Peter M. Groen / oletools

28 Sep, 2020

6 commits

readme, documentation and comment updates for v0.56 release
6540ccbc

decalage2 authored
2020-09-28 22:39:41 +0200
Browse Code »
Merge branch 'pull/591' ...
a854e61e
```
# Conflicts:
#	oletools/olevba.py
```
decalage2 authored
2020-09-28 22:08:29 +0200
Browse Code »
Merge pull request #569 from mlodic/master ...
f189b26c
```
improvements to analysis of XLM macros (encrypted ones + contained in XLSM) + template injection
```
Philippe Lagadec authored
2020-09-28 21:48:28 +0200
Browse Code »
Merge pull request #613 from jloehel/feature/update/plugin_biff/0.0.17 ...
69b085b9
```
plugin_biff: updated to v0.0.17
```
Philippe Lagadec authored
2020-09-28 21:25:04 +0200
Browse Code »
olevba: added VBA_Parser.get_vba_code_all_modules, partial fix for issue #619, u… ...
2394f619
```
…pdated mraptor to use it
```
decalage2 authored
2020-09-28 21:03:31 +0200
Browse Code »
merge from upstream
4274e151

Matteo Lodi authored
2020-09-28 15:06:58 +0200
Browse Code »

21 Sep, 2020

2 commits

olevba: bumped version to 0.56dev11 after merging PR #479
40faecbf

decalage2 authored
2020-09-21 23:43:43 +0200
Browse Code »
Merge branch 'pcode-options' ...
45aec6e6
```
# Conflicts:
#	oletools/olevba.py
```
decalage2 authored
2020-09-21 23:31:46 +0200
Browse Code »

17 Sep, 2020

1 commit

readme: added link to DIARIO
d4df0c06

Philippe Lagadec authored
2020-09-17 14:42:32 +0200
Browse Code »

16 Sep, 2020

1 commit

olevba: enabled relaxed mode by default (issues #477, #593), fixed detect_vba_ma… ...
e7e7f97b
```
…cros to always return VBA code as unicode on Python 3 (issues  #455, #477, #587, #593)
```
decalage2 authored
2020-09-16 22:56:09 +0200
Browse Code »

15 Sep, 2020

2 commits

plugin_biff: updated to v0.0.17 ...

f2f6134a

New version of the BIFF plugin from Didier Stevens. Changelog:

- 2020/05/26: 0.0.16 added logic for reserved bits in BOUNDSHEET
- 2020/07/17: 0.0.17 added option --statistics

Signed-off-by: Jürgen Löhel <juergen.loehel@inlyse.com>

authored

2020-09-15 16:30:34 -0500

Browse Code »

olevba: enabled --relaxed by default, until a solution is found to issue #593
be57af2f

decalage2 authored
2020-09-15 21:15:30 +0200
Browse Code »

14 Sep, 2020

3 commits

olevba: bumped version to 0.56dev9 after PR #595
a7a9ff7e

decalage2 authored
2020-09-14 22:43:33 +0200
Browse Code »
Merge remote-tracking branch 'origin/master'
8a4ce710

decalage2 authored
2020-09-14 22:32:00 +0200
Browse Code »
Merge pull request #595 from iwfratz/fix_relaxed ...
ce043b63
```
fixed command line option --relaxed
```
Philippe Lagadec authored
2020-09-14 22:29:33 +0200
Browse Code »

10 Sep, 2020

2 commits

olevba: bumped version to 0.56dev8 after PR #450
31377969

decalage2 authored
2020-09-10 12:50:12 +0200
Browse Code »
Merge pull request #450 from christian-intra2net/ppt-parser-type-error ...
03c107c5
```
ppt_parser: fix type of decompressed data
```
Philippe Lagadec authored
2020-09-10 12:43:57 +0200
Browse Code »

03 Sep, 2020

3 commits

olevba: bumped version to 0.56dev7 after PR #604
c629ef7d

decalage2 authored
2020-09-03 22:29:13 +0200
Browse Code »
Merge pull request #604 from matthieuxyz/master ...
48057ab3
```
olevba: prevent side effects on python lib "email"
```
Philippe Lagadec authored
2020-09-03 22:23:11 +0200
Browse Code »
olevba: add a try.. finally clause around monkey patch of email lib
13a73734

matthieuxyz authored
2020-09-03 13:46:57 +0200
Browse Code »

01 Sep, 2020

1 commit

olevba: prevent side effects on python lib "email" by patching and unpatching when needed
a7fcbcc4

matthieuxyz authored
2020-09-01 11:39:09 +0200
Browse Code »

28 Aug, 2020

1 commit

added link to SpuriousEmu
f540d08b

Philippe Lagadec authored
2020-08-28 12:14:10 +0200
Browse Code »

24 Aug, 2020

2 commits

set is_encrypted variable to False as default
aef91b95

Matteo Lodi authored
2020-08-24 13:24:49 +0200
Browse Code »
added link to EML Analyzer
6523fd88

Philippe Lagadec authored
2020-08-24 11:29:48 +0200
Browse Code »

10 Aug, 2020

1 commit

fixed command line option --relaxed
50ce3533

Klaus van der Vorst authored
2020-08-10 19:55:54 +0200
Browse Code »

21 Jul, 2020

1 commit

adjust CALL and REGISTER command detections to avoid false positives
a42f5500

Matteo Lodi authored
2020-07-21 16:05:50 +0200
Browse Code »

20 Jul, 2020

1 commit

added several improvements based on our tests: https://www.certego.net/en/news/advanced-vba-macros/
dcce7d95

gpippi authored
2020-07-20 14:44:55 +0200
Browse Code »

08 Jul, 2020

2 commits

Update olevba.py ...

8af891f6

even after adding the raw string, _r'HKCU\Environment'_ and _r'HKEY_CURRENT_USER\Environment'_ do not match correctly.
I temporarily removed them.

authored

2020-07-08 09:39:47 +0200

Browse Code »

added several improvements based on our tests: https://www.certego.net/en/news/advanced-vba-macros/
82c4f579

gpippi authored
2020-07-08 02:40:17 +0200
Browse Code »

17 Jun, 2020

2 commits

added "Template Injection" and "XLM Macrosheet" to "Suspicious" keywords in "analyze_macros"
fa1dfdf9

Matteo Lodi authored
2020-06-17 12:53:23 +0200
Browse Code »
added detection of template injection on OpenXML files
f6155b35

Matteo Lodi authored
2020-06-17 11:20:40 +0200
Browse Code »

11 Jun, 2020

1 commit

olevba: fixed bug when decompressing raw chunks in VBA (fixes #575)
02863472

decalage2 authored
2020-06-11 20:07:28 +0200
Browse Code »

04 Jun, 2020

1 commit

ooxml: fixed comments at the beginning
49b35ec2

decalage2 authored
2020-06-04 22:10:13 +0200
Browse Code »

27 May, 2020

1 commit

added chance to decrypt with custom passwords
3f0e4f5e

Matteo Lodi authored
2020-05-27 10:51:35 +0200
Browse Code »

25 May, 2020

1 commit

plugin_biff: updated to v0.0.15 to improve Excel 4/XLM macros parsing and fix Python 3 support
f5c401a2

decalage2 authored
2020-05-25 22:53:25 +0200
Browse Code »

19 May, 2020

5 commits

olevba: fixed call to plugin_biff to get labels with cell references in "A1" style
50455fdc

decalage2 authored
2020-05-19 23:01:27 +0200
Browse Code »
olevba: updated plugin_biff to v0.0.12 to improve Excel 4/XLM macros parsing, ad… ...
1624ef07
```
…ded detection of FORMULA.FILL
```
decalage2 authored
2020-05-19 22:32:59 +0200
Browse Code »
Merge pull request #570 from kirk-sayre-work/master ...
6d959ef1
```
Unpack the values of ptgNum float literals.
```
Philippe Lagadec authored
2020-05-19 21:06:10 +0200
Browse Code »
Merge pull request #1 from mlodic/xlm_macro_in_xlsm ...
26f1ea72
```
added extraction of XLM macro from XLSM new format
```
mlodic authored
2020-05-19 15:40:57 +0200
Browse Code »
added extraction of XLM macro from XLSM new format
f6c210a1

Matteo Lodi authored
2020-05-19 15:37:26 +0200
Browse Code »