Often when I provide training, I get new ideas. This week’s private maldoc training was no different: here’s a new version of oledump with changes inspired by this training.
When you select a stream with a prefix, like A3, you no longer have to type the prefix if it’s A (e.g. the first embedded OLE file).
And I have a new plugin for encrypted documents (plugin_office_crypto.py), more on this in an upcoming blogpost.
oledump_V0_0_34.zip (https)
MD5: 1BE4E08DE1B1E73D5808AECE1BD09852
SHA256: 74F1B05E50D2AF8072505587438BB8959F174BAF76ED6255116E806642E6C4B0
Article Link: https://blog.didierstevens.com/2018/05/06/update-oledump-py-version-0-0-34/