irt/docker_file_analysis
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
Files
0a008354932a91d9f02f14bf54b5fbad9f3b6375
docker_file_analysis/data/generated/wiki/tools/base64dump.md
T
tobias e62a14dafc Add markdown wiki with 473 pages and zk browser 
Generate interlinked wiki from master inventory: 397 tool pages,
15 workflow pages, 27 recipe pages, 33 category pages, plus index.
All pages use [[wiki-links]] for cross-navigation between tools,
workflows, recipes, and categories (1782 links total).

Install zk for interactive browsing with fzf search, tag filtering,
and backlink discovery. Add 'fhelp wiki' command and Makefile target.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
2026-03-28 19:50:36 +01:00

35 lines
1.5 KiB
Markdown
Raw Blame History

# base64dump.py
> Extract and decode Base64-encoded strings from files
**Category:** [[categories/examine-static-properties-deobfuscation|Examine Static Properties > Deobfuscation]] | **Tier:** Rich (FOR610) | **Author:** Didier Stevens
**Docs:** [https://docs.remnux.org/discover-the-tools/examine+static+properties/deobfuscation](https://docs.remnux.org/discover-the-tools/examine+static+properties/deobfuscation)
## Usage
```bash
base64dump.py file.txt
base64dump.py file.ps1 -n 10
base64dump.py file.ps1 -s 2 -d
```
## Recipes
- [[recipes/extract-base64-ps-from-vba|Extract Base64 PowerShell from Office Macro]]
- [[recipes/multi-stage-base64-gzip|Decode Base64 + Gzip Payload]]
- [[recipes/base64-xor-shellcode|Decode Base64 + XOR Shellcode]]
- [[recipes/office-full-decode-chain|Full Office Macro Decode Chain]]
## Workflows
- [[workflows/document-analysis-workflow|Malicious Document Analysis]] — Step 5: Payload Decoding
## Related Tools
- [[tools/1768|1768.py]] — Parse Cobalt Strike beacon configuration from shellcode or m
- [[tools/balbuzard|balbuzard]] — Extract and deobfuscate patterns from suspicious files.
- [[tools/brxor|brxor.py]] — Brute-force XOR key detection for single-byte XOR-encoded st
- [[tools/chepy|chepy]] — Decode and otherwise analyze data using this command-line to
- [[tools/cobalt-strike-configuration-extractor-csce-and-parser|Cobalt Strike Configuration Extractor (CSCE) and Parser]] — Analyze Cobalt Strike beacons.
## FOR610
**Labs:** 3.4, 4.5
**Sections:** 3, 4
#base64 #decoding #didier-stevens
Reference in New Issue View Git Blame Copy Permalink