This new version of xor-kpa adds the option -x to encode/decode, and also prints the hexadecimal value of the found keys.
Sunday 27 November 2016
Sunday 20 November 2016
A small update to zipdump: this version displays the ZIP comment (if present) and also counts unique bytes, i.e. the number of different byte values found in the data.
Saturday 19 November 2016
A small update to byte-stats: this version also counts unique bytes, i.e. the number of different byte values found in the data.
Friday 18 November 2016
shellcode2vba.py is a Python program to create VBA code to inject shellcode. This new version has 1 new option:
Option –suffix allows you to instruct the program to add a suffix to the VBA function names.
Sunday 23 October 2016
This new version of virustotal-search.py accepts input from stdin.
Saturday 22 October 2016
I added dumps to this new version of cut-bytes.py:
Monday 17 October 2016
This new version has a couple of new options (–decoderdir and –plugindir) and a bugfix.
Monday 19 September 2016
I needed to decompress the content of a Flash file (.swf). I thought of using my translate.py program with a command to inflate (zlib) the content (minus the header of 8 bytes): lambda b: zlib.decompress(b[8:])
Quite simple, but the problem is that translate.py doesn’t import zlib. I have to do that, but that can’t be done in a lambda function. So I added option -e (execute) to execute extra statements:
Tuesday 2 August 2016
I made a small update to rtfdump and added new rules to rtf.yara.
This video is an intro to rtfdump:
This is a video on an RTF maldoc (MD5 07884483f95ae891845caf0d50ce507f) that contains an exploit for MS12-027 CVE-2012-0158:
This is a video on an RTF maldoc (MD5 4483ad299158eb54f6ff58b5346a36ee) that contains an exploit for MS10-087 CVE-2010-3333:
Sunday 31 July 2016
This is a small update for re-search.py to properly handle binary files.