Didier Stevens

Saturday 10 September 2022

Maldoc Analysis Video – Rehearsed & Unrehearsed

Filed under: maldoc,Malware,My Software,video — Didier Stevens @ 21:41

When I record maldoc analysis videos, I have already analyzed the maldoc prior to recording, and I rehearse the recording.

This time, I also recorded the unrehearsed analysis: when I take the first look at a maldoc I’ve not seen before.

All in this video:

Sunday 4 September 2022

Update: oledump.py Version 0.0.70

Filed under: maldoc,My Software,Update,video — Didier Stevens @ 15:38

This is an update to plugin plugin_vba_dco.py, improving generalization and adding option -p.

You can watch this maldoc analysis video to learn how to use the generalization feature of this plugin:

oledump_V0_0_70.zip (http)
MD5: D6EC4FD6B7BE60E01A98922BC06A1E8F
SHA256: E9EE79501A08E896A601F1AFDDB6D3C05D9A2A1FD5899D44AC422DD79E4EF678

Thursday 19 August 2021

My YouTube Playlists

Filed under: video — Didier Stevens @ 0:00

I started to create YouTube playlists for my videos.

Wednesday 11 August 2021

dnsresolver.py: Videos For Each Command

Filed under: My Software,Networking,video — Didier Stevens @ 0:00

I did record 8 videos explaining the different commands of my dnsresolver.py tool.

This is a tool that can serve files, facilitate exfiltration, do tracking, answer wildcard requests, do rcode testing and also simple resolving.

I have a YouTube playlist with all 8 videos: dnsresolver playlist.

Sunday 25 April 2021


Filed under: My Software,video — Didier Stevens @ 10:13

This is a new tool (beta) to analyze ISO files. I made this for a webinar I presented: a demo on how to use my templates to create your own tools.

isodump.py is in my Github beta repository.

The complete webinar is here, if you want to jump directly to the demo where I explain how to make a tool like isodump.py, go here.

Tuesday 19 January 2021

Video: Maldoc Analysis With CyberChef

Filed under: maldoc,Malware,video — Didier Stevens @ 0:00

In this video, I show how to analyze a .doc malicious document using CyberChef only. This is possible, because the payload is a very long string that can be extracted without having to parse the structure of the .doc file with a tool like oledump.py.

I pasted the recipe on pastebin here.

Thursday 24 December 2020

Video: Using numbers-to-string.py To Analyze FireEye Maldocs

Filed under: My Software,video — Didier Stevens @ 0:00

I created a video where I use my updated numbers-to-string.py tool to analyze a maldoc created with FireEye’s red team tool.

Sunday 2 August 2020

Videos: Defective USB Cable

Filed under: Hardware,video — Didier Stevens @ 0:00

When I had issues with my portapack, it took me some time to remark that these issues only happened with a particular USB cable.

The SDR would work fine, and then when I would try to record or playback, the screen would turn dark.

You can see this in the following video:

What is happening, is that this particular USB cable is electrically defective: the voltage drop is too large, due to the abnormally high resistance of the cable. The portapack doesn’t receive enough power, and starts to malfunction.

In the following 2 videos, I perform various tests with that defective cable:

Videos on my video blog (with some info on the devices I used):

Saturday 4 April 2020

Video: GNU Radio Companion: Acoustic Beats

Filed under: technology,video — Didier Stevens @ 13:39

In this video, I use GNU Radio Companion (without SDR) to illustrate the acoustic beat phenomenon.

I mention a 400Hz dial tone in this video, but this will vary by country.

Blog at WordPress.com.