Decalage

Articles and tools about Python, IT Security and more.

user warning: UPDATE command denied to user 'decalaged'@'10.0.115.152' for table 'cache_filter' query: UPDATE cache_filter SET data = 'Here is the list of open-source Python projects that I am maintaining or contributing to.\n', created = 1369201877, expire = 1369288277, headers = '', serialized = 0 WHERE cid = '1:856fb11d06948f0632f2502350e5ee55' in /homez.14/decalaged/www/drupal/includes/cache.inc on line 109.
user warning: UPDATE command denied to user 'decalaged'@'10.0.115.152' for table 'cache_filter' query: UPDATE cache_filter SET data = 'Here is a list of all articles and presentations I\'ve published about IT Security so far.\n', created = 1369201878, expire = 1369288278, headers = '', serialized = 0 WHERE cid = '1:82d363a01b0d6835ffd0ccd6375c3652' in /homez.14/decalaged/www/drupal/includes/cache.inc on line 109.
user warning: UPDATE command denied to user 'decalaged'@'10.0.115.152' for table 'cache_filter' query: UPDATE cache_filter SET data = 'pyxswf is a script to detect, extract and analyze Flash objects (SWF files) that may be embedded in files such as MS Office documents (e.g. Word, Excel) and RTF, which is especially useful for malware analysis. It is part of the <a href=\"oletools\">oletools </a>package. pyxswf is an extension of <a href=\"http://hooked-on-mnemonics.blogspot.nl/2011/12/xxxswfpy.html\">xxxswf.py</a> published by Alexander Hanel.\n', created = 1369201878, expire = 1369288278, headers = '', serialized = 0 WHERE cid = '1:7dcc78a81cc4e465896b192d8d875e58' in /homez.14/decalaged/www/drupal/includes/cache.inc on line 109.
user warning: UPDATE command denied to user 'decalaged'@'10.0.115.152' for table 'cache_filter' query: UPDATE cache_filter SET data = '<a href=\"../../../../../../python/oletools\">python-oletools</a> is a package of python tools to analyze <a href=\"http://en.wikipedia.org/wiki/Compound_File_Binary_Format\">Microsoft OLE2 files (also called Structured Storage, Compound File Binary Format or Compound Document File Format)</a>, such as Microsoft Office documents or Outlook messages, mainly for malware analysis and debugging. It is based on the <a href=\"../../../../../../python/olefileio\">OleFileIO_PL</a> parser. \n', created = 1369201878, expire = 1369288278, headers = '', serialized = 0 WHERE cid = '1:13a6dbc252cc6586ffde782fbe5c0e63' in /homez.14/decalaged/www/drupal/includes/cache.inc on line 109.
user warning: UPDATE command denied to user 'decalaged'@'10.0.115.152' for table 'cache_filter' query: UPDATE cache_filter SET data = 'OleFileIO_PL is a Python module to read <a href=\"http://en.wikipedia.org/wiki/Compound_File_Binary_Format\">Microsoft OLE2 files (also called Structured Storage, Compound File Binary Format or Compound Document File Format)</a>, such as Microsoft Office documents, Image Composer and FlashPix files, Outlook messages, ... This my improved version of the OleFileIO module from <a href=\"http://www.pythonware.com/products/pil/index.htm\">PIL</a>, the excellent Python Imaging Library, created and maintained by Fredrik Lundh. The API is still compatible with PIL, but I have improved the internal implementation significantly, with many bugfixes and a more robust design.\n', created = 1369201878, expire = 1369288278, headers = '', serialized = 0 WHERE cid = in /homez.14/decalaged/www/drupal/includes/cache.inc on line 109.
user warning: UPDATE command denied to user 'decalaged'@'10.0.115.152' for table 'cache_filter' query: UPDATE cache_filter SET data = 'rtfobj is a Python module to extract embedded objects from RTF files, such as OLE ojects. It can be used as a Python library or a command-line tool. It is part of the <a href=\"../../../../../../en/python/oletools\">oletools </a>package. \n', created = 1369201878, expire = 1369288278, headers = '', serialized = 0 WHERE cid = '1:c13d199824eb9fd8b23ecbc592c82338' in /homez.14/decalaged/www/drupal/includes/cache.inc on line 109.
user warning: UPDATE command denied to user 'decalaged'@'10.0.115.152' for table 'cache_filter' query: UPDATE cache_filter SET data = 'This article describes the Microsoft Office legacy/binary file formats (doc, xls, ppt), related security issues and useful resources. [WORK IN PROGRESS]\n', created = 1369201878, expire = 1369288278, headers = '', serialized = 0 WHERE cid = '1:21f43a34ec5e462886168e1715614bcb' in /homez.14/decalaged/www/drupal/includes/cache.inc on line 109.
user warning: UPDATE command denied to user 'decalaged'@'10.0.115.152' for table 'cache_filter' query: UPDATE cache_filter SET data = 'oleid is a script to analyze OLE files such as MS Office documents (e.g. Word, Excel), to detect specific characteristics that could potentially indicate that the file is suspicious or malicious, in terms of security (e.g. malware). For example it can detect VBA macros, embedded Flash objects, fragmentation. It is part of the <a href=\"../../../../../../en/python/oletools\">oletools </a>package. \n', created = 1369201878, expire = 1369288278, headers = '', serialized = 0 WHERE cid = '1:ce49a7fb233c73461ad0ec952532cfc8' in /homez.14/decalaged/www/drupal/includes/cache.inc on line 109.
user warning: UPDATE command denied to user 'decalaged'@'10.0.115.152' for table 'cache_filter' query: UPDATE cache_filter SET data = 'olebrowse is a simple GUI to browse OLE files (e.g. MS Word, Excel, Powerpoint documents), to view and extract individual data streams. It is part of the <a href=\"../../../../../../en/python/oletools\">oletools </a>package.\n', created = 1369201878, expire = 1369288278, headers = '', serialized = 0 WHERE cid = '1:57f2c306753f0b4d67a4ddb87201c9d2' in /homez.14/decalaged/www/drupal/includes/cache.inc on line 109.
warning: array_map() [function.array-map]: Argument #2 should be an array in /homez.14/decalaged/www/drupal/modules/system/system.module on line 1015.
warning: array_keys() [function.array-keys]: The first argument should be an array in /homez.14/decalaged/www/drupal/includes/theme.inc on line 1817.
warning: Invalid argument supplied for foreach() in /homez.14/decalaged/www/drupal/includes/theme.inc on line 1817.

Python projects

Tool
Python

Here is the list of open-source Python projects that I am maintaining or contributing to.

Articles and presentations about IT Security

Security

Here is a list of all articles and presentations I've published about IT Security so far.

pyxswf - a python tool to extract SWF (Flash) objects from documents (improved xxxswf)

Submitted by decalage on Wed, 05/08/2013 - 19:24

pyxswf is a script to detect, extract and analyze Flash objects (SWF files) that may be embedded in files such as MS Office documents (e.g. Word, Excel) and RTF, which is especially useful for malware analysis. It is part of the oletools package. pyxswf is an extension of xxxswf.py published by Alexander Hanel.

python-oletools - python tools to analyze OLE files

Submitted by decalage on Wed, 05/08/2013 - 19:21

python-oletools is a package of python tools to analyze Microsoft OLE2 files (also called Structured Storage, Compound File Binary Format or Compound Document File Format), such as Microsoft Office documents or Outlook messages, mainly for malware analysis and debugging. It is based on the OleFileIO_PL parser.

OleFileIO_PL - a Python module to read MS OLE2 files

Tool
Python

OleFileIO_PL is a Python module to read Microsoft OLE2 files (also called Structured Storage, Compound File Binary Format or Compound Document File Format), such as Microsoft Office documents, Image Composer and FlashPix files, Outlook messages, ... This my improved version of the OleFileIO module from PIL, the excellent Python Imaging Library, created and maintained by Fredrik Lundh. The API is still compatible with PIL, but I have improved the internal implementation significantly, with many bugfixes and a more robust design.

rtfobj - a python tool to extract embedded objects from RTF files

Submitted by decalage on Fri, 05/03/2013 - 04:56

rtfobj is a Python module to extract embedded objects from RTF files, such as OLE ojects. It can be used as a Python library or a command-line tool. It is part of the oletools package.

MS Office legacy/binary formats security (doc, xls, ppt, ...)

Submitted by decalage on Fri, 11/02/2012 - 14:49

Security

This article describes the Microsoft Office legacy/binary file formats (doc, xls, ppt), related security issues and useful resources. [WORK IN PROGRESS]

oleid - a python tool to quickly analyze OLE files

Submitted by decalage on Fri, 11/02/2012 - 10:03

oleid is a script to analyze OLE files such as MS Office documents (e.g. Word, Excel), to detect specific characteristics that could potentially indicate that the file is suspicious or malicious, in terms of security (e.g. malware). For example it can detect VBA macros, embedded Flash objects, fragmentation. It is part of the oletools package.

PDF Security Issues

Submitted by decalage on Wed, 10/24/2012 - 20:05

Security

This article describes the PDF file format, related security issues and useful resources. [WORK IN PROGRESS]

olebrowse - a simple python GUI to browse OLE files and extract streams

Submitted by decalage on Mon, 10/15/2012 - 20:15

olebrowse is a simple GUI to browse OLE files (e.g. MS Word, Excel, Powerpoint documents), to view and extract individual data streams. It is part of the oletools package.