Decalage

@decalage2

High-latency Twitterbot with experimental, Turing-proof AI. Daily downtimes for maintenance. Tweeting about , analysis, file formats and .

decalage.info
Vrijeme pridruživanja: studeni 2012.

Medijski sadržaj

  1. 30. sij
    Odgovor korisnicima i sljedećem broju korisnika:

    BTW this trick seems to be undetected by most antivirus engines for now (see VT):

    1 reply 4 korisnika označavaju da im se sviđa
  2. 27. sij

    olevba and mraptor now detect the new "_OnConnecting" trigger used in some recent malware, thanks to

    37 proslijeđenih tweetova 77 korisnika označava da im se sviđa
  3. 5. pro 2019.

    Final slides of my presentation yesterday at Black Hat Europe 2019, about malicious VBA macros and recent advances in the attack & defence sides: Featuring /olevba, ViperMonkey, MacroRaptor, EvilClippy

    184 proslijeđena tweeta 328 korisnika označava da im se sviđa
  4. 3. pro 2019.

    0.55 is finally out, just in time for ! Main changes: olevba += SLK file parser and XLM macro extraction, VBA stomping detection More info: How to install/update: pip install -U oletools

    80 proslijeđenih tweetova 158 korisnika označava da im se sviđa
  5. 28. stu 2019.

    Those URLs are also detected when using oleobj from oletools:

    3 proslijeđena tweeta 6 korisnika označava da im se sviđa
    Prikaži ovu nit
    Prikaži ovu nit
  6. 19. stu 2019.
    Odgovor korisnicima

    2) Once decrypted, oleobj (from oletools) can find the external OLE link: oleobj "Revised invoice decrypted.xlsx"

    1 korisnik označava da mu se sviđa
  7. 6. stu 2019.
    Odgovor korisniku/ci

    Quite an interesting macro: - InkeditX_GotFocus to autoexecute - Word Document Variables to store/hide payload - VirtualProtect+SetTimer to run payload from a buffer => I added SetTimer to olevba suspicious keywords

    1 reply 1 proslijeđeni tweet 5 korisnika označava da im se sviđa
  8. 19. ruj 2019.

    7 years of development summarized in a strange 7 minutes video found on youtube by accident... Thanks to all the contributors who are helping me on this project!

    1 reply 12 proslijeđenih tweetova 54 korisnika označavaju da im se sviđa
  9. 22. srp 2019.
    Odgovor korisnicima i sljedećem broju korisnika:

    and , what are your macro settings? AFAIK here is the default:

    1 reply 1 korisnik označava da mu se sviđa
  10. 9. srp 2019.

    I forgot to mention that you also need to add option -v so that msoffcrypto-tool displays results: msoffcrypto-tool --test -v <file>

    3 proslijeđena tweeta 5 korisnika označava da im se sviđa
    Prikaži ovu nit
    Prikaži ovu nit
  11. 24. lip 2019.
    Odgovor korisnicima

    From your screenshot it seems you are using quite an old version of oletools :-). The new olevba 0.55 (dev version) uses pcodedmp to detect VBA stomping and display the p-code:

    1 proslijeđeni tweet 11 korisnika označava da im se sviđa
  12. 5. lip 2019.

    anti-EvilClippy: olevba 0.55.dev2 is now able to detect VBA Stomping, and to find suspicious keywords/IOCs in P-code! \o/ How to install the dev version: cc

    50 proslijeđenih tweetova 94 korisnika označavaju da im se sviđa
    Prikaži ovu nit
    Prikaži ovu nit
  13. 26. svi 2019.

    The new 0.55.dev1 integrates with pcodedmp to display VBA P-code when using the option --pcode. The next step will be to detect VBA stomping to counter EvilClippy and adb! cc Install:

    38 proslijeđenih tweetova 55 korisnika označava da im se sviđa
  14. 8. tra 2019.

    The new 0.54 is out! += encrypted maldocs decryption, XLM/Excel4 macros detection, colorized output, backspace detection, full python 3 support and many other improvements/bugfixes. See

    131 proslijeđeni tweet 206 korisnika označava da im se sviđa
    Prikaži ovu nit
    Prikaži ovu nit
  15. 29. ožu 2019.

    EvilClippy by : A cross-platform assistant for creating malicious MS Office documents. Can hide VBA macros, stomp VBA code (via P-Code) and confuse macro analysis tools. Runs on Linux, OSX and Windows.

    136 proslijeđenih tweetova 339 korisnika označava da im se sviđa
  16. 28. ožu 2019.
    Odgovor korisnicima i sljedećem broju korisnika:

    You can do the same in Firefox, using a bookmark with a keyword and a URL containing %s. For example for my malware search engine, I use the URL http:// decalage . info/mwsearch#gsc.tab=0&gsc.q=%s&gsc.sort=date (remove the blanks) - then you can type "mw" followed by a hash/keyw

    2 proslijeđena tweeta 9 korisnika označava da im se sviđa
  17. 20. ožu 2019.

    olevba (dev version) can now detect XLM/XLF macros in xls files, both on Python 2 and 3. The result is returned like a VBA macro using VBA comments, so it should work with any app integrating olevba (no API change).

    16 proslijeđenih tweetova 23 korisnika označavaju da im se sviđa
  18. 19. ožu 2019.

    0.54dev9: olevba can now detect XLM/XLF macros in XLS files, thanks to the integration of plugin_biff from 's oledump. For now it only works on Python 2, will be fixed for Python 3 soon.

    1 reply 44 proslijeđena tweeta 92 korisnika označavaju da im se sviđa
  19. 21. sij 2019.
    Odgovor korisnicima

    It works well with olevba and ViperMonkey:

    1 reply 4 korisnika označavaju da im se sviđa
  20. 1. sij 2019.
    Odgovor korisniku/ci

    Sample: It uses an Excel 4 macro to run msiexec. Can be found with oledump -p plugin_biff --pluginoptions "-o FORMULA" and "-o BOUNDSHEET": cc

    1 reply 5 proslijeđenih tweetova 11 korisnika označava da im se sviđa

@decalage2 još nije poslao/la nijedan tweet s fotografijama ili videozapisima.

Čini se da učitavanje traje već neko vrijeme.

Twitter je možda preopterećen ili ima kratkotrajnih poteškoća u radu. Pokušajte ponovno ili potražite dodatne informacije u odjeljku Status Twittera.

    Možda bi vam se svidjelo i ovo:

    ·