When I record maldoc analysis videos, I have already analyzed the maldoc prior to recording, and I rehearse the recording.
This time, I also recorded the unrehearsed analysis: when I take the first look at a maldoc I’ve not seen before.
All in this video:
This is an update to plugin plugin_vba_dco.py, improving generalization and adding option -p.
You can watch this maldoc analysis video to learn how to use the generalization feature of this plugin:
I did record 8 videos explaining the different commands of my dnsresolver.py tool.
This is a tool that can serve files, facilitate exfiltration, do tracking, answer wildcard requests, do rcode testing and also simple resolving.
I have a YouTube playlist with all 8 videos: dnsresolver playlist.
This is a new tool (beta) to analyze ISO files. I made this for a webinar I presented: a demo on how to use my templates to create your own tools.
isodump.py is in my Github beta repository.
The complete webinar is here, if you want to jump directly to the demo where I explain how to make a tool like isodump.py, go here.
In this video, I show how to analyze a .doc malicious document using CyberChef only. This is possible, because the payload is a very long string that can be extracted without having to parse the structure of the .doc file with a tool like oledump.py.
I pasted the recipe on pastebin here.
I created a video where I use my updated numbers-to-string.py tool to analyze a maldoc created with FireEye’s red team tool.
When I had issues with my portapack, it took me some time to remark that these issues only happened with a particular USB cable.
The SDR would work fine, and then when I would try to record or playback, the screen would turn dark.
You can see this in the following video:
What is happening, is that this particular USB cable is electrically defective: the voltage drop is too large, due to the abnormally high resistance of the cable. The portapack doesn’t receive enough power, and starts to malfunction.
In the following 2 videos, I perform various tests with that defective cable:
Videos on my video blog (with some info on the devices I used):
In this video, I use GNU Radio Companion (without SDR) to illustrate the acoustic beat phenomenon.
I mention a 400Hz dial tone in this video, but this will vary by country.
Didier Stevens 