http://home.paulschou.net/tools/xlate/ , and it also decoded it. My point is beware of false negatives. Had I went with the results of the first site, I would have assumed I didn't have good data to decode and just moved on. (As it turned out the data was benign, but I had no way of knowing that.) It's a good idea to use multiple tools, and if you have a favorite you use most of the time, verify it's giving you correct results.
Information, tools and how-to's for the new intrusion analyst. Mentoring by blogging.
Tuesday, June 25, 2013
Verify Your Tools (Even if the tool is a web site)
I was looking at an alert with some Base64 encoded data and went to one of my bookmarked sites to decode and was told “Invalid length for a Base-64 char array”. That didn't look right to me, so I went to one of my Linux boxes and ran the text through base64 -d, which decoded it just fine. I want to another web site,
Subscribe to:
Posts (Atom)