Welcome to LibNotFound!

LibNotFounds mission is to help you reduce the ever-growing complexity around threat research, threat detection, data protection and content inspection so you can focus on your service or product. Basically, I have code I want to write to solve new and older complicated problems in a better way so you can benefit from it though an API. Maybe thinking a bit different will help?

If you have topics you want me to cover, please email me at research, follow @libnotfound on Twitter or use the form at the bottom to send me a message.

The latest blogs:

First look at automatic XF2Python

In my previous blog I had a first look on what Excel Formula, or Excel Macro 4.0 – would look like in Python 3.x. I manually wrote support for the first layer of that sample. Little did I know how complicated it would become to do this automatic, and what secrets the sample had further…

First look at ‘manual’ xf2python

One of my first blogs was about de-compiling Excel Formula code from the formula statements in the workbook stream. Today we’ll see how we can run this code in Python.

Vba2Python results & challenges

This will probably by the last post about vba2python for a while. This time we’ll walk through 3 samples, look at the output and the various challenges they contain trying to convert this to Python 3.x

Automatically generate Python 3.x from malicious VBA macros

If you have followed my lasts posts, it’s been focused on VBA macros and getting them to run on a Python platform. I spent a lot of time understanding the VBA world and how it could work in the Python world. I manually converted the code and then I built automation to convert the complicated…

Running VBA as Python (part 3)

The similarities between Python and Visual Basic for Applications (VBA) are strong. Python is of course a much stronger language, trying to do this the other way would have been way too painful (and possibly not doable). How much time does it take to extract info, convert code and run it? Find out..

Running VBA as Python (part 2)

In my previous blog we looked at a quite simple malicious VBA macro that used string-obfuscation and we could convert the code to Python to understand its real intentions. It wasn’t particularly complicated.