7

Pages

Top Posts

Categories

Blog Stats

Twitter @DidierStevens

Archives