Files

T

tobias e62a14dafc Add markdown wiki with 473 pages and zk browser

Generate interlinked wiki from master inventory: 397 tool pages,
15 workflow pages, 27 recipe pages, 33 category pages, plus index.
All pages use [[wiki-links]] for cross-navigation between tools,
workflows, recipes, and categories (1782 links total).

Install zk for interactive browsing with fzf search, tag filtering,
and backlink discovery. Add 'fhelp wiki' command and Makefile target.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

2026-03-28 19:50:36 +01:00

668 B

Raw Blame History

Extract Base64 PowerShell from Office Macro

Get encoded PowerShell payload hidden in a VBA UserForm stream

Tools: tools/oledump-py, tools/base64dump-py FOR610 Lab: 3.4

Commands

# List streams — find macro (M) and data streams
oledump.py <document>
# Extract VBA source to understand what the macro does
oledump.py <document> -s <macro_stream> -v
# Scan data stream for Base64 strings
oledump.py <document> -s <data_stream> -d | base64dump.py -n 10
# Decode the longest Base64 hit to file
oledump.py <document> -s <data_stream> -d | base64dump.py -s 1 -d > payload.ps1

#recipe #oledump-py #base64dump-py

668 B Raw Blame History

Extract Base64 PowerShell from Office Macro

Commands

668 B

Raw Blame History