Last Updated: 2015-07-05 14:57:31 UTC
by Didier Stevens (Version: 1)
Last week I received another malicious document with embedded payload encoded with base64. A bit tired of repeating the same manual operations to extract and decode base64 content, I quickly wrote a small Python script to help me. base64dump.py searches through the given file for base64 strings (delimited by non-base64 characters), and produce a report like this one:
Here is a video of the tool in action.
If you have more information or corrections regarding our diary, please share.