Threat Level: green Handler on Duty: Manuel Humberto Santander Pelaez

SANS ISC: Working with base64 SANS ISC InfoSec Forums

Watch ISC TV. Great for NOCs, SOCs and Living Rooms: https://isctv.sans.edu

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
Working with base64

Last week I received another malicious document with embedded payload encoded with base64. A bit tired of repeating the same manual operations to extract and decode base64 content, I quickly wrote a small Python script to help me. base64dump.py searches through the given file for base64 strings (delimited by non-base64 characters), and produce a report like this one:

Here is a video of the tool in action.

Didier Stevens
Microsoft MVP Consumer Security
blog.DidierStevens.com DidierStevensLabs.com

DidierStevens

398 Posts
ISC Handler

Sign Up for Free or Log In to start participating in the conversation!