-
olevba and mraptor now detect the new "_OnConnecting" trigger used in some recent malware, thanks to
@matte_lodi#oletools https://twitter.com/joe4security/status/1221765460502421504 …pic.twitter.com/6GebSQZWkt
-
Malware that just quits? I think there's more to the formula in this maldoc.
#oletools reveals all cc/@decalage2
https://www.virustotal.com/gui/file/f0bfbad00ca2cb6a09eb2a9975000f6d5d666f6ecf3d0c066543d867f365e7fc …pic.twitter.com/g9vITlJL5j
-
Thanks
@decalage2! Now you can use#oletools to detect this new trick used by recent#ostap downloaders!@JAMESWT_MHT@reecdeep@Certego_IRT@CertPa@a_de_pasqualehttps://twitter.com/decalage2/status/1221902787149168640 …
-
#trolldi Seriously Google ? Seriously Microsoft ?#oletools a malware !!? The tests samples are... tests !!! pic.twitter.com/1u40G7oUEB
-
♫ On the 19th day of Christmas Philippe Lagadec sent to me oletools, the many ways of peeking into malicious OLE file ♫ t♫ We’re very grateful about the tool! Read the blog: https://cincan.io/blog/2019_12_19_oletools …
@decalage2#dfir#digitalforensics#containers#oletools#malware -
Final slides of my presentation yesterday at Black Hat Europe 2019, about malicious VBA macros and recent advances in the attack & defence sides: https://www.decalage.info/bheu2019 Featuring
#oletools/olevba, ViperMonkey, MacroRaptor, EvilClippy#BHEU#BHEU2019pic.twitter.com/iT8iqvIM8E
-
I feel soooo sorry for ole ! He probably wants to win this game so fucking bad and not have the embarrassment of Jose beating him ! But he has the worst
@ManUtd team in decades

#mufc#MUFC_FAMILY#OleIn#oletools#olesatthewheel#OleOutNow -
#oletools 0.55 is finally out, just in time for#BHEU! Main changes: olevba += SLK file parser and XLM macro extraction, VBA stomping detection More info: https://github.com/decalage2/oletools/releases/tag/v0.55 … How to install/update: pip install -U oletoolspic.twitter.com/zGEJqoQRUy
-
I’ve written a guide on how to deobfuscate malicious macros with open source tools. Check it out!
#CyberSecurity#malware#oletools#emotet#cyberchef#staticanalysishttps://newtonpaul.com/static-malware-analysis-with-ole-tools-and-cyber-chef/# … -
In December I'll give a presentation at BlackHat Europe in London about malicious VBA Macros, advanced techniques and the recent/upcoming improvements in my tools to address them (
#oletools olevba, mraptor, ViperMonkey) https://www.blackhat.com/eu-19/briefings/schedule/#advanced-vba-macros-attack--defence-17636 …#BHEU@BlackHatEvents -
7 years of
#oletools development summarized in a strange 7 minutes video found on youtube by accident... Thanks to all the contributors who are helping me on this project! https://www.youtube.com/watch?v=561QFmv9msU … -
The new
#oletools 0.55.dev1 integrates with pcodedmp to display VBA P-code when using the option --pcode. The next step will be to detect VBA stomping to counter EvilClippy and adb! cc@StanHacked@VessOnSecurity@haroldogden@OrOneEqualsOne Install: https://github.com/decalage2/oletools/wiki/Install#how-to-install-the-latest-development-version …pic.twitter.com/xytDTKKWNM
-
Thanks to
@decalage2 and#oletools,#stoQ v2 now has several plugins leveraging the package.https://github.com/PUNCH-Cyber/stoq-plugins-public … -
#oletools 0.54dev2: olevba now detects and shows backspace characters that may be used to hide VBA code on the console, as demonstrated by@StanHacked and@ptrpieter at#DerbyCon. More info: https://github.com/decalage2/oletools/issues/358 … - Install: https://github.com/decalage2/oletools/wiki/Install#how-to-install-the-latest-development-version …#DFIR#malwarepic.twitter.com/BbTnC8qHjN
-
TIL that some people are brave enough to run ViperMonkey in production, to automate the extraction of obfuscated payloads and URLs from VBA macros. This would not be possible without all the contributions from
@bigmacjpg. https://github.com/decalage2/ViperMonkey …#DFIR#Malware#oletools -
My first blog post is up. Extracting macros in Word documents using oletools. https://paulcimino.com/index.php/2018/03/23/how-to-disassemble-a-word-document-with-embedded-macros/ …
#dfir#maliciousdocuments#malware#oletools -
New release of
#oletools inspired me to investigate#dde capability in#excel. Awesome updt. But is it only about cmd? No. You can run any cmd with#dde. In this example, I show how to use#mshta to run notepad via#dde. limitation: len(cmd name) <= 8 chars@decalage2@Oddvarmoepic.twitter.com/7JWKCAXAra
Prikaži ovu nit -
FLARE VM: turn a Windows VM into a malware analysis platform with lots of tools - including
#oletools https://www.fireeye.com/blog/threat-research/2017/07/flare-vm-the-windows-malware.html …pic.twitter.com/z3lLoRucMt
-
The
#oletools cheat sheet is available on the github repository in DOCX and PDF formats: https://github.com/decalage2/oletools/tree/master/cheatsheet … -
rtfobj (dev version): added detection of the MS Word "OLE2Link" vulnerability https://github.com/decalage2/oletools/wiki/Install#how-to-install-the-latest-development-version …
#oletools cc@edecapic.twitter.com/JLFe7tgmKV
Čini se da učitavanje traje već neko vrijeme.
Twitter je možda preopterećen ili ima kratkotrajnih poteškoća u radu. Pokušajte ponovno ili potražite dodatne informacije u odjeljku Status Twittera.