Contact DMCA Privacy

Robuta

https://blog.didierstevens.com/2021/01/28/update-xorselection-1sc-version-6-0/ Update: XORSelection.1sc Version 6.0 | Didier Stevens I released an update to my 010 Editor script XORSelection.1sc. 010 is a binary editor with a scripting engine. XORSelection.1sc is a script I wrote years ago,... didier stevensupdateversion https://blog.didierstevens.com/2018/01/01/new-tool-what-is-new/ New Tool: What Is New? | Didier Stevens new tooldidier stevens https://blog.didierstevens.com/2020/07/19/update-oledump-py-version-0-0-51/ Update: oledump.py Version 0.0.51 | Didier Stevens update oledump pyversion https://blog.didierstevens.com/2020/05/22/update-oledump-py-version-0-0-50/ Update: oledump.py Version 0.0.50 | Didier Stevens This new version brings updates to plugin plugin_biff.py. This plugin can now produce a CSV list of cell values and formulas (option -c) or a JSON file of... update oledump pyversion https://blog.didierstevens.com/2018/05/06/update-oledump-py-version-0-0-34/ Update: oledump.py Version 0.0.34 | Didier Stevens update oledump pyversion https://blog.didierstevens.com/2009/06/01/quickpost-sending-wifi-beacon-frames-with-an-airpcap-adapter/ Quickpost: Sending WiFi Beacon Frames with an AirPcap Adapter | Didier Stevens While preparing for my OSWP exam, I came across an unpublished Python program for the AirPcap adapter. I cleaned-it up a bit and here it is: apc-b This program... wifi beaconquickpostsending https://blog.didierstevens.com/2016/05/29/update-pecheck-py-version-0-5-1/ Update: pecheck.py Version 0.5.1 | Didier Stevens This version offers more info about the overlay: pecheck-v0_5_1.zip (https) MD5: F045A67AC1ECCF129030DFCE316383A9 SHA256:... update pecheck pyversion https://blog.didierstevens.com/2007/12/03/looking-for-n800-beta-testers-no-voyeurs-please/ Looking for N800 Beta Testers, No Voyeurs Please ;-) | Didier Stevens beta testersdidier stevens https://blog.didierstevens.com/2006/09/11/malicious-cryptography/ Malicious Cryptography | Didier Stevens Aditya Kapoor blogged on the McAfee Avert Labs Blog about a trojan using EFS to protect itself. To understand more of this, I did some tests during the... didier stevensmalicious https://blog.didierstevens.com/2018/06/12/update-pecheck-py-version-0-7-3/ Update: pecheck.py Version 0.7.3 | Didier Stevens update pecheck pyversion https://blog.didierstevens.com/2017/07/04/update-pecheck-py-version-0-7-0/ Update: pecheck.py Version 0.7.0 | Didier Stevens This new version of pecvheck.py adds an overview of sections. More details here. pecheck-v0_7_0.zip (https) MD5: 7BE550EC71BF99FC31704C2DD4ED3C8A SHA256:... update pecheck pyversion https://blog.didierstevens.com/2017/11/06/update-oledump-py-version-0-0-30/ Update: oledump.py Version 0.0.30 | Didier Stevens This new version of oledump.py detects and analyses orphaned streams. More info on orphaned streams can be found in this blogpost. oledump_V0_0_30.zip (https)... update oledump pyversion https://blog.didierstevens.com/2013/12/30/ultraedit-scripts/ UltraEdit Scripts | Didier Stevens didier stevensultraedit https://blog.didierstevens.com/2015/05/11/detecting-network-traffic-from-metasploits-meterpreter-reverse-http-module/ Detecting Network Traffic from Metasploit’s Meterpreter Reverse HTTP Module | Didier Stevens network trafficdetectinghttp https://blog.didierstevens.com/2020/03/15/pecheck-py-version-0-7-10/ pecheck.py Version 0.7.10 | Didier Stevens In this new version of pecheck.py, a tool to analyze PE files, overlay offset calculations are improved when a digital signature is present, and the output has... pecheck py versiondidier https://blog.didierstevens.com/2025/11/29/quickpost-cr1225-vs-cr1220/ Quickpost: CR1225 vs CR1220 | Didier Stevens I had to replace a button cell, a CR1225, but I only had a CR1220. So I just used that CR1220 in stead. This works, because a CR1220 and CR1225 differ in... didier stevensquickpostvs https://blog.didierstevens.com/2023/08/29/quickpost-analysis-of-pdf-activemime-polyglot-maldocs/ Quickpost: Analysis of PDF/ActiveMime Polyglot Maldocs | Didier Stevens didier stevensquickpostpdf https://blog.didierstevens.com/programs/ollystepnsearch/ OllyStepNSearch | Didier Stevens OllyStepNSearch v0.6.1 plugin 2006 Didier Stevens This plugin allows you to search for a given text when automatically stepping through the debugged program.... didier stevens https://blog.didierstevens.com/2018/10/25/analyzing-powerpoint-maldocs-with-oledump-plugin-plugin_ppt/ Analyzing PowerPoint Maldocs with oledump Plugin plugin_ppt | Didier Stevens didier stevensanalyzingplugin Sponsored https://chaturbate.com/ Chaturbate: Free Adult Webcams, Live Sex, Free Sex Chat, Exhibitionist and Pornstar Free Cams https://blog.didierstevens.com/2019/09/30/update-of-my-pdf-tools/ Update Of My PDF Tools | Didier Stevens This is an update of my PDF tools. There are a couple of bug fixes for pdf-parser and pdfid. And 2 new features in pdf-parser, inspired by a private training... tools didier stevensupdatepdf https://blog.didierstevens.com/programs/oledump-py/ oledump.py | Didier Stevens Here is a set of free YouTube videos showing how to use my tools: Workshop Malicious Documents. oledump.py is a program to analyze OLE files (Compound File... py didier stevensoledump https://blog.didierstevens.com/2018/05/08/update-base64dump-py-version-0-0-9/ Update: base64dump.py Version 0.0.9 | Didier Stevens py versiondidier stevens Sponsored https://joi.com/ NSFW Character AI Chat – AI Girlfriend Chat Without Limits | JOI Spicy Explore AI chat models on JOI AI with virtual characters and digital celebrities. Chat, interact, and customize AI companions for immersive experiences. https://blog.didierstevens.com/2018/02/19/update-oledump-py-version-0-0-33/ Update: oledump.py Version 0.0.33 | Didier Stevens This new version of oledump can output the content of all streams in JSON format, and has a new plugin for MSI files: plugin_msi.py. oledump_V0_0_33.zip... update oledump pyversion https://blog.didierstevens.com/2017/12/11/new-tool-hash-py/ New Tool: hash.py | Didier Stevens py didier stevensnew toolhash https://blog.didierstevens.com/2023/01/22/new-tool-onedump-py/ New Tool: onedump.py | Didier Stevens This is a new tool (based on my Python template for binary files) to analyze OneNote files. This version is limited to handling embedded files (for the... py didier stevensnew tool https://blog.didierstevens.com/2020/12/19/update-strings-py-version-0-0-6/ Update: strings.py Version 0.0.6 | Didier Stevens This new update to strings.py, my tool to extract strings, brings statistics with a new option: -a. This option can be used together with other filtering... py versiondidier stevens https://blog.didierstevens.com/2013/12/23/update-prefetch-file-010-template/ Update: Prefetch File 010 Template | Didier Stevens This update to my Prefetch File 010 Template adds Sections A through D. PFTemplate_V0_0_2.zip (https) MD5: 56A98A78BD4E8D1AED88385AF1DD8446 SHA256:... didier stevensupdateprefetch https://blog.didierstevens.com/2015/08/13/update-pdf-parser-0-6-4/ Update: pdf-parser Version 0.6.4 | Didier Stevens In this new version of pdf-parser, option -H will now also calculate the MD5 hashes of the unfiltered and filtered stream of selected objects, and also dump... update pdf parserversion Sponsored https://darlink.ai/ DarLink AI: Free AI Girlfriend Generator | Chat, Photos & Video Create your ideal AI Girlfriend with DarLink AI. Customize her look and personality, chat naturally, and enjoy personalized photos, videos, and voice for a... https://blog.didierstevens.com/2010/09/13/runinsidelimitedjob/ RunInsideLimitedJob | Didier Stevens didier stevens https://blog.didierstevens.com/2022/05/26/update-pecheck-py-version-0-7-15/ Update: pecheck.py Version 0.7.15 | Didier Stevens This new version of pecheck.py, my tool to analyze PE files, brings some extra information on overlays: pecheck-v0_7_15.zip (http)MD5:... update pecheck pyversion https://blog.didierstevens.com/2019/02/28/update-pdf-parser-py-version-0-7-0/ Update: pdf-parser.py Version 0.7.0 | Didier Stevens This new version of pdf-parser brings support for analysis of stream objects (/ObjStm). Use new option -O to enable this mode. Stream objects (/ObjStm) are... update pdf parserpy version https://blog.didierstevens.com/2011/04/06/lockifnothot/ LockIfNotHot | Didier Stevens When Phidget came out with this new IR temperature sensor, a lightbulb went off. This sensor measures temperature without contact. Point it to the chair in... didier stevens https://blog.didierstevens.com/2018/06/22/update-jpegdump-py-version-0-0-6/ Update: jpegdump.py Version 0.0.6 | Didier Stevens A small update to indicate a file was decompressed: jpegdump_V0_0_6.zip (https) MD5: 14FFB9016A9181DB3A59370B2E0DAFF2 SHA256:... jpegdump pydidier stevens Sponsored https://www.instabang.com/ Instabang OFFICIAL - Free Adult Dating & Personals. Find an insta bang! https://blog.didierstevens.com/2008/06/ June | 2008 | Didier Stevens 7 posts published by Didier Stevens during June 2008 didier stevensjune https://blog.didierstevens.com/2016/03/29/decoding-vbe/ Decoding VBE | Didier Stevens I wrote a Python program to decode encoded VBS scripts (VBE). decode-vbe_V0_0_1.zip (https) MD5: 87E61217BC77275DBACEA77B8EDF12B5 SHA256:... didier stevensdecodingvbe https://blog.didierstevens.com/2009/07/22/the-ultimate-disaster-recovery-plan/ The Ultimate Disaster Recovery Plan | Didier Stevens disaster recovery plandidier https://blog.didierstevens.com/2010/08/08/quickpost-2-lnk-tools/ Quickpost: 2 .LNK Tools | Didier Stevens tools didier stevensquickpost https://blog.didierstevens.com/2021/05/25/update-base64dump-py-version-0-0-14/ Update: base64dump.py Version 0.0.14 | Didier Stevens This new version of base64dump.py supports a new encoding: NETBIOS Name encoding. NETBIOS Name encoding is very similar to hexadecimal encoding: in stead of... py versiondidier stevens https://blog.didierstevens.com/2009/03/31/pdfid/ PDFiD | Didier Stevens didier stevenspdfid https://blog.didierstevens.com/programs/filescanner/ FileScanner | Didier Stevens FileScanner is a command-line Windows program that I use to scan disks, folders and files. It provides information about files and, when present, their... didier stevensfilescanner Sponsored https://www.blackedraw.com/ BLACKED RAW: Unfiltered Encounters with Powerful Men in 4K https://blog.didierstevens.com/2012/07/19/userassist-windows-2000-thru-windows-8/ UserAssist Windows 2000 Thru Windows 8 | Didier Stevens I finally took the time to merge UserAssist version 2.4.3 and UserAssist version 2.5.0 (Windows 7) into UserAssist version 2.6.0. Thus version 2.6.0 supports... didier stevensuserassistthru https://blog.didierstevens.com/2019/03/25/update-pecheck-py-version-0-7-6/ Update: pecheck.py Version 0.7.6 | Didier Stevens update pecheck pyversion https://blog.didierstevens.com/ Didier Stevens | (blog 'DidierStevens) (blog 'DidierStevens) didier stevensblog Sponsored https://www.liveprivates.com/ Free Live Sex Shows on LivePrivates.com Free Live Sex Shows on Real Sex Webcams. Enjoy the freedom of exciting, one-on-one and anonymous live cam sex chat. Absolute privacy guaranteed. https://blog.didierstevens.com/2015/04/16/pdf-parser-a-method-to-manipulate-pdfs-part-1/ pdf-parser: A Method To Manipulate PDFs Part 1 | Didier Stevens I provide 2 days of Hacking PDF training at HITB Amsterdam. This is one of the methods I teach. Sometimes when I analyze PDF documents (benign or malicious), I... pdf parsermethodmanipulate https://blog.didierstevens.com/2017/12/19/new-tool-format-bytes-py/ New Tool: format-bytes.py | Didier Stevens I regularly copy bytes from my command-line tool over to 010 Editor to have this data represented by the Inspector using different formats, like this:... format bytes pynew tooldidier https://blog.didierstevens.com/2009/04/21/pdfid-on-virustotal/ PDFiD On VirusTotal | Didier Stevens didier stevenspdfidvirustotal https://blog.didierstevens.com/2016/08/29/update-rtfdump-version-0-0-4/ Update: rtfdump Version 0.0.4 | Didier Stevens didier stevensupdateversion https://blog.didierstevens.com/2014/09/03/introducing-filescanner-exe/ Introducing Filescanner.exe | Didier Stevens Filescanner is a tool I started to develop almost 2 years ago. Back then, I needed a stand-alone, single executable tool that would allow me to search for... exe didier stevensintroducing https://blog.didierstevens.com/2009/05/14/malformed-pdf-documents/ Malformed PDF Documents | Didier Stevens pdf documents didiermalformed https://blog.didierstevens.com/2009/03/02/quickpost-jbig2decode-essentials/ Quickpost: /JBIG2Decode Essentials | Didier Stevens didier stevensquickpost https://blog.didierstevens.com/2015/02/02/airpcap-channel-hopping-with-python/ AirPcap Channel Hopping With Python | Didier Stevens channel hoppingdidier stevens https://blog.didierstevens.com/category/update/ Update | Didier Stevens Posts about Update written by Didier Stevens update didier stevens https://blog.didierstevens.com/2010/03/01/quickpost-networkmashup-xls/ Quickpost: NetworkMashup.xls | Didier Stevens NetworkMashup.xls is a spreadsheet with VBA macros I scraped from the Internet to execute pings and name/address resolution from within Excel with WIN32 API... xls didier stevensquickpost https://blog.didierstevens.com/2018/01/29/new-tool-jpegdump-py/ New Tool: jpegdump.py | Didier Stevens py didier stevensnew tool https://blog.didierstevens.com/2012/05/01/update-taskmanager-xls-v0-1-3-killer-shellcode/ Update: TaskManager.xls V0.1.3 Killer Shellcode | Didier Stevens shellcode didier stevensxls https://blog.didierstevens.com/programs/xorsearch/ XORSearch & XORStrings | Didier Stevens XORSearch XORSearch is a program to search for a given string in an XOR, ROL, ROT or SHIFT encoded binary file. An XOR encoded binary file is a file where some... didier stevensamp https://blog.didierstevens.com/2016/09/19/update-translate-py-version-2-3-1/ Update: translate.py Version 2.3.1 | Didier Stevens I needed to decompress the content of a Flash file (.swf). I thought of using my translate.py program with a command to inflate (zlib) the content (minus the... update translate pyversion https://blog.didierstevens.com/2017/04/20/malicious-documents-the-matryoshka-edition/ Malicious Documents: The Matryoshka Edition | Didier Stevens didier stevensmalicious Sponsored https://www.fanvue.com/sofia_storme Sofia Storme - Fanvue Hey, newest on here. Just landing on here and I'm already so excited. I can't wait to show you everything I've been hiding... https://blog.didierstevens.com/2022/06/20/another-exercise-in-encoding-reversing/ Another Exercise In Encoding Reversing | Didier Stevens I also recorded a video for this blog post. In this blog post, I will show how to decode a payload encoded in a variation of hexadecimal encoding, by... didier stevensanotherexercise https://blog.didierstevens.com/2010/08/18/quickpost-2/ Quickpost: .LNK Template Update | Didier Stevens I updated my .LNK template with info I got from comments from WndSks and Forrest Gump. This new version identifies well-known Shell GUIDs: Quickpost info update didier stevenslnk https://blog.didierstevens.com/2009/07/01/embedding-and-hiding-files-in-pdf-documents/ Embedding and Hiding Files in PDF Documents | Didier Stevens My corrupted PDF quip inspired me to program another steganography trick: embed a file in a PDF document and corrupt the reference, thereby effectively making... pdf documents didierembedding https://blog.didierstevens.com/2019/06/10/update-sets-py-version-0-0-3/ Update: sets.py Version 0.0.3 | Didier Stevens sets.py is a program to perform set operations. In this new version, I added operations unique, product, substitute and sort. And I added options -s and -i.... update setspy versiondidier https://blog.didierstevens.com/2011/10/27/using-dllcharacteristics-force_integrity-flag/ Using DLLCHARACTERISTICS’ FORCE_INTEGRITY Flag | Didier Stevens didier stevensusingforceflag https://blog.didierstevens.com/2019/11/09/update-format-bytes-py-version-0-0-10/ Update: format-bytes.py Version 0.0.10 | Didier Stevens This new version of format-bytes.py, a tool to parse binary data, comes with support for bit streams. This can help, for example, with decoding steganographic... format bytes pydidier stevens https://blog.didierstevens.com/2018/12/19/updateoledump-py-version-0-0-40/ Update:oledump.py Version 0.0.40 | Didier Stevens update oledump pyversion https://blog.didierstevens.com/programs/userassist/ UserAssist | Didier Stevens The UserAssist utility displays a table of programs executed on a Windows machine, complete with running count and last execution date and time. Windows... didier stevensuserassist https://blog.didierstevens.com/2010/02/04/cmd-dll/ cmd.dll | Didier Stevens didier stevenscmddll https://blog.didierstevens.com/2018/01/30/update-translate-py-version-2-5-2/ Update: translate.py Version 2.5.2 | Didier Stevens Yesterday I had to analyze a malicious document, carrying embedded PowerShell scripts with Gzip compression. I use translate.py to do the Gzib decompression as... update translate pyversion https://blog.didierstevens.com/2022/07/24/update-re-search-py-version-0-0-21/ Update: re-search.py Version 0.0.21 | Didier Stevens This new version of re-search.py adds a regex for UNCs to the library and has a Python 3 fix. re-search_V0_0_21.zip (http)MD5:... py versiondidier stevens https://didierstevens.com/ Didier Stevens didier stevens https://blog.didierstevens.com/2008/04/09/quickpost-about-the-physical-and-logical-structure-of-pdf-files/ Quickpost: About the Physical and Logical Structure of PDF Files | Didier Stevens pdf filesquickpostphysical https://blog.didierstevens.com/2015/08/28/test-file-pdf-with-embedded-doc-dropping-eicar/ Test File: PDF With Embedded DOC Dropping EICAR | Didier Stevens Over at the SANS ISC diary I wrote a diary entry on the analysis of a PDF file that contains a malicious DOC file. For testing purposes, I created a PDF file... file pdfdidier stevenstestdoc https://blog.didierstevens.com/2015/12/22/mime-file-with-header/ MIME File With “Header” | Didier Stevens didier stevensmimefileheader https://blog.didierstevens.com/2020/08/30/update-oledump-py-0-0-53/ Update: oledump.py 0.0.53 | Didier Stevens update oledump pydidier https://blog.didierstevens.com/2008/04/29/pdf-let-me-count-the-ways/ PDF, Let Me Count the Ways… | Didier Stevens In this post, I show how basic features of the PDF language can be used to generate polymorphic variants of (malicious) PDF documents. If you code a PDF... didier stevenspdfletcountways https://blog.didierstevens.com/2019/10/27/update-pecheck-py-version-0-7-8/ Update: pecheck.py Version 0.7.8 | Didier Stevens This new version of pecheck.py, a tool to analyze PE files, comes with a small update to option -l. The overview of embedded PE files produced with option -l P... update pecheck pyversion https://blog.didierstevens.com/2020/06/16/falsepositive-github-repository/ FalsePositive GitHub Repository | Didier Stevens github repositorydidier https://blog.didierstevens.com/2011/02/03/taskmanager-xls/ TaskManager.xls | Didier Stevens TaskManager.xls is a simple taskmanager implemented in Excel/VBA. It can list the running processes; and terminate, suspend or resume selected processes. I... xls didier stevenstaskmanager https://blog.didierstevens.com/programs/virustotal-tools/ VirusTotal Tools | Didier Stevens virustotal-search.py is a Python program to search VirusTotal for hashes. virustotal-submit.py is a Python program to submit files to VirusTotal. To get these... tools didier stevens Sponsored https://www.secrets.ai/ Secrets AI - #1 Realistic AI Girlfriend Website for Chatting Chat 24/7 with realistic AI Girlfriend and enjoy 100+ Fantasies. Secrets AI is the best AI girlfriend website for mutual fun & personal AI companion bonding.... https://blog.didierstevens.com/2017/03/05/update-re-search-py-version-0-0-3/ Update: re-search.py Version 0.0.3 | Didier Stevens A very small update to re-search.py: I added a regular expression for strings to the library: re-search_V0_0_3.zip (https) MD5:... py versiondidier stevens https://blog.didierstevens.com/2019/12/25/zoneidentifier-exe/ zoneidentifier.exe | Didier Stevens I regularly want to test the behavior of applications opening files downloaded from the Internet. On Windows, files downloaded from the Internet (with Internet... exe didier stevens https://blog.didierstevens.com/2013/02/25/looking-up-hosts-and-ip-addresses-yet-another-tool/ Looking Up Hosts and IP Addresses: Yet Another Tool | Didier Stevens One last thing regarding my TeamViewer research: I had to resolve a bunch of hostnames and IP addresses, so I quickly wrote a Python program that did just... ip addressesyet anotherhosts https://blog.didierstevens.com/2016/03/11/update-oledump-py-version-0-0-23/ Update: oledump.py Version 0.0.23 | Didier Stevens I’m providing a 2-day training at Brucon Spring Training 2016: “Analysing Malicious Documents“. Use promo-code SPRING16 for a 10% discount. This new... update oledump pyversion https://blog.didierstevens.com/2018/07/09/jsonoutput/ –jsonoutput | Didier Stevens didier stevens https://blog.didierstevens.com/2012/02/27/teensy-pdf-dropper-part-2/ Teensy PDF Dropper Part 2 | Didier Stevens Last year I showed how to use a Teensy micro-controller to drop a PDF file with embedded executable. But I was limited to a file of a few kilobytes, because of... didier stevensteensypdfpart https://blog.didierstevens.com/2017/05/13/update-re_search-py-version-0-0-5/ Update: re_search.py Version 0.0.5 | Didier Stevens When I used my re-search.py tool to extract Bitcoin addresses from the latest WCry samples, I found a small bug. This version is a bugfix (bug introduced in... py versiondidier stevens https://blog.didierstevens.com/2022/12/31/combining-zipdump-file-magic-and-myjson-filter/ Combining zipdump, file-magic And myjson-filter | Didier Stevens In this blog post, I show how you can combine my tools zipdump.py, file-magic.py and myjson-filter.py to select and analyze files of a particular type. I start... file magicdidier stevens https://blog.didierstevens.com/programs/shellcode/ Shellcode | Didier Stevens This section gives an overview of my shellcode. Most shellcode is completely coded by hand by me (I use the free nasm assembler), but some shellcode has also... shellcode didier stevens https://blog.didierstevens.com/2007/03/26/playing-with-safe-mode/ Playing with Safe Mode | Didier Stevens Safe Mode has been on my mind lately, now that I discovered that the SafeBoot registry keys simply reference devices, services and drivers that have to be... safe modedidier stevens https://blog.didierstevens.com/2011/10/19/loaddllviaappinit-64-bit/ LoadDLLViaAppInit 64-bit | Didier Stevens didier stevensbit https://blog.didierstevens.com/2020/01/26/update-format-bytes-py-version-0-0-11/ Update: format-bytes.py Version 0.0.11 | Didier Stevens As announced in my previous blog post, this new version of format-bytes.py adds a pack expression (#p#) and other features and (Python 3) bug fixes. A pack... format bytes pydidier stevens https://blog.didierstevens.com/2018/07/01/update-re-search-py-version-0-0-11/ Update: re-search.py Version 0.0.11 | Didier Stevens This new version of re-search.py comes with a new option: -e. This option instructs re-search to read its input as a binary file and extract strings from it,... py versiondidier stevens https://blog.didierstevens.com/2016/08/08/howto-createcertgui-create-your-own-certificate-on-windows-openssl-library/ Howto CreateCertGUI: Create Your Own Certificate On Windows (OpenSSL Library) | Didier Stevens I created a program with a graphical user interface to create a simple certificate. This program uses the OpenSSL library. Extract the program from the zip... windows opensslhowtocreate https://blog.didierstevens.com/2017/03/07/update-oledump-py-version-0-0-27/ Update: oledump.py Version 0.0.27 | Didier Stevens This new version of oledump.py adds some extra features for YARA rule scanning. oledump.py declares 2 external variables that can be used in your YARA rules.... update oledump pyversion https://blog.didierstevens.com/2016/12/12/updateoledump-py-version-0-0-26/ Update: oledump.py Version 0.0.26 | Didier Stevens Just a small change in this version: an indicator (O) for streams containing OLE 1.0 embedded data: And plugin_http_heuristics also detects XOR-encoding... update oledump pyversion https://blog.didierstevens.com/2017/07/18/iso-files-with-zone-identifier/ .ISO Files With Zone.Identifier | Didier Stevens didier stevensisofileszone https://blog.didierstevens.com/category/quickpost/ Quickpost | Didier Stevens Posts about Quickpost written by Didier Stevens didier stevensquickpost https://blog.didierstevens.com/2006/11/06/challenger/ Challenger | Didier Stevens Challenger is a small program I’ve used in reverse-engineering challenges (without success ;-)). It performs dictionary and brute-force attacks on the... didier stevenschallenger https://blog.didierstevens.com/programs/pdf-tools/ PDF Tools | Didier Stevens Here is a set of free YouTube videos showing how to use my tools: Malicious PDF Analysis Workshop. pdf-parser.py This tool will parse a PDF document to... tools didier stevenspdf https://blog.didierstevens.com/2014/04/28/tcp-flags-for-wireshark/ TCP Flags for Wireshark | Didier Stevens didier stevenstcpflags