In this update for cs-parse-traffic.py, my tool to decrypt & parse Cobalt Strike traffic, I added some error handling.
cs-parse-traffic_V0_0_5.zip (http)This new version of oledump.py brings some fixes and an update to plugin plugin_vbaproject to decode and display the password for plaintext passwords:
This new version of oledump.py brings a new plugin (plugin_metadata) and Python 3 fixes for 2 plugins (plugin_msi and plugin_ppt).
The new plugin is actually an old unpublished plugin, that I updated recently.
This plugin parses Office document metadata as defined in document [MS-OLEPS].
I started to write this in 2015 to parse the metadata of Word documents, but soon I figured out that this functionality was already present in olefile, and I introduced option -M to call this functionality.
But recently, I had to parse metadata that isn’t (yet) parsed by olefile, so I updated and released plugin_metadata.
oledump_V0_0_65.zip (http)This is a Python3 stdin fix for re-search.py, my tool to search with regular expressions.
re-search_V0_0_19.zip (http)This new version of 1768.py brings option -H to include file hashes, introduces shellcode type detection and has updated statistics.
This new version of cut-bytes.py adds access to the read data for Python expressions in prefix and suffix options.
cut-bytes_V0_0_14.zip (http)This new version of oledump brings option -u. This option is used to look for data past the end of the streams.
oledump_V0_0_64.zip (http)I included a new Cobalt Strike 4.5 private key in this released, shared with me by a user.
Further, ZIP files with AES encryption are supported. And a few other bug fixes
1768_v0_0_12b.zip (https)This is a bug fix update for oledump.py.
It fixes a bug that occurred when you calculated the hash of decompressed VBA code:
This new version of jpegdump.py adds option -E to display extra info for each segment.
This extra data is a hash of the segment’s data: md5, sha1, sha256.
Didier Stevens 