This new version of base64dump adds decoding of netbios name encoding with lowercase letters.
base64dump_V0_0_21.zip (http)MD5: 5701B6D9691E366ED5E2EE6D06689012
SHA256: BE939E0225C83319A31A096DA29C1CA9D3C575DCCE9C1795814B335BD0871E92
This new version of base64dump adds decoding of netbios name encoding with lowercase letters.
base64dump_V0_0_21.zip (http)This new version of oledump.py brings support for user defined properties and an update to plugin plugin_msg_summary.py
Office documents with VSTO applications have user defined properties. These properties can be extracted with my plugin plugin_medata.py, but not with the current version of olefile.
However, the development version of olefile can be used to extract these properties. This new version of oledump checks if the olefile module has a function to extract user defined properties (get_userdefined_properties), and if it does, it calls it when analyzing metadata:


I added URL extracting to my plugin plugin_msg_summary, a plugin to summarize the content of an .msg file (Outlook email).

This is just a bugfix version.
zipdump_v0_0_22.zip (http)In this update for cs-parse-traffic.py, my tool to decrypt & parse Cobalt Strike traffic, I added some error handling.
cs-parse-traffic_V0_0_5.zip (http)This new version of oledump.py brings some fixes and an update to plugin plugin_vbaproject to decode and display the password for plaintext passwords:



Someone asked me what the byte sequence is for an infinite loop in x86 machine code (it’s something you could use while debugging, for example).
That byte sequence is just 2 bytes long: EB FE.
It’s something you can check with nasm, for example.
File jump-infinite-loop.asm:
BITS 32
loop1:
jmp loop1
loop2:
jmp short loop2
jmp $
jmp short $
jmp short -2
nasm jump-infinite-loop.asm -l jump-infinite-loop.lst
File jump-infinite-loop.lst:
1 BITS 32
2
3 loop1:
4 00000000 EBFE jmp loop1
5 loop2:
6 00000002 EBFE jmp short loop2
7 00000004 EBFE jmp $
8 00000006 EBFE jmp short $
9 00000008 EB(FE) jmp short -2
This new version of oledump.py brings a new plugin (plugin_metadata) and Python 3 fixes for 2 plugins (plugin_msi and plugin_ppt).
The new plugin is actually an old unpublished plugin, that I updated recently.
This plugin parses Office document metadata as defined in document [MS-OLEPS].
I started to write this in 2015 to parse the metadata of Word documents, but soon I figured out that this functionality was already present in olefile, and I introduced option -M to call this functionality.
But recently, I had to parse metadata that isn’t (yet) parsed by olefile, so I updated and released plugin_metadata.
oledump_V0_0_65.zip (http)This is a Python3 stdin fix for re-search.py, my tool to search with regular expressions.
re-search_V0_0_19.zip (http)Here is a new tool I’m releasing as beta: pngdump.py.
It’s a tool to analyze PNG files. Unlike jpegdump, you can not yet select items for further analysis.
