Welcome to our

Cyber Security News Aggregator

.

Cyber Tzar

provide a

cyber security risk management

platform; including automated penetration tests and risk assesments culminating in a "cyber risk score" out of 1,000, just like a credit score.
Navigation
Return to Planet "Home"
Ordered/grouped:
Filter applied:
Current page:
Go to "Navigation Help" (page end)
Articles in this collection: 392

Feed: Didier Stevens

Articles recieved 26/05/2022
Article: Update: pecheck.py Version 0.7.15 - published almost 4 years ago.
Content: This new version of pecheck.py, my tool to analyze PE files, brings some extra information on overlays: pecheck-v0_7_15.zip (http)MD5: 8D85E40E4770D9F29C08CBE3D7BE57F0SHA256: 596848BC8BD03936604212E4CBE9545A03EE629BE6125D08A4E28068F1952961 ...
https://blog.didierstevens.com/2022/05/26/update-pecheck-py-version-0-7-15/ 
🔥🔥
 
Published: 2022 05 26 08:26:45
Received: 2022 05 26 08:45:30
Feed: Didier Stevens
Source: Didier Stevens
Category: Cyber Security
Topic: Cyber Security
08:45 Update: pecheck.py Version 0.7.15
🔥🔥
Articles recieved 15/05/2022
Article: Update: base64dump.py Version 0.0.21 - published almost 4 years ago.
Content: This new version of base64dump adds decoding of netbios name encoding with lowercase letters. base64dump_V0_0_21.zip (http)MD5: 5701B6D9691E366ED5E2EE6D06689012SHA256: BE939E0225C83319A31A096DA29C1CA9D3C575DCCE9C1795814B335BD0871E92 ...
https://blog.didierstevens.com/2022/05/15/update-base64dump-py-version-0-0-21/ 
🔥🔥
 
Published: 2022 05 15 18:37:12
Received: 2022 05 15 18:46:00
Feed: Didier Stevens
Source: Didier Stevens
Category: Cyber Security
Topic: Cyber Security
18:46 Update: base64dump.py Version 0.0.21
🔥🔥
Articles recieved 14/05/2022
Article: Update: oledump.py Version 0.0.67 - published almost 4 years ago.
Content: This new version of oledump.py brings support for user defined properties and an update to plugin plugin_msg_summary.py Office documents with VSTO applications have user defined properties. These properties can be extracted with my plugin plugin_medata.py, but not with the current version of olefile.However, the development version of olefile can be used...
https://blog.didierstevens.com/2022/05/14/update-oledump-py-version-0-0-67/ 
🔥🔥
 
Published: 2022 05 14 10:12:03
Received: 2022 05 14 10:26:12
Feed: Didier Stevens
Source: Didier Stevens
Category: Cyber Security
Topic: Cyber Security
10:26 Update: oledump.py Version 0.0.67
🔥🔥
Articles recieved 13/05/2022
Article: Update: zipdump.py Version 0.0.22 - published almost 4 years ago.
Content: This is just a bugfix version. zipdump_v0_0_22.zip (http)MD5: 68F9F3809E4E1F9ADE4A4C3835CDF475SHA256: 92ED372579001C826D5AF31615B8334CC798FF2DA4AF8B7C46267BF7D995C757 ...
https://blog.didierstevens.com/2022/05/13/update-zipdump-py-version-0-0-22/ 
🔥🔥
 
Published: 2022 05 13 06:44:08
Received: 2022 05 13 06:45:56
Feed: Didier Stevens
Source: Didier Stevens
Category: Cyber Security
Topic: Cyber Security
06:45 Update: zipdump.py Version 0.0.22
🔥🔥
Articles recieved 08/05/2022
Article: Update: cs-parse-traffic.py Version 0.0.5 - published almost 4 years ago.
Content: In this update for cs-parse-traffic.py, my tool to decrypt & parse Cobalt Strike traffic, I added some error handling. cs-parse-traffic_V0_0_5.zip (http)MD5: CFF6D97E816B23065F051D91B0F101A6SHA256: 69763EB4D3A163824B417A0E23131B318F5E97198F255ECE449A65D4360C6302 ...
https://blog.didierstevens.com/2022/05/08/update-cs-parse-traffic-py-version-0-0-5/ 
🔥🔥
 
Published: 2022 05 08 08:52:31
Received: 2022 05 08 09:06:12
Feed: Didier Stevens
Source: Didier Stevens
Category: Cyber Security
Topic: Cyber Security
09:06 Update: cs-parse-traffic.py Version 0.0.5
🔥🔥
Articles recieved 05/05/2022
Article: Update: oledump.py Version 0.0.66 - published almost 4 years ago.
Content: This new version of oledump.py brings some fixes and an update to plugin plugin_vbaproject to decode and display the password for plaintext passwords: oledump_V0_0_66.zip (http)MD5: 20D89F0477ED7B533C2B0C6D27EC4255SHA256: F67051EF2FA3FD42206C5ADFAC807C94ECD5F7F0F6427433B366217F675D3195 ...
https://blog.didierstevens.com/2022/05/05/update-oledump-py-version-0-0-66/ 
🔥🔥
 
Published: 2022 05 05 16:56:21
Received: 2022 05 05 17:06:18
Feed: Didier Stevens
Source: Didier Stevens
Category: Cyber Security
Topic: Cyber Security
17:06 Update: oledump.py Version 0.0.66
🔥🔥
Articles recieved 01/05/2022
Article: Overview of Content Published in April - published almost 4 years ago.
Content: Here is an overview of content I published in April: Blog posts: Power Consumption Of A Philips Hue lamp In Off State .ISO Files With Office Maldocs & Protected View in Office 2019 and 2021 New Tool: myjson-filter.py Update: cut-bytes.py Version 0.0.14 Update: 1768.py Version 0.0.13 New Tool: pngdump.py (Beta) Update: re-search.py Version 0.0.19 Upda...
https://blog.didierstevens.com/2022/05/01/overview-of-content-published-in-april-7/ 
🔥🔥
 
Published: 2022 05 01 10:16:01
Received: 2022 05 01 10:25:33
Feed: Didier Stevens
Source: Didier Stevens
Category: Cyber Security
Topic: Cyber Security
10:25 Overview of Content Published in April
🔥🔥
Articles recieved 30/04/2022
Article: Quickpost: Machine Code Infinite Loop - published almost 4 years ago.
Content: Someone asked me what the byte sequence is for an infinite loop in x86 machine code (it’s something you could use while debugging, for example). That byte sequence is just 2 bytes long: EB FE. It’s something you can check with nasm, for example. File jump-infinite-loop.asm: BITS 32 loop1: jmp loop1 loop2: jmp short loop2 jmp $ j...
https://blog.didierstevens.com/2022/04/30/quickpost-machine-code-infinite-loop/ 
🔥🔥
 
Published: 2022 04 30 08:04:25
Received: 2022 04 30 08:05:57
Feed: Didier Stevens
Source: Didier Stevens
Category: Cyber Security
Topic: Cyber Security
08:05 Quickpost: Machine Code Infinite Loop
🔥🔥
Articles recieved 29/04/2022
Article: Update: oledump.py Version 0.0.65 - published almost 4 years ago.
Content: This new version of oledump.py brings a new plugin (plugin_metadata) and Python 3 fixes for 2 plugins (plugin_msi and plugin_ppt). The new plugin is actually an old unpublished plugin, that I updated recently. This plugin parses Office document metadata as defined in document [MS-OLEPS]. I started to write this in 2015 to parse the metadata of Word...
https://blog.didierstevens.com/2022/04/29/update-oledump-py-version-0-0-65/ 
🔥🔥
 
Published: 2022 04 29 09:05:55
Received: 2022 04 29 09:06:02
Feed: Didier Stevens
Source: Didier Stevens
Category: Cyber Security
Topic: Cyber Security
09:06 Update: oledump.py Version 0.0.65
🔥🔥
Articles recieved 23/04/2022
Article: Update: re-search.py Version 0.0.19 - published almost 4 years ago.
Content: This is a Python3 stdin fix for re-search.py, my tool to search with regular expressions. re-search_V0_0_19.zip (http)MD5: 4007A3E5540871221B55591B50E2239BSHA256: 263236ABE75B93F1F999474D690A9EB2575EBE42CED8F369FF98B349A5116D11 ...
https://blog.didierstevens.com/2022/04/23/update-re-search-py-version-0-0-19/ 
🔥🔥
 
Published: 2022 04 23 08:47:00
Received: 2022 04 23 09:06:11
Feed: Didier Stevens
Source: Didier Stevens
Category: Cyber Security
Topic: Cyber Security
09:06 Update: re-search.py Version 0.0.19
🔥🔥
Articles recieved 18/04/2022
Article: New Tool: pngdump.py (Beta) - published almost 4 years ago.
Content: Here is a new tool I’m releasing as beta: pngdump.py. It’s a tool to analyze PNG files. Unlike jpegdump, you can not yet select items for further analysis. ...
https://blog.didierstevens.com/2022/04/18/new-tool-pngdump-py-beta/ 
🔥🔥
 
Published: 2022 04 18 07:11:49
Received: 2022 04 18 07:25:51
Feed: Didier Stevens
Source: Didier Stevens
Category: Cyber Security
Topic: Cyber Security
07:25 New Tool: pngdump.py (Beta)
🔥🔥
Articles recieved 17/04/2022
Article: Update: 1768.py Version 0.0.13 - published almost 4 years ago.
Content: This new version of 1768.py brings option -H to include file hashes, introduces shellcode type detection and has updated statistics. 1768_v0_0_13.zip (http)MD5: F7E85586045AA76C573E010E6FF5F701SHA256: 33B43A5AB059556C17083E824D407891CD14544B5CA416223020076C5878D310 ...
https://blog.didierstevens.com/2022/04/17/update-1768-py-version-0-0-13/ 
🔥🔥
 
Published: 2022 04 17 15:51:04
Received: 2022 04 17 16:06:38
Feed: Didier Stevens
Source: Didier Stevens
Category: Cyber Security
Topic: Cyber Security
16:06 Update: 1768.py Version 0.0.13
🔥🔥
Articles recieved 16/04/2022
Article: Update: cut-bytes.py Version 0.0.14 - published almost 4 years ago.
Content: This new version of cut-bytes.py adds access to the read data for Python expressions in prefix and suffix options. cut-bytes_V0_0_14.zip (http)MD5: EC3434DAAEE06C6F35BD57B77F86833FSHA256: BCCCE7A73C921BD2CC195155A3A709FBAD7ADC0A267288A4F7F58695A2F103D1 ...
https://blog.didierstevens.com/2022/04/16/update-cut-bytes-py-version-0-0-14/ 
🔥🔥
 
Published: 2022 04 16 08:10:18
Received: 2022 04 16 08:26:35
Feed: Didier Stevens
Source: Didier Stevens
Category: Cyber Security
Topic: Cyber Security
08:26 Update: cut-bytes.py Version 0.0.14
🔥🔥
Articles recieved 09/04/2022
Article: New Tool: myjson-filter.py - published almost 4 years ago.
Content: A couple of my tools can produce JSON output, using my own format (myjson). This output can then be piped into another tool, like strings.py or file-magic.py. I’m now releasing a tool that can be put into a command pipe to filter the JSON data: myjson-filter.py For example, here I use myjson-filter.py to remove all items that are XML files (based o...
https://blog.didierstevens.com/2022/04/09/new-tool-myjson-filter-py/ 
🔥🔥
 
Published: 2022 04 09 08:50:25
Received: 2022 04 09 12:25:34
Feed: Didier Stevens
Source: Didier Stevens
Category: Cyber Security
Topic: Cyber Security
12:25 New Tool: myjson-filter.py
🔥🔥
Articles recieved 05/04/2022
Article: .ISO Files With Office Maldocs & Protected View in Office 2019 and 2021 - published almost 4 years ago.
Content: We have seen ISO files being used to deliver malicious documents via email. There are different variants of this attack. One of the reasons to do this, is to evade “mark-of-web propagation”. When a file (attached to an email, or downloaded from the Internet) is saved to disk on a Windows system, Microsoft applications will mark this file as coming fro...
https://blog.didierstevens.com/2022/04/04/iso-files-with-office-maldocs-protected-view-in-office-2019-and-2021/ 
🔥🔥
 
Published: 2022 04 04 00:00:00
Received: 2022 04 05 07:05:28
Feed: Didier Stevens
Source: Didier Stevens
Category: Cyber Security
Topic: Cyber Security
07:05 .ISO Files With Office Maldocs & Protected View in Office 2019 and 2021
🔥🔥
Articles recieved 03/04/2022
Article: Power Consumption Of A Philips Hue lamp In Off State - published almost 4 years ago.
Content: A Philips Hue lamp is a LED lamp that can be controlled wirelessly. It always draws power for its control circuitry, also when the LED is turned off. I wondered how much power it consumes in the off state. Doing some research, I found a couple of forums where people asked the same question, and getting answers that is was very little, varying from 0,01 A...
https://blog.didierstevens.com/2022/04/03/power-consumption-of-a-philips-hue-lamp-in-off-state/ 
🔥🔥
 
Published: 2022 04 03 17:25:48
Received: 2022 04 03 17:45:29
Feed: Didier Stevens
Source: Didier Stevens
Category: Cyber Security
Topic: Cyber Security
17:45 Power Consumption Of A Philips Hue lamp In Off State
🔥🔥
Articles recieved 01/04/2022
Article: Overview of Content Published in March - published almost 4 years ago.
Content: Here is an overview of content I published in March: Blog posts: Update: oledump.py Version 0.0.64 New Tool: xlsbdump.py spring4shell Capture File YouTube videos: TShark & Multiple IP Addresses Maldoc Cleaned by Anti-Virus Videoblog posts: YARA?s Console Module MSBuild & Cobalt Strike Quick & Dirty Shellcode Analysis ? CVE-2017-11882 TSha...
https://blog.didierstevens.com/2022/04/01/overview-of-content-published-in-march-7/ 
🔥🔥
 
Published: 2022 04 01 00:00:00
Received: 2022 04 01 00:05:45
Feed: Didier Stevens
Source: Didier Stevens
Category: Cyber Security
Topic: Cyber Security
00:05 Overview of Content Published in March
🔥🔥
Articles recieved 31/03/2022
Article: spring4shell Capture File - published almost 4 years ago.
Content: If you are interested, I’ve put a spring4shell exploit capture file on my GitHub. It might trigger your AV, like Defender (Defender triggers on the webshell code). First HTTP request in the capture file, is just a test query. Second HTTP request is the exploit that drops a webshell. Third HTTP request is using that webshell. Figure 1: just a ...
https://blog.didierstevens.com/2022/03/31/spring4shell-capture-file/ 
🔥🔥
 
Published: 2022 03 31 19:13:38
Received: 2022 03 31 19:25:29
Feed: Didier Stevens
Source: Didier Stevens
Category: Cyber Security
Topic: Cyber Security
19:25 spring4shell Capture File
🔥🔥
Articles recieved 30/03/2022
Article: New Tool: xlsbdump.py - published almost 4 years ago.
Content: This is a new tool to parse XLSB files. It is still in beta. ...
https://blog.didierstevens.com/2022/03/30/new-tool-xlsbdump-py/ 
🔥🔥
 
Published: 2022 03 30 00:00:00
Received: 2022 03 30 00:05:34
Feed: Didier Stevens
Source: Didier Stevens
Category: Cyber Security
Topic: Cyber Security
00:05 New Tool: xlsbdump.py
🔥🔥
Articles recieved 29/03/2022
Article: Update: oledump.py Version 0.0.64 - published almost 4 years ago.
Content: This new version of oledump brings option -u. This option is used to look for data past the end of the streams. oledump_V0_0_64.zip (http)MD5: D2FE33398A2BA85A760518972C0207D3SHA256: C44F11D31CDCFDE0E7207363A9F35ED07A98A69A4A4228A8CA49292BA8EE9683 ...
https://blog.didierstevens.com/2022/03/29/update-oledump-py-version-0-0-64/ 
🔥🔥
 
Published: 2022 03 29 07:22:05
Received: 2022 03 29 07:25:22
Feed: Didier Stevens
Source: Didier Stevens
Category: Cyber Security
Topic: Cyber Security
07:25 Update: oledump.py Version 0.0.64
🔥🔥
Articles recieved 05/03/2022
Article: Overview of Content Published in February - published about 4 years ago.
Content: Here is an overview of content I published in February: Blog posts: Update: jpegdump.py Version 0.0.9 Windows Explorer: Improper Exif Data Removal Beta: smtp-honeypot.py Update: oledump.py Version 0.0.63 Update: 1768.py Version 0.0.12 YouTube videos: YARA’s Console Module Quick & Dirty Shellcode Analysis – CVE-2017-11882 SANS ISC Diary entries: ...
https://blog.didierstevens.com/2022/03/05/overview-of-content-published-in-february-5/ 
🔥🔥
 
Published: 2022 03 05 14:15:13
Received: 2022 03 05 14:26:19
Feed: Didier Stevens
Source: Didier Stevens
Category: Cyber Security
Topic: Cyber Security
Article: Update: 1768.py Version 0.0.12 - published about 4 years ago.
Content: I included a new Cobalt Strike 4.5 private key in this released, shared with me by a user. Further, ZIP files with AES encryption are supported. And a few other bug fixes 1768_v0_0_12b.zip (https)MD5: C1675CD1CD5E817BDBC4B10D8850D6DDSHA256: 0694F52EFA2332E8FCFFA739AD123ABF4A75F20ACB5DE3174376FE5D816DE071 ...
https://blog.didierstevens.com/2022/02/26/update-1768-py-version-0-0-12/ 
🔥🔥
 
Published: 2022 02 26 09:16:56
Received: 2022 03 05 14:07:00
Feed: Didier Stevens
Source: Didier Stevens
Category: Cyber Security
Topic: Cyber Security
14:26 Overview of Content Published in February
🔥🔥
14:07 Update: 1768.py Version 0.0.12
🔥🔥
Articles recieved 23/02/2022
Article: Update: oledump.py Version 0.0.63 - published about 4 years ago.
Content: This is a bug fix update for oledump.py. It fixes a bug that occurred when you calculated the hash of decompressed VBA code: oledump.py -E %MD5% -v sample.doc oledump_V0_0_63.zip (https)MD5: 52440972347843FF56B8F754910BFE4ASHA256: F92660FFA0F484B46A14944A8B7B475C3D34E80D9C197FA1E99C444CA9ED533B ...
https://blog.didierstevens.com/2022/02/23/update-oledump-py-version-0-0-63/ 
🔥🔥
 
Published: 2022 02 23 00:00:00
Received: 2022 02 23 00:05:32
Feed: Didier Stevens
Source: Didier Stevens
Category: Cyber Security
Topic: Cyber Security
00:05 Update: oledump.py Version 0.0.63
🔥🔥
Articles recieved 22/02/2022
Article: Beta: smtp-honeypot.py - published about 4 years ago.
Content: This Python script is essentially a wrapper for the smtpd Python module. I use it to receive emails, and write them to disk. Sometimes I use this to exfiltrate (malicious) emails. ...
https://blog.didierstevens.com/2022/02/21/beta-smtp-honeypot-py/ 
🔥🔥
 
Published: 2022 02 21 16:49:55
Received: 2022 02 22 18:05:27
Feed: Didier Stevens
Source: Didier Stevens
Category: Cyber Security
Topic: Cyber Security
18:05 Beta: smtp-honeypot.py
🔥🔥
Articles recieved 08/02/2022
Article: Windows Explorer: Improper Exif Data Removal - published about 4 years ago.
Content: Windows explorer has an option to remove properties from media files: “Remove Properties and Personal Information”. For example, removing Exif data from JPEG files. There is an issue with this feature: it does not properly remove Exif data. Within an open folder (Windows explorer), select a media file (I’m using Canon_40D.jpg), right-click and sel...
https://blog.didierstevens.com/2022/02/08/windows-explorer-improper-exif-data-removal/ 
🔥🔥
 
Published: 2022 02 08 20:53:38
Received: 2022 02 08 21:05:44
Feed: Didier Stevens
Source: Didier Stevens
Category: Cyber Security
Topic: Cyber Security
Article: Update: jpegdump.py Version 0.0.9 - published about 4 years ago.
Content: This new version of jpegdump.py adds option -E to display extra info for each segment. This extra data is a hash of the segment’s data: md5, sha1, sha256. jpegdump_V0_0_9.zip (https)MD5: 1736DA65F7355308DC698E29DE8F5432SHA256: 1E5AE79BB060F59D255999DBD74786F8A8A45DDB2C5F9C85A6FB2FA04CFD4D6C ...
https://blog.didierstevens.com/2022/02/08/update-jpegdump-py-version-0-0-9/ 
🔥🔥
 
Published: 2022 02 08 20:27:12
Received: 2022 02 08 20:45:28
Feed: Didier Stevens
Source: Didier Stevens
Category: Cyber Security
Topic: Cyber Security
21:05 Windows Explorer: Improper Exif Data Removal
🔥🔥
20:45 Update: jpegdump.py Version 0.0.9
🔥🔥
Articles recieved 02/02/2022
Article: Overview of Content Published in January - published about 4 years ago.
Content: Here is an overview of content I published in January: SANS ISC Diary entries: Expect Regressions TShark & jq Extracting Cobalt Strike Beacons from MSBuild Scripts YARA’s Console Module ...
https://blog.didierstevens.com/2022/02/02/overview-of-content-published-in-january-7/ 
🔥🔥
 
Published: 2022 02 02 00:00:00
Received: 2022 02 02 00:05:31
Feed: Didier Stevens
Source: Didier Stevens
Category: Cyber Security
Topic: Cyber Security
00:05 Overview of Content Published in January
🔥🔥
Articles recieved 01/01/2022
Article: Overview of Content Published in December - published about 4 years ago.
Content: Here is an overview of content I published in December: Blog posts: MiTM Cobalt Strike Network Traffic Update: base64dump.py Version 0.0.19 Update: cs-decrypt-metadata.py Version 0.0.4 Update: cs-parse-traffic.py Version 0.0.4 Update: 1768.py Version 0.0.11 Update: cs-extract-key.py Version 0.0.4 Update: cs-analyze-processdump.py Version 0.0.3 VBA: __SRP_...
https://blog.didierstevens.com/2022/01/01/overview-of-content-published-in-december-7/ 
🔥🔥
 
Published: 2022 01 01 00:00:00
Received: 2022 01 01 00:07:01
Feed: Didier Stevens
Source: Didier Stevens
Category: Cyber Security
Topic: Cyber Security
00:07 Overview of Content Published in December
🔥🔥
Articles recieved 31/12/2021
Article: Update: base64dump.py Version 0.0.20 - published about 4 years ago.
Content: This new version brings a new encoding: zxcn zxcn stands for “zero x comma no-leading zero”, and is very similar to zxc encoding (zero x comma). Example of zxc: 0x90,0x0A,0x4D,0x5A Remark the leading zero for value 0x0A (values smaller than 0x10). With zxcn encoding, there is no leading zero for values smaller than 0x10. Thus the example for ...
https://blog.didierstevens.com/2021/12/31/update-base64dump-py-version-0-0-20/ 
🔥🔥
 
Published: 2021 12 31 00:00:00
Received: 2021 12 31 00:06:15
Feed: Didier Stevens
Source: Didier Stevens
Category: Cyber Security
Topic: Cyber Security
00:06 Update: base64dump.py Version 0.0.20
🔥🔥
Articles recieved 30/12/2021
Article: Update: pecheck Version 0.7.14 - published about 4 years ago.
Content: This new version of pecheck adds support for dumping files (-D) while using option -l P. pecheck-v0_7_14.zip (https)MD5: 3B5CED47987F0395CC4BC795A938EA4ASHA256: 547941BD830C22586CE0C509DE8406424C2EB02D0C5FEAA555C43C77FCCDE33D ...
https://blog.didierstevens.com/2021/12/30/update-pecheck-version-0-7-14/ 
🔥🔥
 
Published: 2021 12 30 00:00:00
Received: 2021 12 30 00:06:01
Feed: Didier Stevens
Source: Didier Stevens
Category: Cyber Security
Topic: Cyber Security
00:06 Update: pecheck Version 0.7.14
🔥🔥
Articles recieved 29/12/2021
Article: VBA: __SRP_ Streams - published about 4 years ago.
Content: Office documents with a VBA project that contains streams whose name starts with __SRP_, have had their VBA macros executed at least once. As Dr. Bontchev describes in the documentation for his pcodedmp tool: When the p-code has been executed at least once, a further tokenized form of it is stored elsewhere in the document (in streams, the names of wh...
https://blog.didierstevens.com/2021/12/29/vba-__srp_-streams/ 
🔥🔥
 
Published: 2021 12 29 00:00:00
Received: 2021 12 29 00:05:58
Feed: Didier Stevens
Source: Didier Stevens
Category: Cyber Security
Topic: Cyber Security
00:05 VBA: __SRP_ Streams
🔥🔥
Articles recieved 28/12/2021
Article: Update: cs-analyze-processdump.py Version 0.0.3 - published about 4 years ago.
Content: This new version brings some options to guide the XOR-key detection algorithm. The beacon’s AES and HMAC key are contained in writable process memory: my tool cs-extract-key.py can detect these keys. But the beacon can be configured to encode these keys while it is sleeping. This feature is called a sleep mask, and uses a 13-byte long XOR key. The comple...
https://blog.didierstevens.com/2021/12/28/update-cs-analyze-processdump-py-version-0-0-3/ 
🔥🔥
 
Published: 2021 12 28 00:00:00
Received: 2021 12 28 00:07:36
Feed: Didier Stevens
Source: Didier Stevens
Category: Cyber Security
Topic: Cyber Security
00:07 Update: cs-analyze-processdump.py Version 0.0.3
🔥🔥
Articles recieved 22/12/2021
Article: Update: cs-extract-key.py Version 0.0.4 - published about 4 years ago.
Content: I added option –donotfullsearch in this new version of my tool to extract encryption keys from process memory dumps of beacons. When this option is used, cs-extract-key.py will not fall back to a full search when string sha256\x00 is not found. cs-extract-key_V0_0_4.zip (https)MD5: 451D73C0963C91E11AE043AD82A96FCDSHA256: 5D21C796CA2F7D115D291E2C4DAE71...
https://blog.didierstevens.com/2021/12/22/update-cs-extract-key-py-version-0-0-4/ 
🔥🔥
 
Published: 2021 12 22 00:00:00
Received: 2021 12 22 00:07:09
Feed: Didier Stevens
Source: Didier Stevens
Category: Cyber Security
Topic: Cyber Security
00:07 Update: cs-extract-key.py Version 0.0.4
🔥🔥
Articles recieved 21/12/2021
Article: Update: 1768.py Version 0.0.11 - published about 4 years ago.
Content: 1768.py, my tool to analyze Cobalt Strike beacons, has an update: updated statistics and support for your own, private 1768.json file: 1768b.json. When 1768b.json exists, it is used by 1768.py in stead of 1768.json. 1768_v0_0_11.zip (https)MD5: 5029A9831D32F57D174BE9DDC8CA31B3SHA256: F6939ACB105FE848F084A7E916AE9E2CC0BC173B92D7BBBA95637CC355657E09 ...
https://blog.didierstevens.com/2021/12/21/update-1768-py-version-0-0-11/ 
🔥🔥
 
Published: 2021 12 21 00:00:00
Received: 2021 12 21 00:07:59
Feed: Didier Stevens
Source: Didier Stevens
Category: Cyber Security
Topic: Cyber Security
00:07 Update: 1768.py Version 0.0.11
🔥🔥
Articles recieved 20/12/2021
Article: Update: cs-parse-traffic.py Version 0.0.4 - published about 4 years ago.
Content: This update for cs-parse-traffic.py, my tool to parse/decrypt Cobalt Strike network traffic, includes bug fixes and new definitions. cs-parse-traffic_V0_0_4.zip (https)MD5: 890C5290B7C1E0F5803F0289FA876DDBSHA256: 43FD18DDCDB5732C9EB1F2B377E3B1DF6A2D36F62442CE2068C32EBC3FC07813 ...
https://blog.didierstevens.com/2021/12/20/update-cs-parse-traffic-py-version-0-0-4/ 
🔥🔥
 
Published: 2021 12 20 00:00:00
Received: 2021 12 20 00:05:59
Feed: Didier Stevens
Source: Didier Stevens
Category: Cyber Security
Topic: Cyber Security
00:05 Update: cs-parse-traffic.py Version 0.0.4
🔥🔥
Articles recieved 19/12/2021
Article: Update: base64dump.py Version 0.0.19 - published about 4 years ago.
Content: This is a bugfix version. base64dump_V0_0_19.zip (https)MD5: 0D250DCB3FCE5D41A6FCB3AAD3937019SHA256: FECA04873B87A15F0713938717611E86ED360F51AF28FCD03CEEFC4688BD7D67 ...
https://blog.didierstevens.com/2021/12/19/update-base64dump-py-version-0-0-19/ 
🔥🔥
 
Published: 2021 12 19 09:40:25
Received: 2021 12 19 09:45:29
Feed: Didier Stevens
Source: Didier Stevens
Category: Cyber Security
Topic: Cyber Security
Article: Update: cs-decrypt-metadata.py Version 0.0.4 - published about 4 years ago.
Content: This is a bugfix version. cs-decrypt-metadata_V0_0_4.zip (https)MD5: 50C8AEFA1A1A507012BE72C71C449818SHA256: CAFCCE9A8897C257AE39259D3F444E0F40473BF0D9590DC1A035316EBDDBBC84 ...
https://blog.didierstevens.com/2021/12/19/update-cs-decrypt-metadata-py-version-0-0-4/ 
🔥🔥
 
Published: 2021 12 19 09:43:17
Received: 2021 12 19 09:45:29
Feed: Didier Stevens
Source: Didier Stevens
Category: Cyber Security
Topic: Cyber Security
09:45 Update: base64dump.py Version 0.0.19
🔥🔥
09:45 Update: cs-decrypt-metadata.py Version 0.0.4
🔥🔥
Articles recieved 11/12/2021
Article: MiTM Cobalt Strike Network Traffic - published about 4 years ago.
Content: I made a small PoC. cs-mitm. py is a mitmproxy script that intercepts Cobalt Strike traffic, decrypts it and injects its own commands. In this video, a malicious beacon is terminated by sending it an exit command. I selected a malicious beacon that uses one of the leaked private keys. The script does not support data transforms, but that can be easily ad...
https://blog.didierstevens.com/2021/12/11/mitm-cobalt-strike-network-traffic/ 
🔥🔥
 
Published: 2021 12 11 10:14:58
Received: 2021 12 11 10:25:41
Feed: Didier Stevens
Source: Didier Stevens
Category: Cyber Security
Topic: Cyber Security
10:25 MiTM Cobalt Strike Network Traffic
🔥🔥
Articles recieved 01/12/2021
Article: Overview of Content Published in November - published over 4 years ago.
Content: Here is an overview of content I published in November: Blog posts: New Tool: cs-extract-key.py Update: 1768.py Version 0.0.9 Update: cs-decrypt-metadata.py Version 0.0.2 Update: 1768.py Version 0.0.10 Update: base64dump.py Version 0.0.18 Update: cs-decrypt-metadata.py Version 0.0.3 New tool: cs-analyze-processdump.py New Tool: cs-parse-traffic.py Update:...
https://blog.didierstevens.com/2021/12/01/overview-of-content-published-in-november-7/ 
🔥🔥
 
Published: 2021 12 01 00:00:00
Received: 2021 12 01 00:06:57
Feed: Didier Stevens
Source: Didier Stevens
Category: Cyber Security
Topic: Cyber Security
00:06 Overview of Content Published in November
🔥🔥
Articles recieved 30/11/2021
Article: Update: cs-extract-key.py Version 0.0.3 - published over 4 years ago.
Content: This update brings a new option: -V –verbose. Verbose output includes an hex/ascii dump of the decrypted data: cs-extract-key_V0_0_3.zip (https)MD5: C40C96B68701369F41EB6731FD83B28BSHA256: CBB5EC3C8C36931D56AB42E3086CF7E95ABC7782D74F30DDCCF874BD4E89B6BB ...
https://blog.didierstevens.com/2021/11/30/update-cs-extract-key-py-version-0-0-3/ 
🔥🔥
 
Published: 2021 11 30 00:00:00
Received: 2021 11 30 00:08:26
Feed: Didier Stevens
Source: Didier Stevens
Category: Cyber Security
Topic: Cyber Security
00:08 Update: cs-extract-key.py Version 0.0.3
🔥🔥
Articles recieved 29/11/2021
Article: New Tool: cs-parse-traffic.py - published over 4 years ago.
Content: This tool is the combination of beta tool cs-parse-http-traffic.py (discontinued) and unreleased tool cs-parse-dns-traffic.py: it can decrypt and parse Cobalt Strike DNS and HTTP beacon network traffic. By default it handles HTTP traffic. Use option -f dns to handle DNS traffic. cs-parse-traffic_V0_0_3.zip (https)MD5: D11D64222CD77407FCEE5E6235470828S...
https://blog.didierstevens.com/2021/11/29/new-tool-cs-parse-traffic-py/ 
🔥🔥
 
Published: 2021 11 29 00:00:00
Received: 2021 11 29 00:05:54
Feed: Didier Stevens
Source: Didier Stevens
Category: Cyber Security
Topic: Cyber Security
00:05 New Tool: cs-parse-traffic.py
🔥🔥
Articles recieved 25/11/2021
Article: New tool: cs-analyze-processdump.py - published over 4 years ago.
Content: This is cs-analyze-processdump.py, my tool to analyze Cobalt Strike beacon process dumps, detecting and decoding sleep mode encoding. cs-analyze-processdump_V0_0_2.zip (https)MD5: 699C184AA60F741B6DD7CB8C05E12448SHA256: 5E6C121783C9BC1A392AA4FEFD77D66709B0C8FB2F3E568D8538C6CD81C7B315 ...
https://blog.didierstevens.com/2021/11/25/new-tool-cs-analyze-processdump-py/ 
🔥🔥
 
Published: 2021 11 25 00:00:00
Received: 2021 11 25 00:06:47
Feed: Didier Stevens
Source: Didier Stevens
Category: Cyber Security
Topic: Cyber Security
00:06 New tool: cs-analyze-processdump.py
🔥🔥
Articles recieved 23/11/2021
Article: Update: cs-decrypt-metadata.py Version 0.0.3 - published over 4 years ago.
Content: This is a bugfix version of cs-decrypt-metadata.py, my tool to decrypt Cobalt Strike metadata. cs-decrypt-metadata_V0_0_3.zip (https)MD5: BC42AF00F35FE8460E8AA23F2B54A84ASHA256: 13C62A515D49CF8DEF4A866B069AFC47885B13CAB3703AA529C214B88FF576D3 ...
https://blog.didierstevens.com/2021/11/23/update-cs-decrypt-metadata-py-version-0-0-3/ 
🔥🔥
 
Published: 2021 11 23 00:00:00
Received: 2021 11 23 00:08:40
Feed: Didier Stevens
Source: Didier Stevens
Category: Cyber Security
Topic: Cyber Security
00:08 Update: cs-decrypt-metadata.py Version 0.0.3
🔥🔥
Articles recieved 22/11/2021
Article: Update: base64dump.py Version 0.0.18 - published over 4 years ago.
Content: This is a bug fix version. base64dump_V0_0_18.zip (https)MD5: C1D1FBED0E4C1A4703C56412611EF47DSHA256: 3F46110F9A1750D2351EB7CE2278C1E61EE1C421E10ABB5EC5BFC28B0DA61285 ...
https://blog.didierstevens.com/2021/11/22/update-base64dump-py-version-0-0-18/ 
🔥🔥
 
Published: 2021 11 22 00:00:00
Received: 2021 11 22 00:07:38
Feed: Didier Stevens
Source: Didier Stevens
Category: Cyber Security
Topic: Cyber Security
00:07 Update: base64dump.py Version 0.0.18
🔥🔥
Articles recieved 21/11/2021
Article: Update: 1768.py Version 0.0.10 - published over 4 years ago.
Content: This new version of 1768.py, my tool to analyze Cobalt Strike beacons, adds some small changes, like extra tests and defines more field names. 1768_v0_0_10.zip (https)MD5: 603EFE48CF8740397562F65C9E22B648SHA256: 67F2D59FCE9757B10FE4B50C7D7CD284D36AE21912A13531820AC0BDA8ABC0C1 ...
https://blog.didierstevens.com/2021/11/21/update-1768-py-version-0-0-10/ 
🔥🔥
 
Published: 2021 11 21 00:00:00
Received: 2021 11 21 00:07:06
Feed: Didier Stevens
Source: Didier Stevens
Category: Cyber Security
Topic: Cyber Security
00:07 Update: 1768.py Version 0.0.10
🔥🔥
Articles recieved 12/11/2021
Article: Update: cs-decrypt-metadata.py Version 0.0.2 - published over 4 years ago.
Content: This new version of my tool to decrypt Cobalt Strike metadata, now supports transformations. By default, encrypted metadata in Cobalt Strike traffic is encoded with BASE64 and then transmitted via the Cookie header in HTTP(S) requests. This metadata is encrypted with a public RSA key, and can be decrypted if the private key is known. Here is an exa...
https://blog.didierstevens.com/2021/11/12/update-cs-decrypt-metadata-py-version-0-0-2/ 
🔥🔥
 
Published: 2021 11 12 00:00:00
Received: 2021 11 12 00:06:28
Feed: Didier Stevens
Source: Didier Stevens
Category: Cyber Security
Topic: Cyber Security
00:06 Update: cs-decrypt-metadata.py Version 0.0.2
🔥🔥
Articles recieved 04/11/2021
Article: Update: 1768.py Version 0.0.9 - published over 4 years ago.
Content: This new version of 1768.py, my tool to decode Cobalt Strike beacon configs, brings proper decoding of malleable instructions. And the license ID statistics have been updated, and 3 new private RSA keys have been added. Fields 0x000b (Malleable_C2_Instructions), 0x000c (http_get_header) and 0x000d (http_post_header) contain instructions on how to tran...
https://blog.didierstevens.com/2021/11/04/update-1768-py-version-0-0-9/ 
🔥🔥
 
Published: 2021 11 04 00:00:00
Received: 2021 11 04 00:06:02
Feed: Didier Stevens
Source: Didier Stevens
Category: Cyber Security
Topic: Cyber Security
00:06 Update: 1768.py Version 0.0.9
🔥🔥
Articles recieved 03/11/2021
Article: New Tool: cs-extract-key.py - published over 4 years ago.
Content: cs-extract-key.py is a tool designed to extract cryptographic keys from Cobalt Strike beacon process memory dumps. This tool was already available in my beta repository. This tool can extract cryptographic keys from process memory dumps of a version 3.x beacon directly: And from version 4.x together with encrypted data extracted from network ca...
https://blog.didierstevens.com/2021/11/03/new-tool-cs-extract-key-py/ 
🔥🔥
 
Published: 2021 11 03 00:00:00
Received: 2021 11 03 00:06:53
Feed: Didier Stevens
Source: Didier Stevens
Category: Cyber Security
Topic: Cyber Security
00:06 New Tool: cs-extract-key.py
🔥🔥
Articles recieved 01/11/2021
Article: Overview of Content Published in October - published over 4 years ago.
Content: Here is an overview of content I published in October: Blog posts: New Tool: onion-connect-service-detection.py Update: 1768.py Version 0.0.8 “Public” Private Cobalt Strike Keys New Tool: cs-decrypt-metadata.py YouTube videos: CVE-2021-40444 Maldocs: Extracting URLs Cobalt Strike: Decrypting C2 Traffic With A “Leaked” Private Key Phishing ZIP With Malform...
https://blog.didierstevens.com/2021/11/01/overview-of-content-published-in-october-7/ 
🔥🔥
 
Published: 2021 11 01 00:00:00
Received: 2021 11 01 00:07:17
Feed: Didier Stevens
Source: Didier Stevens
Category: Cyber Security
Topic: Cyber Security
00:07 Overview of Content Published in October
🔥🔥
Articles recieved 22/10/2021
Article: New Tool: cs-decrypt-metadata.py - published over 4 years ago.
Content: cs-decrypt-metadata.py is a new tool, developed to decrypt the metadata of a Cobalt Strike beacon. An active beacon regularly checks in with its team server, transmitting medata (like the AES key, the username & machine name, …) that is encrypted with the team server’s private key. This tool can decrypt this data, provided: you give it the file...
https://blog.didierstevens.com/2021/10/22/new-tool-cs-decrypt-metadata-py/ 
🔥🔥
 
Published: 2021 10 22 00:00:00
Received: 2021 10 22 00:05:31
Feed: Didier Stevens
Source: Didier Stevens
Category: Cyber Security
Topic: Cyber Security
00:05 New Tool: cs-decrypt-metadata.py
🔥🔥
Articles recieved 21/10/2021
Article: “Public” Private Cobalt Strike Keys - published over 4 years ago.
Content: I found 6 private keys used by malicious Cobalt Strike servers. There’s a significant number of malicious CS servers on the Internet that reuse these keys, thus allowing us to decrypt their C2 traffic. For the details, I recommend reading the following blog post I wrote “Cobalt Strike: Using Known Private Keys To Decrypt Traffic – Part 1“. I integrated t...
https://blog.didierstevens.com/2021/10/21/public-private-cobalt-strike-keys/ 
🔥🔥
 
Published: 2021 10 21 18:05:35
Received: 2021 10 21 18:06:15
Feed: Didier Stevens
Source: Didier Stevens
Category: Cyber Security
Topic: Cyber Security
18:06 “Public” Private Cobalt Strike Keys
🔥🔥
Articles recieved 11/10/2021
Article: Update: 1768.py Version 0.0.8 - published over 4 years ago.
Content: This new version brings an update to the statistics in file 1768.json. 1768_v0_0_8.zip (https)MD5: C410C38FC2B5F0B2C3104D7FC1D35C58SHA256: 9374650575E0F15331CE05ACFD2BFA4CD6EBEB1497207B9B6D4B1F7A0214457D ...
https://blog.didierstevens.com/2021/10/11/update-1768-py-version-0-0-8/ 
🔥🔥
 
Published: 2021 10 11 00:00:00
Received: 2021 10 11 00:06:09
Feed: Didier Stevens
Source: Didier Stevens
Category: Cyber Security
Topic: Cyber Security
00:06 Update: 1768.py Version 0.0.8
🔥🔥
Articles recieved 03/10/2021
Article: New Tool: onion-connect-service-detection.py - published over 4 years ago.
Content: To better understand how nmap does service detection, I implemented a tool in Python that tries to do (more or less) the same. nmap detects what service is listening on a port, by sending it probes (particular byte sequences) and matching it with expected replies. These probes and replies can be found in file nmap-service-probes. It allows me to experime...
https://blog.didierstevens.com/2021/10/03/new-tool-onion-connect-service-detection-py/ 
🔥🔥
 
Published: 2021 10 03 00:00:00
Received: 2021 10 03 00:05:59
Feed: Didier Stevens
Source: Didier Stevens
Category: Cyber Security
Topic: Cyber Security
00:05 New Tool: onion-connect-service-detection.py
🔥🔥
Articles recieved 02/10/2021
Article: Overview of Content Published in September - published over 4 years ago.
Content: Here is an overview of content I published in September: Blog posts: Update: re-search.py Version 0.0.18 Patching A Java .class File Update: base64dump.py Version 0.0.17 YouTube videos: Simple Analysis Of A CVE-2021-40444 .docx Document Strings Analysis: VBA & Excel4 Maldoc Videoblog posts: Simple Analysis Of A CVE-2021-40444 .docx Document SANS ...
https://blog.didierstevens.com/2021/10/02/overview-of-content-published-in-september-5/ 
🔥🔥
 
Published: 2021 10 02 19:33:28
Received: 2021 10 02 20:06:15
Feed: Didier Stevens
Source: Didier Stevens
Category: Cyber Security
Topic: Cyber Security
20:06 Overview of Content Published in September
🔥🔥
Articles recieved 29/09/2021
Article: Update: base64dump.py Version 0.0.17 - published over 4 years ago.
Content: This new version of base64dump brings 2 new features: support for ASCII85 encoding: a85selecting of the largest result: -s L base64dump_V0_0_17.zip (https)MD5: B535A0B9E73D068380078FC5006756E8SHA256: DDC67BEBC5C3407213673C0228E84796E6816294A029997542BA7DD9AF659C4E ...
https://blog.didierstevens.com/2021/09/29/update-base64dump-py-version-0-0-17/ 
🔥🔥
 
Published: 2021 09 29 00:00:00
Received: 2021 09 29 00:05:48
Feed: Didier Stevens
Source: Didier Stevens
Category: Cyber Security
Topic: Cyber Security
00:05 Update: base64dump.py Version 0.0.17
🔥🔥
Articles recieved 26/09/2021
Article: Patching A Java .class File - published over 4 years ago.
Content: 010 Editor is one of few commercial applications that I use daily. It’s a powerful binary editor with scripting and templates. I recently had to patch a Java .class file: extend a string inside that class. Before going the route of decompiling / editing / recompiling, I tried with 010 Editor. Here is the file opened inside the editor: When open...
https://blog.didierstevens.com/2021/09/26/patching-a-java-class-file/ 
🔥🔥
 
Published: 2021 09 26 00:00:00
Received: 2021 09 26 00:06:31
Feed: Didier Stevens
Source: Didier Stevens
Category: Cyber Security
Topic: Cyber Security
00:06 Patching A Java .class File
🔥🔥
Articles recieved 22/09/2021
Article: Update: re-search.py Version 0.0.18 - published over 4 years ago.
Content: This version has some Python3/Linux/MacOS fixes. re-search_V0_0_18.zip (https)MD5: 1BCA3B59B719FAFD6016D2F9F32F1A05SHA256: 9E4807D3CE0EC320028AC760D3915F4FC0CBF6EC6E20FC9B2C91C54E74E6F548 ...
https://blog.didierstevens.com/2021/09/22/update-re-search-py-version-0-0-18/ 
🔥🔥
 
Published: 2021 09 22 00:00:00
Received: 2021 09 22 00:05:49
Feed: Didier Stevens
Source: Didier Stevens
Category: Cyber Security
Topic: Cyber Security
00:05 Update: re-search.py Version 0.0.18
🔥🔥
Articles recieved 19/09/2021
Article: Overview of Content Published in August - published over 4 years ago.
Content: Here is an overview of content I published in August: Blog posts: dnsresolver.py: Videos For Each Command Update: oledump.py Version 0.0.62 My YouTube Playlists Update: pdf-parser.py Version 0.7.5 Update: pdfid.py Version 0.2.8 Update: AnalyzePESig Version 0.0.0.8 YouTube videos: dnsresolver.py: 6 exfiltration Command dnsresolver.py: 7 track Command dns...
https://blog.didierstevens.com/2021/09/19/overview-of-content-published-in-august-6/ 
🔥🔥
 
Published: 2021 09 19 15:07:41
Received: 2021 09 19 16:06:31
Feed: Didier Stevens
Source: Didier Stevens
Category: Cyber Security
Topic: Cyber Security
16:06 Overview of Content Published in August
🔥🔥
Articles recieved 21/08/2021
Article: Update: AnalyzePESig Version 0.0.0.8 - published over 4 years ago.
Content: This new version of AnalyzePESig, my tool to analyze the digital signature of PE files, brings some major updates: Support for UNICODE filenamesReintroduction of the capability to verify the signature of non-PE files, like .MSI files And several bug fixes. AnalyzePESig_V0_0_0_8.zip (https)MD5: C14A2C8AA91D34F534B4F76E7014E3A9SHA256: BCCF90BF6E4...
https://blog.didierstevens.com/2021/08/21/update-analyzepesig-version-0-0-0-8/ 
🔥🔥
 
Published: 2021 08 21 11:52:48
Received: 2021 08 21 12:06:44
Feed: Didier Stevens
Source: Didier Stevens
Category: Cyber Security
Topic: Cyber Security
12:06 Update: AnalyzePESig Version 0.0.0.8
🔥🔥
Articles recieved 20/08/2021
Article: Update: pdf-parser.py Version 0.7.5 - published over 4 years ago.
Content: This is a bug fix version. pdf-parser_V0_7_5.zip (https)MD5: D39E98981E6FEA48BF61CA2F78ED0B09SHA256: 5D970AFAC501A71D4FDDEECBD63060062226BF1D587A6A74702DDA79B5C2D3FB ...
https://blog.didierstevens.com/2021/08/20/update-pdf-parser-py-version-0-7-5/ 
🔥🔥
 
Published: 2021 08 20 00:00:00
Received: 2021 08 20 00:06:52
Feed: Didier Stevens
Source: Didier Stevens
Category: Cyber Security
Topic: Cyber Security
Article: Update: pdfid.py Version 0.2.8 - published over 4 years ago.
Content: This is a bug fix version pdfid_v0_2_8.zip (https)MD5: 9DDE1D9010D860303B03F3317DAF07B4SHA256: 0D0AA12592FA29BC5E7A9C3CFA0AAEBB711CEF373A0AE0AD523723C64C9D02B4 ...
https://blog.didierstevens.com/2021/08/20/update-pdfid-py-version-0-2-8/ 
🔥🔥
 
Published: 2021 08 20 00:00:00
Received: 2021 08 20 00:06:52
Feed: Didier Stevens
Source: Didier Stevens
Category: Cyber Security
Topic: Cyber Security
00:06 Update: pdf-parser.py Version 0.7.5
🔥🔥
00:06 Update: pdfid.py Version 0.2.8
🔥🔥
Articles recieved 19/08/2021
Article: My YouTube Playlists - published over 4 years ago.
Content: I started to create YouTube playlists for my videos. ...
https://blog.didierstevens.com/2021/08/19/my-youtube-playlists/ 
🔥🔥
 
Published: 2021 08 19 00:00:00
Received: 2021 08 19 00:07:00
Feed: Didier Stevens
Source: Didier Stevens
Category: Cyber Security
Topic: Cyber Security
00:07 My YouTube Playlists
🔥🔥
Articles recieved 17/08/2021
Article: Update: oledump.py Version 0.0.62 - published over 4 years ago.
Content: This new version brings a bug fix and an update to plugin_biff’s XOR deobfuscation. oledump_V0_0_62.zip (https)MD5: F16DB945970B49A60155443ED82CDE29SHA256: 4AE5DF2CC8E8F5A395027A8056B1A33B8F05C0AB6FC18D56D46DC151BB4302FB ...
https://blog.didierstevens.com/2021/08/17/update-oledump-py-version-0-0-62/ 
🔥🔥
 
Published: 2021 08 17 00:00:00
Received: 2021 08 17 00:08:06
Feed: Didier Stevens
Source: Didier Stevens
Category: Cyber Security
Topic: Cyber Security
00:08 Update: oledump.py Version 0.0.62
🔥🔥
Articles recieved 11/08/2021
Article: dnsresolver.py: Videos For Each Command - published over 4 years ago.
Content: I did record 8 videos explaining the different commands of my dnsresolver.py tool. This is a tool that can serve files, facilitate exfiltration, do tracking, answer wildcard requests, do rcode testing and also simple resolving. I have a YouTube playlist with all 8 videos: dnsresolver playlist. ...
https://blog.didierstevens.com/2021/08/11/dnsresolver-py-videos-for-each-command/ 
🔥🔥
 
Published: 2021 08 11 00:00:00
Received: 2021 08 11 00:06:21
Feed: Didier Stevens
Source: Didier Stevens
Category: Cyber Security
Topic: Cyber Security
00:06 dnsresolver.py: Videos For Each Command
🔥🔥
Articles recieved 02/08/2021
Article: Overview of Content Published in July - published over 4 years ago.
Content: Here is an overview of content I published in July: Blog posts: Update: xmldump.py Version 0.0.7 New Tool: texteditor.py Update: FileScanner Version 0.0.0.7 New Tool: dnsresolver.py sysmon?s DNS QueryStatus Field Update: base64dump.py Version 0.0.16 Using SeBackupPrivilege With Python YouTube videos: Adding BASE85 To basedump64.py CyberChef BASE85 Decod...
https://blog.didierstevens.com/2021/08/02/overview-of-content-published-in-july-6/ 
🔥🔥
 
Published: 2021 08 02 22:11:00
Received: 2021 08 02 23:05:45
Feed: Didier Stevens
Source: Didier Stevens
Category: Cyber Security
Topic: Cyber Security
23:05 Overview of Content Published in July
🔥🔥
Articles recieved 19/07/2021
Article: Using SeBackupPrivilege With Python - published over 4 years ago.
Content: Access to files on a Windows NTFS filesystem is governed by permissions and privileges. For permissions, it is done with a security descriptor on a file which contains a Discretionary Access Control List (DACL): these are the permissions that decide if a user has access (and which type of access) to said file. Most files don’t have their own, proper perm...
https://blog.didierstevens.com/2021/07/19/using-sebackupprivilege-with-python/ 
🔥🔥
 
Published: 2021 07 19 00:00:00
Received: 2021 07 19 00:06:00
Feed: Didier Stevens
Source: Didier Stevens
Category: Cyber Security
Topic: Cyber Security
00:06 Using SeBackupPrivilege With Python
🔥🔥
Articles recieved 17/07/2021
Article: Update: base64dump.py Version 0.0.16 - published over 4 years ago.
Content: This new version of base64dump.py brings bug fixes and support for BASE85 RFC 1924 encoding. If you want to know how I go about adding a new decoding to base64dump.py, watch this video: Here is version 0.0.0.15, with bug fixes but without base85: base64dump_V0_0_15.zip (https)MD5: 95C78B0DC830C6240F2A56A3BA0C483FSHA256: F011136B2CF4F54647AB4B...
https://blog.didierstevens.com/2021/07/17/update-base64dump-py-version-0-0-16/ 
🔥🔥
 
Published: 2021 07 17 00:00:00
Received: 2021 07 17 00:06:07
Feed: Didier Stevens
Source: Didier Stevens
Category: Cyber Security
Topic: Cyber Security
00:06 Update: base64dump.py Version 0.0.16
🔥🔥
Articles recieved 16/07/2021
Article: sysmon’s DNS QueryStatus Field - published over 4 years ago.
Content: A friend asked me for more info on the QueryStatus field in sysmon‘s DNS events. When a DNS query succeeds, e.g., when there’s a DNS reply with an answer, that status field is 0. But what can cause it to be different from 0? A bit of testing revealed that a query for an unknown domain gives a QueryStatus value of 9003. 9003 is a Windows System Erro...
https://blog.didierstevens.com/2021/07/16/sysmons-dns-querystatus-field/ 
🔥🔥
 
Published: 2021 07 16 00:00:00
Received: 2021 07 16 00:06:03
Feed: Didier Stevens
Source: Didier Stevens
Category: Cyber Security
Topic: Cyber Security
00:06 sysmon’s DNS QueryStatus Field
🔥🔥
Articles recieved 15/07/2021
Article: New Tool: dnsresolver.py - published over 4 years ago.
Content: I’ve done several experiments with DNS, which has lead me over the last couple of years to develop a DNS resolver tool. By no way is it a full fledged DNS server: it implements particular features that I’ve needed for different experiments I conducted. It can serve files, facilitate exfiltration, do tracking, answer wildcard requests, do rcode testing...
https://blog.didierstevens.com/2021/07/15/new-tool-dnsresolver-py/ 
🔥🔥
 
Published: 2021 07 15 00:00:00
Received: 2021 07 15 00:06:53
Feed: Didier Stevens
Source: Didier Stevens
Category: Cyber Security
Topic: Cyber Security
00:06 New Tool: dnsresolver.py
🔥🔥
Articles recieved 13/07/2021
Article: Update: FileScanner Version 0.0.0.7 - published over 4 years ago.
Content: This new version of FileScanner brings bug fixes and new features, like UNICODE filename support and an embedded man page. FileScanner_V0_0_0_7.zip (https)MD5: D3294BE258F5E2CD9ADF60035D5FB444SHA256: 8D9349A2056CF400DF55D0407287144A038B6268E40919F248866B4C8BC3FD0A ...
https://blog.didierstevens.com/2021/07/13/update-filescanner-version-0-0-0-7/ 
🔥🔥
 
Published: 2021 07 13 00:00:00
Received: 2021 07 13 00:07:35
Feed: Didier Stevens
Source: Didier Stevens
Category: Cyber Security
Topic: Cyber Security
00:07 Update: FileScanner Version 0.0.0.7
🔥🔥
Articles recieved 05/07/2021
Article: New Tool: texteditor.py - published over 4 years ago.
Content: I have some ad hoc tools, that help me with special text editing tasks. Like doing search and replace in a text file, with a list of search and replace terms. Or looking for assignment statements in the source code of a program, and replacing each variable with its value. I decided to bundle these ad hoc scripts, into a single generic script, a new tool:...
https://blog.didierstevens.com/2021/07/05/new-tool-texteditor-py/ 
🔥🔥
 
Published: 2021 07 05 00:00:00
Received: 2021 07 05 00:06:40
Feed: Didier Stevens
Source: Didier Stevens
Category: Cyber Security
Topic: Cyber Security
00:06 New Tool: texteditor.py
🔥🔥
Articles recieved 04/07/2021
Article: Update: xmldump.py Version 0.0.7 - published over 4 years ago.
Content: This update to xmldump.py, a tool to help with viewing XML files, adds option -j (–jsoninput) to handle JSON output produced by zipdump.py. With this option, shared strings from OOXML spreadsheets will be used with command celltext. I will explain more in an upcoming blog post. xmldump_V0_0_7.zip (https)MD5: 20FBBC1A053B2528AC4200B917637876SHA2...
https://blog.didierstevens.com/2021/07/04/update-xmldump-py-version-0-0-7/ 
🔥🔥
 
Published: 2021 07 04 00:00:00
Received: 2021 07 04 00:06:03
Feed: Didier Stevens
Source: Didier Stevens
Category: Cyber Security
Topic: Cyber Security
00:06 Update: xmldump.py Version 0.0.7
🔥🔥
Articles recieved 03/07/2021
Article: Overview of Content Published in June - published over 4 years ago.
Content: Here is an overview of content I published in June: Blog posts: How-to: Make Your Own Cert With OpenSSL on Windows (Reloaded) Update: Python Templates Version 0.0.5 New Tool: ssdeep.py Update: 1768.py Version 0.0.7 Update: oledump.py Version 0.0.61 YouTube videos: ssdeep Python Example Based On My Templates oledump Cheat Sheet Videoblog posts: ssdeep ...
https://blog.didierstevens.com/2021/07/03/overview-of-content-published-in-june-6/ 
🔥🔥
 
Published: 2021 07 03 19:01:46
Received: 2021 07 03 19:05:56
Feed: Didier Stevens
Source: Didier Stevens
Category: Cyber Security
Topic: Cyber Security
19:05 Overview of Content Published in June
🔥🔥
Articles recieved 21/06/2021
Article: Update: oledump.py Version 0.0.61 - published over 4 years ago.
Content: This new version of oledump.py comes with Excel 4 formula parsing improvements in the plugin_biff plugin. oledump_V0_0_61.zip (https)MD5: 6DC34FFAF4ED0066696ED230878AEED9SHA256: 41A68ABA19BBA74DAE653BE62D4A63A5AE409FB6DC1DAEEB2D419AA1B493728A ...
https://blog.didierstevens.com/2021/06/21/update-oledump-py-version-0-0-61/ 
🔥🔥
 
Published: 2021 06 21 00:00:00
Received: 2021 06 21 00:06:54
Feed: Didier Stevens
Source: Didier Stevens
Category: Cyber Security
Topic: Cyber Security
00:06 Update: oledump.py Version 0.0.61
🔥🔥
Articles recieved 15/06/2021
Article: Update: 1768.py Version 0.0.7 - published over 4 years ago.
Content: There are no code changes to this version of 1768.py, my tool to analyze Cobalt Strike beacons. What is new, is file 1768.json: this file contains statistical data for license IDs. Over a period of one month, I collected license ID information from these sources: threatviewio and @cobaltstrikebot. For each license ID that is found on more than ...
https://blog.didierstevens.com/2021/06/15/update-1768-py-version-0-0-7/ 
🔥🔥
 
Published: 2021 06 15 00:00:00
Received: 2021 06 15 00:06:46
Feed: Didier Stevens
Source: Didier Stevens
Category: Cyber Security
Topic: Cyber Security
00:06 Update: 1768.py Version 0.0.7
🔥🔥
Articles recieved 11/06/2021
Article: Update: Python Templates Version 0.0.5 - published over 4 years ago.
Content: Here is an update to my Python templates. I use these templates as a starting point for new tools or for quick development of ad-hoc tools. I also recorded a video showing how to use my template to create your own tool: ssdeep Python Example Based On My Templates. python-templates_V0_0_5.zip (https)MD5: 137878F4D7F799436F76C0119E6BB621SHA256: 5A68B...
https://blog.didierstevens.com/2021/06/11/update-python-templates-version-0-0-5/ 
🔥🔥
 
Published: 2021 06 11 10:14:23
Received: 2021 06 11 11:06:27
Feed: Didier Stevens
Source: Didier Stevens
Category: Cyber Security
Topic: Cyber Security
Article: New Tool: ssdeep.py - published over 4 years ago.
Content: ssdeep.py is a Python tool to calculate ssdeep hashes using the ppdeep Python module. As I needed a Python implementation of an ssdeep tool, I decided to document the creation of such a tool with a video. I use my Python templates to quickly create this tool. ssdeep_V0_0_1.zip (https)MD5: 32FD610D858E91BC009845E105ED87C3SHA256: 02EA18EF0139B54D8A06AA0...
https://blog.didierstevens.com/2021/06/11/new-tool-ssdeep-py/ 
🔥🔥
 
Published: 2021 06 11 10:35:08
Received: 2021 06 11 11:06:27
Feed: Didier Stevens
Source: Didier Stevens
Category: Cyber Security
Topic: Cyber Security
11:06 Update: Python Templates Version 0.0.5
🔥🔥
11:06 New Tool: ssdeep.py
🔥🔥
Articles recieved 07/06/2021
Article: How-to: Make Your Own Cert With OpenSSL on Windows (Reloaded) - published almost 5 years ago.
Content: As several things have changed since I published “Howto: Make Your Own Cert With OpenSSL on Windows” 5 years ago, I’m publishing an updated how-to. This time, I’m using the OpenSSL Windows binaries provided by the Curl developers: I’m using OpenSSL version 1.1.1i. I chose the 32-bit version, so that you can still follow along in case you have to do this on a...
https://blog.didierstevens.com/2021/06/07/how-to-make-your-own-cert-with-openssl-on-windows-reloaded/ 
🔥🔥
 
Published: 2021 06 07 00:00:00
Received: 2021 06 07 00:06:05
Feed: Didier Stevens
Source: Didier Stevens
Category: Cyber Security
Topic: Cyber Security
00:06 How-to: Make Your Own Cert With OpenSSL on Windows (Reloaded)
🔥🔥
Articles recieved 06/06/2021
Article: metatool.py - published almost 5 years ago.
Content: metatool.py is a tool to help with the analysis of Metasploit or Cobalt Strike URLs. More info can be found in my SANS Internet Storm Center diary entry “Finding Metasploit & Cobalt Strike URLs“. It is still in my Github beta repository here. ...
https://blog.didierstevens.com/2021/04/18/metatool-py/ 
🔥🔥
 
Published: 2021 04 18 17:56:33
Received: 2021 06 06 09:04:35
Feed: Didier Stevens
Source: Didier Stevens
Category: Cyber Security
Topic: Cyber Security
Article: Lua CSV Wireshark Dissector - published almost 5 years ago.
Content: In December 2020 I provided online Wireshark training to one of our NVISO clients. During the second day, when we cover the development of custom dissectors written in Lua, a question about CSV data came up. When the data exchanged over TCP, for example, has the CSV format (fields separated by a separator), how can I write a dissector for that? While answeri...
https://blog.didierstevens.com/2021/04/19/lua-csv-wireshark-dissector/ 
🔥🔥
 
Published: 2021 04 19 00:00:00
Received: 2021 06 06 09:04:34
Feed: Didier Stevens
Source: Didier Stevens
Category: Cyber Security
Topic: Cyber Security
Article: isodump.py - published almost 5 years ago.
Content: This is a new tool (beta) to analyze ISO files. I made this for a webinar I presented: a demo on how to use my templates to create your own tools. isodump.py is in my Github beta repository. The complete webinar is here, if you want to jump directly to the demo where I explain how to make a tool like isodump.py, go here. ...
https://blog.didierstevens.com/2021/04/25/isodump-py/ 
🔥🔥
 
Published: 2021 04 25 10:13:54
Received: 2021 06 06 09:04:34
Feed: Didier Stevens
Source: Didier Stevens
Category: Cyber Security
Topic: Cyber Security
Article: Quickpost: Decrypting Cobalt Strike Traffic - published almost 5 years ago.
Content: I have been looking at several samples of Cobalt Strike beacons used in malware attacks. Although work is still ongoing, I already want to share my findings. Cobalt Strike beacons communicating over HTTP encrypt their data with AES (unless a trial version is used). I found code to decrypt/encrypt such data in the PyBeacon and Geacon Github repositories. ...
https://blog.didierstevens.com/2021/04/26/quickpost-decrypting-cobalt-strike-traffic/ 
🔥🔥
 
Published: 2021 04 26 00:00:00
Received: 2021 06 06 09:04:34
Feed: Didier Stevens
Source: Didier Stevens
Category: Cyber Security
Topic: Cyber Security
Article: Overview of Content Published in April - published almost 5 years ago.
Content: Here is an overview of content I published in April: Blog posts: metatool.py Lua CSV Wireshark Dissector isodump.py Quickpost: Decrypting Cobalt Strike Traffic YouTube videos: YARA and CyberChef YARA and CyberChef: ZIP Decoding Cobalt Strike Traffic Lua CSV Wireshark Dissector The Security Toolsmith (NVISO Brown Bag 2021) Videoblog posts: YARA and Cyber...
https://blog.didierstevens.com/2021/05/02/overview-of-content-published-in-april-6/ 
🔥🔥
 
Published: 2021 05 02 19:16:58
Received: 2021 06 06 09:04:34
Feed: Didier Stevens
Source: Didier Stevens
Category: Cyber Security
Topic: Cyber Security
Article: Update: 1768.py Version 0.0.6 - published almost 5 years ago.
Content: This new version of 1768.py, my tool to analyze Cobalt Stike beacons, has fixes, support for more encodings, and an option to output the config in JSON format. 1768_v0_0_6.zip (https) MD5: EB9C949BB7B5DD3EF9ECEBF7F3C21184 SHA256: 3EC0BB7B41CC5C0E1534F09BAE67D62B220F8D83A7F02EC0F856F8741F86EB31 ...
https://blog.didierstevens.com/2021/05/22/update-1768-py-version-0-0-6/ 
🔥🔥
 
Published: 2021 05 22 15:06:15
Received: 2021 06 06 09:04:34
Feed: Didier Stevens
Source: Didier Stevens
Category: Cyber Security
Topic: Cyber Security
Article: Update: re-search.py Version 0.0.17 - published almost 5 years ago.
Content: This new version of re-search.py adds gzip support and filtering of private IPv4 addresses: re-search_V0_0_17.zip (https) MD5: 8945F435BDA03D73EF7A2BA1AA64A65E SHA256: 0D74709B9F26FC7F6EEADAEE1BAA3AF7AADAA618F88B1C267BA5A063C8E3D997 ...
https://blog.didierstevens.com/2021/05/23/update-re-search-py-version-0-0-17/ 
🔥🔥
 
Published: 2021 05 23 00:00:00
Received: 2021 06 06 09:04:34
Feed: Didier Stevens
Source: Didier Stevens
Category: Cyber Security
Topic: Cyber Security
Article: Update: base64dump.py Version 0.0.14 - published almost 5 years ago.
Content: This new version of base64dump.py supports a new encoding: NETBIOS Name encoding. NETBIOS Name encoding is very similar to hexadecimal encoding: in stead of hexadecimal digits 0-9 and a-f, letters A-P are used. I encountered this in DNS TXT records of a Cobalt Strike DNS stager. More on that later. base64dump_V0_0_14.zip (https)MD5: 35BF4900BED...
https://blog.didierstevens.com/2021/05/25/update-base64dump-py-version-0-0-14/ 
🔥🔥
 
Published: 2021 05 25 00:00:00
Received: 2021 06 06 09:04:34
Feed: Didier Stevens
Source: Didier Stevens
Category: Cyber Security
Topic: Cyber Security
Article: New Tool: cs-dns-stager.py - published almost 5 years ago.
Content: cs-dns-stager.py is a quick & dirty tool I wrote to retrieve a Cobalt Strike DNS beacon from its server, if you only have the IP address of said server. If you want to know more about Cobalt Strike and DNS, watch this video I recorded: ...
https://blog.didierstevens.com/2021/05/30/new-tool-cs-dns-stager-py/ 
🔥🔥
 
Published: 2021 05 30 17:59:01
Received: 2021 06 06 09:04:34
Feed: Didier Stevens
Source: Didier Stevens
Category: Cyber Security
Topic: Cyber Security
Article: Overview of Content Published in May - published almost 5 years ago.
Content: Here is an overview of content I published in May: Blog posts: Update: 1768.py Version 0.0.6 Update: re-search.py Version 0.0.17 Update: base64dump.py Version 0.0.14 New Tool: cs-dns-stager.py YouTube videos: Making Sense Of Encrypted Cobalt Strike Traffic Cobalt Strike & DNS – Part 1 Videoblog posts: Making Sense Of Encrypted Cobalt Strike Traffi...
https://blog.didierstevens.com/2021/06/04/overview-of-content-published-in-may-6/ 
🔥🔥
 
Published: 2021 06 04 00:00:00
Received: 2021 06 06 09:04:34
Feed: Didier Stevens
Source: Didier Stevens
Category: Cyber Security
Topic: Cyber Security
09:04 metatool.py
🔥🔥
09:04 Lua CSV Wireshark Dissector
🔥🔥
09:04 isodump.py
🔥🔥
09:04 Quickpost: Decrypting Cobalt Strike Traffic
🔥🔥
09:04 Overview of Content Published in April
🔥🔥
09:04 Update: 1768.py Version 0.0.6
🔥🔥
09:04 Update: re-search.py Version 0.0.17
🔥🔥
09:04 Update: base64dump.py Version 0.0.14
🔥🔥
09:04 New Tool: cs-dns-stager.py
🔥🔥
09:04 Overview of Content Published in May
🔥🔥

Get your Free Scan and Score Certificate

Cyber Tzar Free Score Certificate
Cyber Tzar Free Score Certificate

Get your repeat Free Scan and Score Certificate

Cyber Tzar Score Summary
Cyber Tzar Score Summary

Cyber Security Made Simple

Cyber Tzar Your Score Explained
Cyber Tzar Your Score Explained

Cyber Tzar Platform Highlights

Cyber Tzar Gold Score Certificate
Cyber Tzar Gold Score Certificate

Cyber Tzar Sites

Cyber Tzar Score Analysis
Cyber Tzar Score Analysis

Developer? Secuity Assesor? Risk Manager? Actary? We can help, whatever you need

Cyber Tzar Risk Impact Distribution
Cyber Tzar Risk Impact Distribution
Navigation
Return to Planet "Home"
Ordered/grouped:
Filter applied:
Current page:
Go to "Navigation Help" (page end)
Articles in this collection: 392
  • "Home" links back to the front page, effectivly the Planet "Home Page"; shows all articles, with no selections, or groupings.
  • Default date ordering is by "Received Date" (due to not all RSS feeds having a "Published Date").
  • Authors is the most poorly serviced field in the articles we see from cyber security news providers.
  • Only Published Date selections use the articles Published Date (for ordering and grouping).
  • The first page always shows fifty items plus from zero to up to a remaining forty-nine items, before they are commited permently to the next page.
  • All subsequent pages show fifty items.
  • Pagination is in reverse ordering (so that pages are permamenent links, aka "permalinks", to their content).
  • Return to the top of this page "Go Now"

Custom HTML Block

Click to Open Code Editor