Hello and welcome to the Tuesday, April 8th, 2025 edition of the Sands Internet Storm Center's Stormcast.

My name is Johannes Ulrich and today I'm recording from Jacksonville, Florida.

Quick update from DDA today to answer a question actually that came up in a class

and that's regarding DDA's tool XOR search.

If you're not familiar with XOR search, it's one of DDA's famous Python scripts, and what it does

is it prud forces various XOR parameters to figure out if certain strings are present in a file.

So it assumes that the file is exhort with one particular byte value

and then tries all 255 and checks if any of the results contains a particular string.

Then, of course, can easily then be used to figure out

what is the right key here in order to decode the file.

The problem that came up in class is, well,

can you also search for a regular expression?

And the quick answer is no.

But DDA has a trick for you here, how you can still achieve

regular expression searches. The trick is that you're just dumping all the strings. There is a

mode in XOR search that will basically apply all the XOR values and then extract for each XO values any possible

printable string, similar to the strings command. And then you can take that list of strings

and apply your regular expression with a regular grep. Now, I hear that is working on a version

of XOR search that will officially support

regular expressions, but that's, as far as I know, not quite there yet.

But keep looking for it.

Maybe it'll be out by the time you listen to this podcast, given how fast DDA sometimes

...