Last week I received another malicious document with embedded payload encoded with base64. A bit tired of repeating the same manual operations to extract and decode base64 content, I quickly wrote a small Python script to help me. base64dump.py searches through the given file for base64 strings (delimited by non-base64 characters), and produce a report like this one: Here is a video of the tool in action. Didier Stevens |
DidierStevens 638 Posts ISC Handler Jul 5th 2015 |
Thread locked Subscribe |
Jul 5th 2015 6 years ago |
Sign Up for Free or Log In to start participating in the conversation!