Didier Stevens

Saturday 23 January 2016

Update: base64dump.py Version 0.0.4

Filed under: My Software,Update — Didier Stevens @ 17:51

A quick update: extended –cut option (like in oledump) and added option -w to ignore whitespace.

base64dump_V0_0_4.zip (https)
MD5: 5864B1AF997EBA6E5F6DD0C3B8ADBE56
SHA256: 1B01023A97361A9DBBB16B9D8851FFD757F03FA3964C0ED72067F9117F283992

Saturday 2 January 2016

Update: shellcode2vba.py Version 0.4

Filed under: My Software,Shellcode,Update — Didier Stevens @ 13:33

shellcode2vba.py is a Python program to create VBA code to inject shellcode. This new version has 3 new options:

Option –nocreatethread allows you to instruct the program not to add the VBA code to create a new thread.

Option –writememory: from now on, the VBA code uses RtlMoveMemory in stead of WriteProcessMemory. To use WriteProcessMemory, use option –writememory process

Option –start allows you to specify the name of the start function (ExecuteShellCode by default).

shellcode2vba_v0_4.zip (https)
MD5: DA1580DEF5B5CFF08ACF5FA921AF0822
SHA256: BDC0A5EC3E918B3DA27C392E1B2F909B7BDAD319C43A4250689DD38C81FF876F

Monday 21 December 2015

Update: oledump.py Version 0.0.22

Filed under: maldoc,My Software,Update — Didier Stevens @ 16:27

Some changes when you use the –raw option. Now plugins can also be used when the VBA code is corrupted.

oledump_V0_0_22.zip (https)
MD5: CA91850BBC92E82D705F707704000F82
SHA256: 16763BCF15BFB3301FFAE0BDA26F18EE2946EDD7478994B798127DBBEF5FF9E7

Sunday 29 November 2015

Update: oledump.py Version 0.0.21

Filed under: My Software,Update — Didier Stevens @ 11:15

A small change in this new version: the second term of the cut-expression can also be a negative number now. A negative number allows you to cut bytes from the end of the file. Example: cut-expression :-0x100 select the whole stream except the last 256 bytes.

oledump_V0_0_21.zip (https)
MD5: F72CBB797CE8FB810ACE5E54DC832129
SHA256: 016C772575DF381C274F6408B242945DE35679904B7C8B1B693ABFB2B3C023FB

Saturday 28 November 2015

Update: virustotal-search.py Version 0.1.3

Filed under: My Software,Update — Didier Stevens @ 9:29

A small update: I added option -s (separator) so that you can choose your CSV separator.

virustotal-search_V0_1_3.zip (https)
MD5: 6D93F6CCE56AA74C830D66F9AE2E88C0
SHA256: 09D3BA6BCE1A69E8292AD0D44FB216FBCBF5686EA3C64DCD5FC877E91D4141F4

Sunday 22 November 2015

Update: emldump.py Version 0.0.5

Filed under: My Software,Update — Didier Stevens @ 0:00

A small change in this new version: the second term of the cut-expression can also be a negative number now. A negative number allows you to cut bytes from the end of the file. Example: cut-expression :-5 select the whole file except the last 5 bytes.

emldump_V0_0_5.zip (https)
MD5: 5FAEDF1459114306D57FEABEF3CDDEFD
SHA256: B3D08E1768E1211C44680DD502AC096A324FF209330657F4ABC0CD09B888254C

Saturday 21 November 2015

Update: nsrl.py Version 0.0.2

Filed under: My Software,Update — Didier Stevens @ 0:00

A small update to my nsrl.py program: the CSV output now includes the ApplicationType.

nsrl_V0_0_2.zip (https)
MD5: 816DD5BEF94D289F489399A95824083D
SHA256: 65C4AF8F139651942062EB78D820AD3BE5DBEE2C4331B3105BAE62B220CD4F44

Sunday 15 November 2015

Update: find-file-in-file.py Version 0.0.5

Filed under: My Software,Update — Didier Stevens @ 0:00

A very small change to find-file-in-file:

find-file-in-file.py contained containing
0x00000000 0x00000014 (50%) (End of containing file)
Remaining 20 (50%)

When the tool reaches the end of the containing file, a message is printed to signal this: (End of containing file)

And I also added option -r (regular): to handle a ZIP file as a regular file.

find-file-in-file_v0_0_5.zip (https)
MD5: 1463DBAB808BBE40AC7919BC9A77303D
SHA256: C269B1995B61F0EDE24E4E9C64D5DD64E79B5ED6DD2126E94AF52E15D90C427F

Saturday 14 November 2015

Update: cut-bytes.py Version 0.0.2

Filed under: My Software,Update — Didier Stevens @ 8:50

A small change in this new version: the second term of the cut-expression can also be a negative number now. A negative number allows you to cut bytes from the end of the file. Example: cut-expression :-5 select the whole file except the last 5 bytes.

 cut-bytes_V0_0_2.zip (https)
MD5: B70F851CE74859B38AC3ABA9688593EB
SHA256: 1A0BD64334DA90B21888020B383004A18C3BAEE211D24AA91FF12719F8581AE9

Friday 13 November 2015

Update: emldump.py Version 0.0.4

Filed under: My Software,Update — Didier Stevens @ 0:00

I’m adding the new -E option to my dump tools, this time it’s emldump’s turn. As announced with version 0.0.20 of oledump, option -E (extra) allows the user to specify which extra info needs to be displayed.

I’ve also made a video for oledump (the -E option is the same across my dump tools):

emldump_V0_0_4.zip (https)
MD5: 79DF66048849439E6034F082606A37A1
SHA256: B4AFDE89B6F3B025595A6FD1ACC5F60498BF900D18E624F134F618115DAC0E08

« Previous PageNext Page »

Blog at WordPress.com.