SANS ISC

• SANS Site Network
  • Current Site
  • Internet Storm Center
  • Other SANS Sites Help
  • Graduate Degree Programs
  • Security Training
  • Security Certification
  • Security Awareness Training
  • Penetration Testing
  • Industrial Control Systems
  • Cyber Defense Foundations
  • Computer Forensics
  • Software Security
  • Government OnSite Training

InfoSec Handlers Diary Blog

Last week I received another malicious document with embedded payload encoded with base64. A bit tired of repeating the same manual operations to extract and decode base64 content, I quickly wrote a small Python script to help me. base64dump.py searches through the given file for base64 strings (delimited by non-base64 characters), and produce a report like this one:

Here is a video of the tool in action.

Didier Stevens
Microsoft MVP Consumer Security
blog.DidierStevens.com DidierStevensLabs.com