Quantcast
Channel: Uncategorized – Didier Stevens
Browsing all 18 articles
Browse latest View live

Image may be NSFW.
Clik here to view.

Quickpost: Restoring Safe Mode with a .REG File for Windows 2000 SP4...

I added the SafeBoot registry keys for Windows 2000 SP4 Professional to the zip file and updated the post. Quickpost info

View Article



Image may be NSFW.
Clik here to view.

A Little Poll

According to you, what’s the single most-downloaded file from my site http://DidierStevens.com? It’s neither welcome.html nor robots.txt. Post your guess as a comment.

View Article

Image may be NSFW.
Clik here to view.

Link: case of the tweep abduction

I know, I love a bit of mischief Wim renamed his “old” Twitter account @domgingelom to the “new” @wimremes. And then I promptly registered @domdingelom… Did some Tweeting under an assumed name… And...

View Article

Image may be NSFW.
Clik here to view.

Quickpost: Checking ASLR

Some people asked me for a simple way to check shell extensions for their ASLR support. You can do this with Process Explorer. Start Process Explorer, and set the lower pane to display DLLs. Select...

View Article

Image may be NSFW.
Clik here to view.

Update: PDFid And pdf-parser

To mark the occasion of my Malicious PDF Analysis workshop at Black Hat Europe 2012, I’m releasing version 0.0.12 of PDFiD and version 0.3.9 of pdf-parser. The major change is that these 2 tools...

View Article


Image may be NSFW.
Clik here to view.

Videos

I plan to produce short videos more frequently. I will not post them all here on my blog, I’ve created another blog for all my videos: videos.didierstevens.com. The RSS is...

View Article

Image may be NSFW.
Clik here to view.

Update: Authenticode Tools

I released new versions of my AnalyzePESig and ListModules authenticode tools. Extra fields with information were added to the output of the tools, and the tools were adapted to use the SE_BACKUP_NAME...

View Article

Image may be NSFW.
Clik here to view.

Update: rtfdump Version 0.0.4

This version has a user-friendlier handling of files that are not rtf: Last months, I’ve seen many maldocs that disguise .doc files as .rtf. rtfdump_V0_0_4.zip (https) MD5:...

View Article


Image may be NSFW.
Clik here to view.

Update: base64dump.py Version 0.0.5

This new version supports different encodings besides base64 (but the name remains base64dump). The new encodings are hexadecimal (hex), \u unicode (bu) and %u unicode (pu). Here’s an example with...

View Article


Image may be NSFW.
Clik here to view.

Update: pdf-parser Version 0.6.6

This new version of pdf-parser is a bugfix for /FLATEDECODE. pdf-parser_V0_6_6.zip (https) MD5: 47326468E1B5A1AF7BB8AD63688804D9 SHA256: 51C9B25B939B135D9949E51463F58ECEC0BEBEFB9C0EAA0B93326CBFB4D8F061

View Article

Update: pdf-parser.py Version 0.7.5

This is a bug fix version. pdf-parser_V0_7_5.zip (https)MD5: D39E98981E6FEA48BF61CA2F78ED0B09SHA256: 5D970AFAC501A71D4FDDEECBD63060062226BF1D587A6A74702DDA79B5C2D3FB

View Article

Image may be NSFW.
Clik here to view.

Update: cs-extract-key.py Version 0.0.3

This update brings a new option: -V –verbose. Verbose output includes an hex/ascii dump of the decrypted data: cs-extract-key_V0_0_3.zip (https)MD5: C40C96B68701369F41EB6731FD83B28BSHA256:...

View Article

Image may be NSFW.
Clik here to view.

.ISO Files With Office Maldocs & Protected View in Office 2019 and 2021

We have seen ISO files being used to deliver malicious documents via email. There are different variants of this attack. One of the reasons to do this, is to evade “mark-of-web propagation”. When a...

View Article


Update: sortcanon Version 0.0.2

This new version adds a sort function to sort email addresses by domain first. sortcanon_V0_0_2.zip (http)MD5: ED6DBE384707778E765C9BD6B6880C05SHA256:...

View Article

Overview of Content Published in October

Here is an overview of content I published in October: Blog posts: Quickpost: Standby Power Consumption Of An Old Linear Power Supply Update: base64dump.py Version 0.0.24 Update: rtfdump.py Version...

View Article


Update: oledump.py Version 0.0.71

A new plugin and an updated plugin. Plugin plugin_dttm is a plugin for Word documents: it searches for Dop structures. They contain DTTM timestamps. And plugin plugin_metadata has been updated to...

View Article

Image may be NSFW.
Clik here to view.

Quickpost: Fixing A Duplicate Key

I had a locksmith make a duplicate key of my mailbox lock, and it didn’t work (didn’t open the lock). The cutting looked good, I saw no difference with the original key. Until I noticed this notch:...

View Article


New Tool: myjson-transform.py

This tool takes JSON output from tools like oledump, zipdump, base64dump, … via stdin and transforms the data produced by these tools.The transformation function (name Transform) has to be defined in...

View Article
Browsing all 18 articles
Browse latest View live




Latest Images