New Tool: xlsbdump.py
source link: https://blog.didierstevens.com/2022/03/30/new-tool-xlsbdump-py/
Go to the source link to view the article. You can view the picture content, updated content and better typesetting reading experience. If the link is broken, please click the button below to view the snapshot at that time.
Wednesday 30 March 2022
New Tool: xlsbdump.py
This is a new tool to parse XLSB files.
It is still in beta.
Related
Overview of Content Published in MarchFriday 1 April 2022In "Announcement"
Windows Explorer: Improper Exif Data RemovalTuesday 8 February 2022In "Forensics"
New Tool: cs-parse-traffic.pyMonday 29 November 2021In "Announcement"
2 Comments »
-
Sorry to ask about Cobalt Strike:
https://research.nccgroup.com/2022/03/25/mining-data-from-cobalt-strike-beacons/
Is it possible to distinguish Crooks and Red-Teams with the Trial/Lisence or the Watermark field?
The domain or the “from_IP” is the C2 Server?
$File = ‘c:\users\[user]\downloads\beacons-2022.jsonl’
$Cobalt = get-content $File | ConvertFrom-Json$Cobalt.domains
$Cobalt.collected_from_ip
$Cobalt.orgComment by A. No — Wednesday 30 March 2022 @ 11:15
-
I do not mind answering you questions about Cobalt Strike. But can you please post them under a related blog post or page? Having a discussion about CS under an Excel file format tool, can be very confusing for other readers.
So please post your question under a related post, for example my latest 1768.py post. And I’ll happily answer it there, and then remove this comment. Thanks.Comment by Didier Stevens — Sunday 3 April 2022 @ 15:14
RSS feed for comments on this post. TrackBack URI
Leave a Reply (comments are moderated)
This site uses Akismet to reduce spam. Learn how your comment data is processed.
Recommend
About Joyk
Aggregate valuable and interesting links.
Joyk means Joy of geeK