Welcome to our

Cyber Security News Aggregator

.

Cyber Tzar

provide a

cyber security risk management

platform; including automated penetration tests and risk assesments culminating in a "cyber risk score" out of 1,000, just like a credit score.
Navigation
Return to Planet "Home"
Ordered/grouped:
Filter applied:
Current page:
Go to "Navigation Help" (page end)
Articles in this collection: 306

Feed: Didier Stevens

Articles recieved 22/12/2021
Article: Update: cs-extract-key.py Version 0.0.4 - published almost 3 years ago.
Content: I added option –donotfullsearch in this new version of my tool to extract encryption keys from process memory dumps of beacons. When this option is used, cs-extract-key.py will not fall back to a full search when string sha256\x00 is not found. cs-extract-key_V0_0_4.zip (https)MD5: 451D73C0963C91E11AE043AD82A96FCDSHA256: 5D21C796CA2F7D115D291E2C4DAE71...
https://blog.didierstevens.com/2021/12/22/update-cs-extract-key-py-version-0-0-4/ 
🔥🔥
 
Published: 2021 12 22 00:00:00
Received: 2021 12 22 00:07:09
Feed: Didier Stevens
Source: Didier Stevens
Category: Cyber Security
Topic: Cyber Security
00:07 Update: cs-extract-key.py Version 0.0.4
🔥🔥
Articles recieved 21/12/2021
Article: Update: 1768.py Version 0.0.11 - published almost 3 years ago.
Content: 1768.py, my tool to analyze Cobalt Strike beacons, has an update: updated statistics and support for your own, private 1768.json file: 1768b.json. When 1768b.json exists, it is used by 1768.py in stead of 1768.json. 1768_v0_0_11.zip (https)MD5: 5029A9831D32F57D174BE9DDC8CA31B3SHA256: F6939ACB105FE848F084A7E916AE9E2CC0BC173B92D7BBBA95637CC355657E09 ...
https://blog.didierstevens.com/2021/12/21/update-1768-py-version-0-0-11/ 
🔥🔥
 
Published: 2021 12 21 00:00:00
Received: 2021 12 21 00:07:59
Feed: Didier Stevens
Source: Didier Stevens
Category: Cyber Security
Topic: Cyber Security
00:07 Update: 1768.py Version 0.0.11
🔥🔥
Articles recieved 20/12/2021
Article: Update: cs-parse-traffic.py Version 0.0.4 - published almost 3 years ago.
Content: This update for cs-parse-traffic.py, my tool to parse/decrypt Cobalt Strike network traffic, includes bug fixes and new definitions. cs-parse-traffic_V0_0_4.zip (https)MD5: 890C5290B7C1E0F5803F0289FA876DDBSHA256: 43FD18DDCDB5732C9EB1F2B377E3B1DF6A2D36F62442CE2068C32EBC3FC07813 ...
https://blog.didierstevens.com/2021/12/20/update-cs-parse-traffic-py-version-0-0-4/ 
🔥🔥
 
Published: 2021 12 20 00:00:00
Received: 2021 12 20 00:05:59
Feed: Didier Stevens
Source: Didier Stevens
Category: Cyber Security
Topic: Cyber Security
00:05 Update: cs-parse-traffic.py Version 0.0.4
🔥🔥
Articles recieved 19/12/2021
Article: Update: base64dump.py Version 0.0.19 - published almost 3 years ago.
Content: This is a bugfix version. base64dump_V0_0_19.zip (https)MD5: 0D250DCB3FCE5D41A6FCB3AAD3937019SHA256: FECA04873B87A15F0713938717611E86ED360F51AF28FCD03CEEFC4688BD7D67 ...
https://blog.didierstevens.com/2021/12/19/update-base64dump-py-version-0-0-19/ 
🔥🔥
 
Published: 2021 12 19 09:40:25
Received: 2021 12 19 09:45:29
Feed: Didier Stevens
Source: Didier Stevens
Category: Cyber Security
Topic: Cyber Security
Article: Update: cs-decrypt-metadata.py Version 0.0.4 - published almost 3 years ago.
Content: This is a bugfix version. cs-decrypt-metadata_V0_0_4.zip (https)MD5: 50C8AEFA1A1A507012BE72C71C449818SHA256: CAFCCE9A8897C257AE39259D3F444E0F40473BF0D9590DC1A035316EBDDBBC84 ...
https://blog.didierstevens.com/2021/12/19/update-cs-decrypt-metadata-py-version-0-0-4/ 
🔥🔥
 
Published: 2021 12 19 09:43:17
Received: 2021 12 19 09:45:29
Feed: Didier Stevens
Source: Didier Stevens
Category: Cyber Security
Topic: Cyber Security
09:45 Update: base64dump.py Version 0.0.19
🔥🔥
09:45 Update: cs-decrypt-metadata.py Version 0.0.4
🔥🔥
Articles recieved 11/12/2021
Article: MiTM Cobalt Strike Network Traffic - published almost 3 years ago.
Content: I made a small PoC. cs-mitm. py is a mitmproxy script that intercepts Cobalt Strike traffic, decrypts it and injects its own commands. In this video, a malicious beacon is terminated by sending it an exit command. I selected a malicious beacon that uses one of the leaked private keys. The script does not support data transforms, but that can be easily ad...
https://blog.didierstevens.com/2021/12/11/mitm-cobalt-strike-network-traffic/ 
🔥🔥
 
Published: 2021 12 11 10:14:58
Received: 2021 12 11 10:25:41
Feed: Didier Stevens
Source: Didier Stevens
Category: Cyber Security
Topic: Cyber Security
10:25 MiTM Cobalt Strike Network Traffic
🔥🔥
Articles recieved 01/12/2021
Article: Overview of Content Published in November - published almost 3 years ago.
Content: Here is an overview of content I published in November: Blog posts: New Tool: cs-extract-key.py Update: 1768.py Version 0.0.9 Update: cs-decrypt-metadata.py Version 0.0.2 Update: 1768.py Version 0.0.10 Update: base64dump.py Version 0.0.18 Update: cs-decrypt-metadata.py Version 0.0.3 New tool: cs-analyze-processdump.py New Tool: cs-parse-traffic.py Update:...
https://blog.didierstevens.com/2021/12/01/overview-of-content-published-in-november-7/ 
🔥🔥
 
Published: 2021 12 01 00:00:00
Received: 2021 12 01 00:06:57
Feed: Didier Stevens
Source: Didier Stevens
Category: Cyber Security
Topic: Cyber Security
00:06 Overview of Content Published in November
🔥🔥
Articles recieved 30/11/2021
Article: Update: cs-extract-key.py Version 0.0.3 - published almost 3 years ago.
Content: This update brings a new option: -V –verbose. Verbose output includes an hex/ascii dump of the decrypted data: cs-extract-key_V0_0_3.zip (https)MD5: C40C96B68701369F41EB6731FD83B28BSHA256: CBB5EC3C8C36931D56AB42E3086CF7E95ABC7782D74F30DDCCF874BD4E89B6BB ...
https://blog.didierstevens.com/2021/11/30/update-cs-extract-key-py-version-0-0-3/ 
🔥🔥
 
Published: 2021 11 30 00:00:00
Received: 2021 11 30 00:08:26
Feed: Didier Stevens
Source: Didier Stevens
Category: Cyber Security
Topic: Cyber Security
00:08 Update: cs-extract-key.py Version 0.0.3
🔥🔥
Articles recieved 29/11/2021
Article: New Tool: cs-parse-traffic.py - published almost 3 years ago.
Content: This tool is the combination of beta tool cs-parse-http-traffic.py (discontinued) and unreleased tool cs-parse-dns-traffic.py: it can decrypt and parse Cobalt Strike DNS and HTTP beacon network traffic. By default it handles HTTP traffic. Use option -f dns to handle DNS traffic. cs-parse-traffic_V0_0_3.zip (https)MD5: D11D64222CD77407FCEE5E6235470828S...
https://blog.didierstevens.com/2021/11/29/new-tool-cs-parse-traffic-py/ 
🔥🔥
 
Published: 2021 11 29 00:00:00
Received: 2021 11 29 00:05:54
Feed: Didier Stevens
Source: Didier Stevens
Category: Cyber Security
Topic: Cyber Security
00:05 New Tool: cs-parse-traffic.py
🔥🔥
Articles recieved 25/11/2021
Article: New tool: cs-analyze-processdump.py - published almost 3 years ago.
Content: This is cs-analyze-processdump.py, my tool to analyze Cobalt Strike beacon process dumps, detecting and decoding sleep mode encoding. cs-analyze-processdump_V0_0_2.zip (https)MD5: 699C184AA60F741B6DD7CB8C05E12448SHA256: 5E6C121783C9BC1A392AA4FEFD77D66709B0C8FB2F3E568D8538C6CD81C7B315 ...
https://blog.didierstevens.com/2021/11/25/new-tool-cs-analyze-processdump-py/ 
🔥🔥
 
Published: 2021 11 25 00:00:00
Received: 2021 11 25 00:06:47
Feed: Didier Stevens
Source: Didier Stevens
Category: Cyber Security
Topic: Cyber Security
00:06 New tool: cs-analyze-processdump.py
🔥🔥
Articles recieved 23/11/2021
Article: Update: cs-decrypt-metadata.py Version 0.0.3 - published almost 3 years ago.
Content: This is a bugfix version of cs-decrypt-metadata.py, my tool to decrypt Cobalt Strike metadata. cs-decrypt-metadata_V0_0_3.zip (https)MD5: BC42AF00F35FE8460E8AA23F2B54A84ASHA256: 13C62A515D49CF8DEF4A866B069AFC47885B13CAB3703AA529C214B88FF576D3 ...
https://blog.didierstevens.com/2021/11/23/update-cs-decrypt-metadata-py-version-0-0-3/ 
🔥🔥
 
Published: 2021 11 23 00:00:00
Received: 2021 11 23 00:08:40
Feed: Didier Stevens
Source: Didier Stevens
Category: Cyber Security
Topic: Cyber Security
00:08 Update: cs-decrypt-metadata.py Version 0.0.3
🔥🔥
Articles recieved 22/11/2021
Article: Update: base64dump.py Version 0.0.18 - published about 3 years ago.
Content: This is a bug fix version. base64dump_V0_0_18.zip (https)MD5: C1D1FBED0E4C1A4703C56412611EF47DSHA256: 3F46110F9A1750D2351EB7CE2278C1E61EE1C421E10ABB5EC5BFC28B0DA61285 ...
https://blog.didierstevens.com/2021/11/22/update-base64dump-py-version-0-0-18/ 
🔥🔥
 
Published: 2021 11 22 00:00:00
Received: 2021 11 22 00:07:38
Feed: Didier Stevens
Source: Didier Stevens
Category: Cyber Security
Topic: Cyber Security
00:07 Update: base64dump.py Version 0.0.18
🔥🔥
Articles recieved 21/11/2021
Article: Update: 1768.py Version 0.0.10 - published about 3 years ago.
Content: This new version of 1768.py, my tool to analyze Cobalt Strike beacons, adds some small changes, like extra tests and defines more field names. 1768_v0_0_10.zip (https)MD5: 603EFE48CF8740397562F65C9E22B648SHA256: 67F2D59FCE9757B10FE4B50C7D7CD284D36AE21912A13531820AC0BDA8ABC0C1 ...
https://blog.didierstevens.com/2021/11/21/update-1768-py-version-0-0-10/ 
🔥🔥
 
Published: 2021 11 21 00:00:00
Received: 2021 11 21 00:07:06
Feed: Didier Stevens
Source: Didier Stevens
Category: Cyber Security
Topic: Cyber Security
00:07 Update: 1768.py Version 0.0.10
🔥🔥
Articles recieved 12/11/2021
Article: Update: cs-decrypt-metadata.py Version 0.0.2 - published about 3 years ago.
Content: This new version of my tool to decrypt Cobalt Strike metadata, now supports transformations. By default, encrypted metadata in Cobalt Strike traffic is encoded with BASE64 and then transmitted via the Cookie header in HTTP(S) requests. This metadata is encrypted with a public RSA key, and can be decrypted if the private key is known. Here is an exa...
https://blog.didierstevens.com/2021/11/12/update-cs-decrypt-metadata-py-version-0-0-2/ 
🔥🔥
 
Published: 2021 11 12 00:00:00
Received: 2021 11 12 00:06:28
Feed: Didier Stevens
Source: Didier Stevens
Category: Cyber Security
Topic: Cyber Security
00:06 Update: cs-decrypt-metadata.py Version 0.0.2
🔥🔥
Articles recieved 04/11/2021
Article: Update: 1768.py Version 0.0.9 - published about 3 years ago.
Content: This new version of 1768.py, my tool to decode Cobalt Strike beacon configs, brings proper decoding of malleable instructions. And the license ID statistics have been updated, and 3 new private RSA keys have been added. Fields 0x000b (Malleable_C2_Instructions), 0x000c (http_get_header) and 0x000d (http_post_header) contain instructions on how to tran...
https://blog.didierstevens.com/2021/11/04/update-1768-py-version-0-0-9/ 
🔥🔥
 
Published: 2021 11 04 00:00:00
Received: 2021 11 04 00:06:02
Feed: Didier Stevens
Source: Didier Stevens
Category: Cyber Security
Topic: Cyber Security
00:06 Update: 1768.py Version 0.0.9
🔥🔥
Articles recieved 03/11/2021
Article: New Tool: cs-extract-key.py - published about 3 years ago.
Content: cs-extract-key.py is a tool designed to extract cryptographic keys from Cobalt Strike beacon process memory dumps. This tool was already available in my beta repository. This tool can extract cryptographic keys from process memory dumps of a version 3.x beacon directly: And from version 4.x together with encrypted data extracted from network ca...
https://blog.didierstevens.com/2021/11/03/new-tool-cs-extract-key-py/ 
🔥🔥
 
Published: 2021 11 03 00:00:00
Received: 2021 11 03 00:06:53
Feed: Didier Stevens
Source: Didier Stevens
Category: Cyber Security
Topic: Cyber Security
00:06 New Tool: cs-extract-key.py
🔥🔥
Articles recieved 01/11/2021
Article: Overview of Content Published in October - published about 3 years ago.
Content: Here is an overview of content I published in October: Blog posts: New Tool: onion-connect-service-detection.py Update: 1768.py Version 0.0.8 “Public” Private Cobalt Strike Keys New Tool: cs-decrypt-metadata.py YouTube videos: CVE-2021-40444 Maldocs: Extracting URLs Cobalt Strike: Decrypting C2 Traffic With A “Leaked” Private Key Phishing ZIP With Malform...
https://blog.didierstevens.com/2021/11/01/overview-of-content-published-in-october-7/ 
🔥🔥
 
Published: 2021 11 01 00:00:00
Received: 2021 11 01 00:07:17
Feed: Didier Stevens
Source: Didier Stevens
Category: Cyber Security
Topic: Cyber Security
00:07 Overview of Content Published in October
🔥🔥
Articles recieved 22/10/2021
Article: New Tool: cs-decrypt-metadata.py - published about 3 years ago.
Content: cs-decrypt-metadata.py is a new tool, developed to decrypt the metadata of a Cobalt Strike beacon. An active beacon regularly checks in with its team server, transmitting medata (like the AES key, the username & machine name, …) that is encrypted with the team server’s private key. This tool can decrypt this data, provided: you give it the file...
https://blog.didierstevens.com/2021/10/22/new-tool-cs-decrypt-metadata-py/ 
🔥🔥
 
Published: 2021 10 22 00:00:00
Received: 2021 10 22 00:05:31
Feed: Didier Stevens
Source: Didier Stevens
Category: Cyber Security
Topic: Cyber Security
00:05 New Tool: cs-decrypt-metadata.py
🔥🔥
Articles recieved 21/10/2021
Article: “Public” Private Cobalt Strike Keys - published about 3 years ago.
Content: I found 6 private keys used by malicious Cobalt Strike servers. There’s a significant number of malicious CS servers on the Internet that reuse these keys, thus allowing us to decrypt their C2 traffic. For the details, I recommend reading the following blog post I wrote “Cobalt Strike: Using Known Private Keys To Decrypt Traffic – Part 1“. I integrated t...
https://blog.didierstevens.com/2021/10/21/public-private-cobalt-strike-keys/ 
🔥🔥
 
Published: 2021 10 21 18:05:35
Received: 2021 10 21 18:06:15
Feed: Didier Stevens
Source: Didier Stevens
Category: Cyber Security
Topic: Cyber Security
18:06 “Public” Private Cobalt Strike Keys
🔥🔥
Articles recieved 11/10/2021
Article: Update: 1768.py Version 0.0.8 - published about 3 years ago.
Content: This new version brings an update to the statistics in file 1768.json. 1768_v0_0_8.zip (https)MD5: C410C38FC2B5F0B2C3104D7FC1D35C58SHA256: 9374650575E0F15331CE05ACFD2BFA4CD6EBEB1497207B9B6D4B1F7A0214457D ...
https://blog.didierstevens.com/2021/10/11/update-1768-py-version-0-0-8/ 
🔥🔥
 
Published: 2021 10 11 00:00:00
Received: 2021 10 11 00:06:09
Feed: Didier Stevens
Source: Didier Stevens
Category: Cyber Security
Topic: Cyber Security
00:06 Update: 1768.py Version 0.0.8
🔥🔥
Articles recieved 03/10/2021
Article: New Tool: onion-connect-service-detection.py - published about 3 years ago.
Content: To better understand how nmap does service detection, I implemented a tool in Python that tries to do (more or less) the same. nmap detects what service is listening on a port, by sending it probes (particular byte sequences) and matching it with expected replies. These probes and replies can be found in file nmap-service-probes. It allows me to experime...
https://blog.didierstevens.com/2021/10/03/new-tool-onion-connect-service-detection-py/ 
🔥🔥
 
Published: 2021 10 03 00:00:00
Received: 2021 10 03 00:05:59
Feed: Didier Stevens
Source: Didier Stevens
Category: Cyber Security
Topic: Cyber Security
00:05 New Tool: onion-connect-service-detection.py
🔥🔥
Articles recieved 02/10/2021
Article: Overview of Content Published in September - published about 3 years ago.
Content: Here is an overview of content I published in September: Blog posts: Update: re-search.py Version 0.0.18 Patching A Java .class File Update: base64dump.py Version 0.0.17 YouTube videos: Simple Analysis Of A CVE-2021-40444 .docx Document Strings Analysis: VBA & Excel4 Maldoc Videoblog posts: Simple Analysis Of A CVE-2021-40444 .docx Document SANS ...
https://blog.didierstevens.com/2021/10/02/overview-of-content-published-in-september-5/ 
🔥🔥
 
Published: 2021 10 02 19:33:28
Received: 2021 10 02 20:06:15
Feed: Didier Stevens
Source: Didier Stevens
Category: Cyber Security
Topic: Cyber Security
20:06 Overview of Content Published in September
🔥🔥
Articles recieved 29/09/2021
Article: Update: base64dump.py Version 0.0.17 - published about 3 years ago.
Content: This new version of base64dump brings 2 new features: support for ASCII85 encoding: a85selecting of the largest result: -s L base64dump_V0_0_17.zip (https)MD5: B535A0B9E73D068380078FC5006756E8SHA256: DDC67BEBC5C3407213673C0228E84796E6816294A029997542BA7DD9AF659C4E ...
https://blog.didierstevens.com/2021/09/29/update-base64dump-py-version-0-0-17/ 
🔥🔥
 
Published: 2021 09 29 00:00:00
Received: 2021 09 29 00:05:48
Feed: Didier Stevens
Source: Didier Stevens
Category: Cyber Security
Topic: Cyber Security
00:05 Update: base64dump.py Version 0.0.17
🔥🔥
Articles recieved 26/09/2021
Article: Patching A Java .class File - published about 3 years ago.
Content: 010 Editor is one of few commercial applications that I use daily. It’s a powerful binary editor with scripting and templates. I recently had to patch a Java .class file: extend a string inside that class. Before going the route of decompiling / editing / recompiling, I tried with 010 Editor. Here is the file opened inside the editor: When open...
https://blog.didierstevens.com/2021/09/26/patching-a-java-class-file/ 
🔥🔥
 
Published: 2021 09 26 00:00:00
Received: 2021 09 26 00:06:31
Feed: Didier Stevens
Source: Didier Stevens
Category: Cyber Security
Topic: Cyber Security
00:06 Patching A Java .class File
🔥🔥
Articles recieved 22/09/2021
Article: Update: re-search.py Version 0.0.18 - published about 3 years ago.
Content: This version has some Python3/Linux/MacOS fixes. re-search_V0_0_18.zip (https)MD5: 1BCA3B59B719FAFD6016D2F9F32F1A05SHA256: 9E4807D3CE0EC320028AC760D3915F4FC0CBF6EC6E20FC9B2C91C54E74E6F548 ...
https://blog.didierstevens.com/2021/09/22/update-re-search-py-version-0-0-18/ 
🔥🔥
 
Published: 2021 09 22 00:00:00
Received: 2021 09 22 00:05:49
Feed: Didier Stevens
Source: Didier Stevens
Category: Cyber Security
Topic: Cyber Security
00:05 Update: re-search.py Version 0.0.18
🔥🔥
Articles recieved 19/09/2021
Article: Overview of Content Published in August - published about 3 years ago.
Content: Here is an overview of content I published in August: Blog posts: dnsresolver.py: Videos For Each Command Update: oledump.py Version 0.0.62 My YouTube Playlists Update: pdf-parser.py Version 0.7.5 Update: pdfid.py Version 0.2.8 Update: AnalyzePESig Version 0.0.0.8 YouTube videos: dnsresolver.py: 6 exfiltration Command dnsresolver.py: 7 track Command dns...
https://blog.didierstevens.com/2021/09/19/overview-of-content-published-in-august-6/ 
🔥🔥
 
Published: 2021 09 19 15:07:41
Received: 2021 09 19 16:06:31
Feed: Didier Stevens
Source: Didier Stevens
Category: Cyber Security
Topic: Cyber Security
16:06 Overview of Content Published in August
🔥🔥
Articles recieved 21/08/2021
Article: Update: AnalyzePESig Version 0.0.0.8 - published over 3 years ago.
Content: This new version of AnalyzePESig, my tool to analyze the digital signature of PE files, brings some major updates: Support for UNICODE filenamesReintroduction of the capability to verify the signature of non-PE files, like .MSI files And several bug fixes. AnalyzePESig_V0_0_0_8.zip (https)MD5: C14A2C8AA91D34F534B4F76E7014E3A9SHA256: BCCF90BF6E4...
https://blog.didierstevens.com/2021/08/21/update-analyzepesig-version-0-0-0-8/ 
🔥🔥
 
Published: 2021 08 21 11:52:48
Received: 2021 08 21 12:06:44
Feed: Didier Stevens
Source: Didier Stevens
Category: Cyber Security
Topic: Cyber Security
12:06 Update: AnalyzePESig Version 0.0.0.8
🔥🔥
Articles recieved 20/08/2021
Article: Update: pdf-parser.py Version 0.7.5 - published over 3 years ago.
Content: This is a bug fix version. pdf-parser_V0_7_5.zip (https)MD5: D39E98981E6FEA48BF61CA2F78ED0B09SHA256: 5D970AFAC501A71D4FDDEECBD63060062226BF1D587A6A74702DDA79B5C2D3FB ...
https://blog.didierstevens.com/2021/08/20/update-pdf-parser-py-version-0-7-5/ 
🔥🔥
 
Published: 2021 08 20 00:00:00
Received: 2021 08 20 00:06:52
Feed: Didier Stevens
Source: Didier Stevens
Category: Cyber Security
Topic: Cyber Security
Article: Update: pdfid.py Version 0.2.8 - published over 3 years ago.
Content: This is a bug fix version pdfid_v0_2_8.zip (https)MD5: 9DDE1D9010D860303B03F3317DAF07B4SHA256: 0D0AA12592FA29BC5E7A9C3CFA0AAEBB711CEF373A0AE0AD523723C64C9D02B4 ...
https://blog.didierstevens.com/2021/08/20/update-pdfid-py-version-0-2-8/ 
🔥🔥
 
Published: 2021 08 20 00:00:00
Received: 2021 08 20 00:06:52
Feed: Didier Stevens
Source: Didier Stevens
Category: Cyber Security
Topic: Cyber Security
00:06 Update: pdf-parser.py Version 0.7.5
🔥🔥
00:06 Update: pdfid.py Version 0.2.8
🔥🔥
Articles recieved 19/08/2021
Article: My YouTube Playlists - published over 3 years ago.
Content: I started to create YouTube playlists for my videos. ...
https://blog.didierstevens.com/2021/08/19/my-youtube-playlists/ 
🔥🔥
 
Published: 2021 08 19 00:00:00
Received: 2021 08 19 00:07:00
Feed: Didier Stevens
Source: Didier Stevens
Category: Cyber Security
Topic: Cyber Security
00:07 My YouTube Playlists
🔥🔥
Articles recieved 17/08/2021
Article: Update: oledump.py Version 0.0.62 - published over 3 years ago.
Content: This new version brings a bug fix and an update to plugin_biff’s XOR deobfuscation. oledump_V0_0_62.zip (https)MD5: F16DB945970B49A60155443ED82CDE29SHA256: 4AE5DF2CC8E8F5A395027A8056B1A33B8F05C0AB6FC18D56D46DC151BB4302FB ...
https://blog.didierstevens.com/2021/08/17/update-oledump-py-version-0-0-62/ 
🔥🔥
 
Published: 2021 08 17 00:00:00
Received: 2021 08 17 00:08:06
Feed: Didier Stevens
Source: Didier Stevens
Category: Cyber Security
Topic: Cyber Security
00:08 Update: oledump.py Version 0.0.62
🔥🔥
Articles recieved 11/08/2021
Article: dnsresolver.py: Videos For Each Command - published over 3 years ago.
Content: I did record 8 videos explaining the different commands of my dnsresolver.py tool. This is a tool that can serve files, facilitate exfiltration, do tracking, answer wildcard requests, do rcode testing and also simple resolving. I have a YouTube playlist with all 8 videos: dnsresolver playlist. ...
https://blog.didierstevens.com/2021/08/11/dnsresolver-py-videos-for-each-command/ 
🔥🔥
 
Published: 2021 08 11 00:00:00
Received: 2021 08 11 00:06:21
Feed: Didier Stevens
Source: Didier Stevens
Category: Cyber Security
Topic: Cyber Security
00:06 dnsresolver.py: Videos For Each Command
🔥🔥
Articles recieved 02/08/2021
Article: Overview of Content Published in July - published over 3 years ago.
Content: Here is an overview of content I published in July: Blog posts: Update: xmldump.py Version 0.0.7 New Tool: texteditor.py Update: FileScanner Version 0.0.0.7 New Tool: dnsresolver.py sysmon?s DNS QueryStatus Field Update: base64dump.py Version 0.0.16 Using SeBackupPrivilege With Python YouTube videos: Adding BASE85 To basedump64.py CyberChef BASE85 Decod...
https://blog.didierstevens.com/2021/08/02/overview-of-content-published-in-july-6/ 
🔥🔥
 
Published: 2021 08 02 22:11:00
Received: 2021 08 02 23:05:45
Feed: Didier Stevens
Source: Didier Stevens
Category: Cyber Security
Topic: Cyber Security
23:05 Overview of Content Published in July
🔥🔥
Articles recieved 19/07/2021
Article: Using SeBackupPrivilege With Python - published over 3 years ago.
Content: Access to files on a Windows NTFS filesystem is governed by permissions and privileges. For permissions, it is done with a security descriptor on a file which contains a Discretionary Access Control List (DACL): these are the permissions that decide if a user has access (and which type of access) to said file. Most files don’t have their own, proper perm...
https://blog.didierstevens.com/2021/07/19/using-sebackupprivilege-with-python/ 
🔥🔥
 
Published: 2021 07 19 00:00:00
Received: 2021 07 19 00:06:00
Feed: Didier Stevens
Source: Didier Stevens
Category: Cyber Security
Topic: Cyber Security
00:06 Using SeBackupPrivilege With Python
🔥🔥
Articles recieved 17/07/2021
Article: Update: base64dump.py Version 0.0.16 - published over 3 years ago.
Content: This new version of base64dump.py brings bug fixes and support for BASE85 RFC 1924 encoding. If you want to know how I go about adding a new decoding to base64dump.py, watch this video: Here is version 0.0.0.15, with bug fixes but without base85: base64dump_V0_0_15.zip (https)MD5: 95C78B0DC830C6240F2A56A3BA0C483FSHA256: F011136B2CF4F54647AB4B...
https://blog.didierstevens.com/2021/07/17/update-base64dump-py-version-0-0-16/ 
🔥🔥
 
Published: 2021 07 17 00:00:00
Received: 2021 07 17 00:06:07
Feed: Didier Stevens
Source: Didier Stevens
Category: Cyber Security
Topic: Cyber Security
00:06 Update: base64dump.py Version 0.0.16
🔥🔥
Articles recieved 16/07/2021
Article: sysmon’s DNS QueryStatus Field - published over 3 years ago.
Content: A friend asked me for more info on the QueryStatus field in sysmon‘s DNS events. When a DNS query succeeds, e.g., when there’s a DNS reply with an answer, that status field is 0. But what can cause it to be different from 0? A bit of testing revealed that a query for an unknown domain gives a QueryStatus value of 9003. 9003 is a Windows System Erro...
https://blog.didierstevens.com/2021/07/16/sysmons-dns-querystatus-field/ 
🔥🔥
 
Published: 2021 07 16 00:00:00
Received: 2021 07 16 00:06:03
Feed: Didier Stevens
Source: Didier Stevens
Category: Cyber Security
Topic: Cyber Security
00:06 sysmon’s DNS QueryStatus Field
🔥🔥
Articles recieved 15/07/2021
Article: New Tool: dnsresolver.py - published over 3 years ago.
Content: I’ve done several experiments with DNS, which has lead me over the last couple of years to develop a DNS resolver tool. By no way is it a full fledged DNS server: it implements particular features that I’ve needed for different experiments I conducted. It can serve files, facilitate exfiltration, do tracking, answer wildcard requests, do rcode testing...
https://blog.didierstevens.com/2021/07/15/new-tool-dnsresolver-py/ 
🔥🔥
 
Published: 2021 07 15 00:00:00
Received: 2021 07 15 00:06:53
Feed: Didier Stevens
Source: Didier Stevens
Category: Cyber Security
Topic: Cyber Security
00:06 New Tool: dnsresolver.py
🔥🔥
Articles recieved 13/07/2021
Article: Update: FileScanner Version 0.0.0.7 - published over 3 years ago.
Content: This new version of FileScanner brings bug fixes and new features, like UNICODE filename support and an embedded man page. FileScanner_V0_0_0_7.zip (https)MD5: D3294BE258F5E2CD9ADF60035D5FB444SHA256: 8D9349A2056CF400DF55D0407287144A038B6268E40919F248866B4C8BC3FD0A ...
https://blog.didierstevens.com/2021/07/13/update-filescanner-version-0-0-0-7/ 
🔥🔥
 
Published: 2021 07 13 00:00:00
Received: 2021 07 13 00:07:35
Feed: Didier Stevens
Source: Didier Stevens
Category: Cyber Security
Topic: Cyber Security
00:07 Update: FileScanner Version 0.0.0.7
🔥🔥
Articles recieved 05/07/2021
Article: New Tool: texteditor.py - published over 3 years ago.
Content: I have some ad hoc tools, that help me with special text editing tasks. Like doing search and replace in a text file, with a list of search and replace terms. Or looking for assignment statements in the source code of a program, and replacing each variable with its value. I decided to bundle these ad hoc scripts, into a single generic script, a new tool:...
https://blog.didierstevens.com/2021/07/05/new-tool-texteditor-py/ 
🔥🔥
 
Published: 2021 07 05 00:00:00
Received: 2021 07 05 00:06:40
Feed: Didier Stevens
Source: Didier Stevens
Category: Cyber Security
Topic: Cyber Security
00:06 New Tool: texteditor.py
🔥🔥
Articles recieved 04/07/2021
Article: Update: xmldump.py Version 0.0.7 - published over 3 years ago.
Content: This update to xmldump.py, a tool to help with viewing XML files, adds option -j (–jsoninput) to handle JSON output produced by zipdump.py. With this option, shared strings from OOXML spreadsheets will be used with command celltext. I will explain more in an upcoming blog post. xmldump_V0_0_7.zip (https)MD5: 20FBBC1A053B2528AC4200B917637876SHA2...
https://blog.didierstevens.com/2021/07/04/update-xmldump-py-version-0-0-7/ 
🔥🔥
 
Published: 2021 07 04 00:00:00
Received: 2021 07 04 00:06:03
Feed: Didier Stevens
Source: Didier Stevens
Category: Cyber Security
Topic: Cyber Security
00:06 Update: xmldump.py Version 0.0.7
🔥🔥
Articles recieved 03/07/2021
Article: Overview of Content Published in June - published over 3 years ago.
Content: Here is an overview of content I published in June: Blog posts: How-to: Make Your Own Cert With OpenSSL on Windows (Reloaded) Update: Python Templates Version 0.0.5 New Tool: ssdeep.py Update: 1768.py Version 0.0.7 Update: oledump.py Version 0.0.61 YouTube videos: ssdeep Python Example Based On My Templates oledump Cheat Sheet Videoblog posts: ssdeep ...
https://blog.didierstevens.com/2021/07/03/overview-of-content-published-in-june-6/ 
🔥🔥
 
Published: 2021 07 03 19:01:46
Received: 2021 07 03 19:05:56
Feed: Didier Stevens
Source: Didier Stevens
Category: Cyber Security
Topic: Cyber Security
19:05 Overview of Content Published in June
🔥🔥
Articles recieved 21/06/2021
Article: Update: oledump.py Version 0.0.61 - published over 3 years ago.
Content: This new version of oledump.py comes with Excel 4 formula parsing improvements in the plugin_biff plugin. oledump_V0_0_61.zip (https)MD5: 6DC34FFAF4ED0066696ED230878AEED9SHA256: 41A68ABA19BBA74DAE653BE62D4A63A5AE409FB6DC1DAEEB2D419AA1B493728A ...
https://blog.didierstevens.com/2021/06/21/update-oledump-py-version-0-0-61/ 
🔥🔥
 
Published: 2021 06 21 00:00:00
Received: 2021 06 21 00:06:54
Feed: Didier Stevens
Source: Didier Stevens
Category: Cyber Security
Topic: Cyber Security
00:06 Update: oledump.py Version 0.0.61
🔥🔥
Articles recieved 15/06/2021
Article: Update: 1768.py Version 0.0.7 - published over 3 years ago.
Content: There are no code changes to this version of 1768.py, my tool to analyze Cobalt Strike beacons. What is new, is file 1768.json: this file contains statistical data for license IDs. Over a period of one month, I collected license ID information from these sources: threatviewio and @cobaltstrikebot. For each license ID that is found on more than ...
https://blog.didierstevens.com/2021/06/15/update-1768-py-version-0-0-7/ 
🔥🔥
 
Published: 2021 06 15 00:00:00
Received: 2021 06 15 00:06:46
Feed: Didier Stevens
Source: Didier Stevens
Category: Cyber Security
Topic: Cyber Security
00:06 Update: 1768.py Version 0.0.7
🔥🔥
Articles recieved 11/06/2021
Article: Update: Python Templates Version 0.0.5 - published over 3 years ago.
Content: Here is an update to my Python templates. I use these templates as a starting point for new tools or for quick development of ad-hoc tools. I also recorded a video showing how to use my template to create your own tool: ssdeep Python Example Based On My Templates. python-templates_V0_0_5.zip (https)MD5: 137878F4D7F799436F76C0119E6BB621SHA256: 5A68B...
https://blog.didierstevens.com/2021/06/11/update-python-templates-version-0-0-5/ 
🔥🔥
 
Published: 2021 06 11 10:14:23
Received: 2021 06 11 11:06:27
Feed: Didier Stevens
Source: Didier Stevens
Category: Cyber Security
Topic: Cyber Security
Article: New Tool: ssdeep.py - published over 3 years ago.
Content: ssdeep.py is a Python tool to calculate ssdeep hashes using the ppdeep Python module. As I needed a Python implementation of an ssdeep tool, I decided to document the creation of such a tool with a video. I use my Python templates to quickly create this tool. ssdeep_V0_0_1.zip (https)MD5: 32FD610D858E91BC009845E105ED87C3SHA256: 02EA18EF0139B54D8A06AA0...
https://blog.didierstevens.com/2021/06/11/new-tool-ssdeep-py/ 
🔥🔥
 
Published: 2021 06 11 10:35:08
Received: 2021 06 11 11:06:27
Feed: Didier Stevens
Source: Didier Stevens
Category: Cyber Security
Topic: Cyber Security
11:06 Update: Python Templates Version 0.0.5
🔥🔥
11:06 New Tool: ssdeep.py
🔥🔥
Articles recieved 07/06/2021
Article: How-to: Make Your Own Cert With OpenSSL on Windows (Reloaded) - published over 3 years ago.
Content: As several things have changed since I published “Howto: Make Your Own Cert With OpenSSL on Windows” 5 years ago, I’m publishing an updated how-to. This time, I’m using the OpenSSL Windows binaries provided by the Curl developers: I’m using OpenSSL version 1.1.1i. I chose the 32-bit version, so that you can still follow along in case you have to do this on a...
https://blog.didierstevens.com/2021/06/07/how-to-make-your-own-cert-with-openssl-on-windows-reloaded/ 
🔥🔥
 
Published: 2021 06 07 00:00:00
Received: 2021 06 07 00:06:05
Feed: Didier Stevens
Source: Didier Stevens
Category: Cyber Security
Topic: Cyber Security
00:06 How-to: Make Your Own Cert With OpenSSL on Windows (Reloaded)
🔥🔥
Articles recieved 06/06/2021
Article: metatool.py - published over 3 years ago.
Content: metatool.py is a tool to help with the analysis of Metasploit or Cobalt Strike URLs. More info can be found in my SANS Internet Storm Center diary entry “Finding Metasploit & Cobalt Strike URLs“. It is still in my Github beta repository here. ...
https://blog.didierstevens.com/2021/04/18/metatool-py/ 
🔥🔥
 
Published: 2021 04 18 17:56:33
Received: 2021 06 06 09:04:35
Feed: Didier Stevens
Source: Didier Stevens
Category: Cyber Security
Topic: Cyber Security
Article: Lua CSV Wireshark Dissector - published over 3 years ago.
Content: In December 2020 I provided online Wireshark training to one of our NVISO clients. During the second day, when we cover the development of custom dissectors written in Lua, a question about CSV data came up. When the data exchanged over TCP, for example, has the CSV format (fields separated by a separator), how can I write a dissector for that? While answeri...
https://blog.didierstevens.com/2021/04/19/lua-csv-wireshark-dissector/ 
🔥🔥
 
Published: 2021 04 19 00:00:00
Received: 2021 06 06 09:04:34
Feed: Didier Stevens
Source: Didier Stevens
Category: Cyber Security
Topic: Cyber Security
Article: isodump.py - published over 3 years ago.
Content: This is a new tool (beta) to analyze ISO files. I made this for a webinar I presented: a demo on how to use my templates to create your own tools. isodump.py is in my Github beta repository. The complete webinar is here, if you want to jump directly to the demo where I explain how to make a tool like isodump.py, go here. ...
https://blog.didierstevens.com/2021/04/25/isodump-py/ 
🔥🔥
 
Published: 2021 04 25 10:13:54
Received: 2021 06 06 09:04:34
Feed: Didier Stevens
Source: Didier Stevens
Category: Cyber Security
Topic: Cyber Security
Article: Quickpost: Decrypting Cobalt Strike Traffic - published over 3 years ago.
Content: I have been looking at several samples of Cobalt Strike beacons used in malware attacks. Although work is still ongoing, I already want to share my findings. Cobalt Strike beacons communicating over HTTP encrypt their data with AES (unless a trial version is used). I found code to decrypt/encrypt such data in the PyBeacon and Geacon Github repositories. ...
https://blog.didierstevens.com/2021/04/26/quickpost-decrypting-cobalt-strike-traffic/ 
🔥🔥
 
Published: 2021 04 26 00:00:00
Received: 2021 06 06 09:04:34
Feed: Didier Stevens
Source: Didier Stevens
Category: Cyber Security
Topic: Cyber Security
Article: Overview of Content Published in April - published over 3 years ago.
Content: Here is an overview of content I published in April: Blog posts: metatool.py Lua CSV Wireshark Dissector isodump.py Quickpost: Decrypting Cobalt Strike Traffic YouTube videos: YARA and CyberChef YARA and CyberChef: ZIP Decoding Cobalt Strike Traffic Lua CSV Wireshark Dissector The Security Toolsmith (NVISO Brown Bag 2021) Videoblog posts: YARA and Cyber...
https://blog.didierstevens.com/2021/05/02/overview-of-content-published-in-april-6/ 
🔥🔥
 
Published: 2021 05 02 19:16:58
Received: 2021 06 06 09:04:34
Feed: Didier Stevens
Source: Didier Stevens
Category: Cyber Security
Topic: Cyber Security
Article: Update: 1768.py Version 0.0.6 - published over 3 years ago.
Content: This new version of 1768.py, my tool to analyze Cobalt Stike beacons, has fixes, support for more encodings, and an option to output the config in JSON format. 1768_v0_0_6.zip (https) MD5: EB9C949BB7B5DD3EF9ECEBF7F3C21184 SHA256: 3EC0BB7B41CC5C0E1534F09BAE67D62B220F8D83A7F02EC0F856F8741F86EB31 ...
https://blog.didierstevens.com/2021/05/22/update-1768-py-version-0-0-6/ 
🔥🔥
 
Published: 2021 05 22 15:06:15
Received: 2021 06 06 09:04:34
Feed: Didier Stevens
Source: Didier Stevens
Category: Cyber Security
Topic: Cyber Security
Article: Update: re-search.py Version 0.0.17 - published over 3 years ago.
Content: This new version of re-search.py adds gzip support and filtering of private IPv4 addresses: re-search_V0_0_17.zip (https) MD5: 8945F435BDA03D73EF7A2BA1AA64A65E SHA256: 0D74709B9F26FC7F6EEADAEE1BAA3AF7AADAA618F88B1C267BA5A063C8E3D997 ...
https://blog.didierstevens.com/2021/05/23/update-re-search-py-version-0-0-17/ 
🔥🔥
 
Published: 2021 05 23 00:00:00
Received: 2021 06 06 09:04:34
Feed: Didier Stevens
Source: Didier Stevens
Category: Cyber Security
Topic: Cyber Security
Article: Update: base64dump.py Version 0.0.14 - published over 3 years ago.
Content: This new version of base64dump.py supports a new encoding: NETBIOS Name encoding. NETBIOS Name encoding is very similar to hexadecimal encoding: in stead of hexadecimal digits 0-9 and a-f, letters A-P are used. I encountered this in DNS TXT records of a Cobalt Strike DNS stager. More on that later. base64dump_V0_0_14.zip (https)MD5: 35BF4900BED...
https://blog.didierstevens.com/2021/05/25/update-base64dump-py-version-0-0-14/ 
🔥🔥
 
Published: 2021 05 25 00:00:00
Received: 2021 06 06 09:04:34
Feed: Didier Stevens
Source: Didier Stevens
Category: Cyber Security
Topic: Cyber Security
Article: New Tool: cs-dns-stager.py - published over 3 years ago.
Content: cs-dns-stager.py is a quick & dirty tool I wrote to retrieve a Cobalt Strike DNS beacon from its server, if you only have the IP address of said server. If you want to know more about Cobalt Strike and DNS, watch this video I recorded: ...
https://blog.didierstevens.com/2021/05/30/new-tool-cs-dns-stager-py/ 
🔥🔥
 
Published: 2021 05 30 17:59:01
Received: 2021 06 06 09:04:34
Feed: Didier Stevens
Source: Didier Stevens
Category: Cyber Security
Topic: Cyber Security
Article: Overview of Content Published in May - published over 3 years ago.
Content: Here is an overview of content I published in May: Blog posts: Update: 1768.py Version 0.0.6 Update: re-search.py Version 0.0.17 Update: base64dump.py Version 0.0.14 New Tool: cs-dns-stager.py YouTube videos: Making Sense Of Encrypted Cobalt Strike Traffic Cobalt Strike & DNS – Part 1 Videoblog posts: Making Sense Of Encrypted Cobalt Strike Traffi...
https://blog.didierstevens.com/2021/06/04/overview-of-content-published-in-may-6/ 
🔥🔥
 
Published: 2021 06 04 00:00:00
Received: 2021 06 06 09:04:34
Feed: Didier Stevens
Source: Didier Stevens
Category: Cyber Security
Topic: Cyber Security
09:04 metatool.py
🔥🔥
09:04 Lua CSV Wireshark Dissector
🔥🔥
09:04 isodump.py
🔥🔥
09:04 Quickpost: Decrypting Cobalt Strike Traffic
🔥🔥
09:04 Overview of Content Published in April
🔥🔥
09:04 Update: 1768.py Version 0.0.6
🔥🔥
09:04 Update: re-search.py Version 0.0.17
🔥🔥
09:04 Update: base64dump.py Version 0.0.14
🔥🔥
09:04 New Tool: cs-dns-stager.py
🔥🔥
09:04 Overview of Content Published in May
🔥🔥

Get your Free Scan and Score Certificate

Cyber Tzar Free Score Certificate
Cyber Tzar Free Score Certificate

Get your repeat Free Scan and Score Certificate

Cyber Tzar Score Summary
Cyber Tzar Score Summary

Cyber Security Made Simple

Cyber Tzar Your Score Explained
Cyber Tzar Your Score Explained

Cyber Tzar Platform Highlights

Cyber Tzar Gold Score Certificate
Cyber Tzar Gold Score Certificate
Navigation
Return to Planet "Home"
Ordered/grouped:
Filter applied:
Current page:
Go to "Navigation Help" (page end)
Articles in this collection: 306
  • "Home" links back to the front page, effectivly the Planet "Home Page"; shows all articles, with no selections, or groupings.
  • Default date ordering is by "Received Date" (due to not all RSS feeds having a "Published Date").
  • Authors is the most poorly serviced field in the articles we see from cyber security news providers.
  • Only Published Date selections use the articles Published Date (for ordering and grouping).
  • The first page always shows fifty items plus from zero to up to a remaining forty-nine items, before they are commited permently to the next page.
  • All subsequent pages show fifty items.
  • Pagination is in reverse ordering (so that pages are permamenent links, aka "permalinks", to their content).
  • Return to the top of this page "Go Now"

Custom HTML Block

Click to Open Code Editor