How to detect CVE-2026-21509 exploits
How to detect malicious documents exploiting the MS Office vulnerability CVE-2026-21509
Posts
olefile - a Python module to read/write MS OLE2 files
olefile (formerly OleFileIO_PL) is a Python package to parse, read and write Microsoft OLE2 files (also called Structured Storage, Compound File Binary Format or Compound Document File Format), such as Microsoft Office 97-2003 documents, vbaProject.bin in MS Office 2007+ files, Image Composer and FlashPix files, Outlook MSG files, StickyNotes, several Microscopy file formats, McAfee antivirus quarantine files, etc. ...
My presentations and articles about cyber security
all my presentations and articles about cyber security
oletools - python tools to analyze OLE and MS Office files
python-oletools is a package of python tools to analyze Microsoft OLE2 files (also called Structured Storage, Compound File Binary Format or Compound Document File Format), such as Microsoft Office documents or Outlook messages, mainly for malware analysis, forensics and debugging. It is based on my olefile parser. ...
Portable ExeFilter
If you want to test or use ExeFilter on Windows but you cannot or you do not want to install a Python interpreter, Portable ExeFilter is a simple solution. You just need to unzip it in any folder on a hard drive or a USB stick and it should run anywhere. ...
Advanced VBA Macros Attack & Defence - Black Hat Europe 2019
Presentation at Black Hat Europe 2019, about malicious VBA Macros and recent advances in the attack and defense sides. ...
olefile - a Python module to read/write MS OLE2 files
olefile (formerly OleFileIO_PL) is a Python package to parse, read and write Microsoft OLE2 files (also called Structured Storage, Compound File Binary Format or Compound Document File Format), such as Microsoft Office 97-2003 documents, vbaProject.bin in MS Office 2007+ files, Image Composer and FlashPix files, Outlook MSG files, StickyNotes, several Microscopy file formats, McAfee antivirus quarantine files, etc. ...
Tip - How to use pip, git and PyCharm behind a proxy
Sometimes I need to use pip, git, twine and PyCharm behind a proxy, and I have to look up how to configure them. Here's a quick cheat sheet: pip The proxy needs to be provided on the command line each time you run pip, as follows: pip install --proxy http://proxyserver:port <package> If you need authentication: pip install --proxy http://user:password@proxyserver:port <package> git The proxy can be set in the configuration using this command: ...
