Didier Stevens tools - reuteras/dfirws GitHub Wiki
Didier Stevens tools are available under C:\Tools\DidierStevens.
Below is a collection of links to ISC Storm Center that uses the tools in Didier Stevens suite. All the examples can be run in dfirws. I have also added PDF:s for offline use.
- String Obfuscation: Character Pair Reversal (pdf)
zipdump.py
strings.py
re-search.py
python-per-line.py
- Extra: "String Obfuscation: Character Pair Reversal"
(pdf)
strings.py
python-per-line.py
(Reverse and ReverseFind)numbers-to-strings.py
- Extracting Multiple Streams From OLE Files
(pdf)
oledump.py
file-magic.py
myjson-filter.py
- Uses --jsoninput and --jsonoutput in the pipe
- Another Malicious HTA File Analysis - Part 1
(pdf)
zipdump.py
python-per-line.py
(--split, --regex, oMatch.groups() and --join)
- Another Malicious HTA File Analysis - Part 2 (pdf)
zipdump.py
python-per-line.py
(--split, --regex, --join)base64dump.py
(--jsonoutput)myjson-transform.py
(--script)numbers-to-string.py