#cyberchef — Public Fediverse posts
Live and recent posts from across the Fediverse tagged #cyberchef, aggregated by home.social.
-
I'm looking forward to our cybersecurity capture the flag trying out together afternoon! This event is free and open for all genders. No registration required, just show up with your computer (or borrow one from us).
More info on the website. :)And they're are always cockies, offline and with real life crumbles. 😅
#it #cybersecurity #fliNTA #feminist #Frauen #linux #meetup #opensource #ctf #ccc #c3w #tu #University #selforganized #vienna #Austria #Wien #meetup #learning #workshop #cyberchef #hacking #ethicalHacking #redteaming
#blueteaming
@totientfunction @c3wien -
I'm looking forward to our cybersecurity capture the flag trying out together afternoon! This event is free and open for all genders. No registration required, just show up with your computer (or borrow one from us).
More info on the website. :)And they're are always cockies, offline and with real life crumbles. 😅
#it #cybersecurity #fliNTA #feminist #Frauen #linux #meetup #opensource #ctf #ccc #c3w #tu #University #selforganized #vienna #Austria #Wien #meetup #learning #workshop #cyberchef #hacking #ethicalHacking #redteaming
#blueteaming
@totientfunction @c3wien -
I'm looking forward to our cybersecurity capture the flag trying out together afternoon! This event is free and open for all genders. No registration required, just show up with your computer (or borrow one from us).
More info on the website. :)And they're are always cockies, offline and with real life crumbles. 😅
#it #cybersecurity #fliNTA #feminist #Frauen #linux #meetup #opensource #ctf #ccc #c3w #tu #University #selforganized #vienna #Austria #Wien #meetup #learning #workshop #cyberchef #hacking #ethicalHacking #redteaming
#blueteaming
@totientfunction @c3wien -
I'm looking forward to our cybersecurity capture the flag trying out together afternoon! This event is free and open for all genders. No registration required, just show up with your computer (or borrow one from us).
More info on the website. :)And they're are always cockies, offline and with real life crumbles. 😅
#it #cybersecurity #fliNTA #feminist #Frauen #linux #meetup #opensource #ctf #ccc #c3w #tu #University #selforganized #vienna #Austria #Wien #meetup #learning #workshop #cyberchef #hacking #ethicalHacking #redteaming
#blueteaming
@totientfunction @c3wien -
I'm looking forward to our cybersecurity capture the flag trying out together afternoon! This event is free and open for all genders. No registration required, just show up with your computer (or borrow one from us).
More info on the website. :)And they're are always cockies, offline and with real life crumbles. 😅
#it #cybersecurity #fliNTA #feminist #Frauen #linux #meetup #opensource #ctf #ccc #c3w #tu #University #selforganized #vienna #Austria #Wien #meetup #learning #workshop #cyberchef #hacking #ethicalHacking #redteaming
#blueteaming
@totientfunction @c3wien -
🔎 XSS (HIGH, CVSS 7.2) in GCHQ CyberChef <11.0.0 (CVE-2026-42615): Improper input neutralization in Show Base64 offsets lets attackers inject scripts remotely — info theft/session hijack possible. No fix yet. Avoid untrusted input. https://radar.offseq.com/threat/cve-2026-42615-cwe-79-improper-neutralization-of-i-760a9adb #OffSeq #CyberChef #XSS
-
🔎 XSS (HIGH, CVSS 7.2) in GCHQ CyberChef <11.0.0 (CVE-2026-42615): Improper input neutralization in Show Base64 offsets lets attackers inject scripts remotely — info theft/session hijack possible. No fix yet. Avoid untrusted input. https://radar.offseq.com/threat/cve-2026-42615-cwe-79-improper-neutralization-of-i-760a9adb #OffSeq #CyberChef #XSS
-
🔎 XSS (HIGH, CVSS 7.2) in GCHQ CyberChef <11.0.0 (CVE-2026-42615): Improper input neutralization in Show Base64 offsets lets attackers inject scripts remotely — info theft/session hijack possible. No fix yet. Avoid untrusted input. https://radar.offseq.com/threat/cve-2026-42615-cwe-79-improper-neutralization-of-i-760a9adb #OffSeq #CyberChef #XSS
-
🔎 XSS (HIGH, CVSS 7.2) in GCHQ CyberChef <11.0.0 (CVE-2026-42615): Improper input neutralization in Show Base64 offsets lets attackers inject scripts remotely — info theft/session hijack possible. No fix yet. Avoid untrusted input. https://radar.offseq.com/threat/cve-2026-42615-cwe-79-improper-neutralization-of-i-760a9adb #OffSeq #CyberChef #XSS
-
Sequence [TryHackMe] [Writeup]
Room Info Name: Sequence Platform: TryHackMe Difficulty: Medium Link: https://tryhackme.com/room/sequence Description: Chain multiple vulnerabilities to take control of a system. Task 1: Challenge Robert made some last-minute updates to the review.thm website before heading off on vacation. He claims that the secret information of the financiers is fully protected. But are his defenses truly airtight? Your challenge is to exploit the vulnerabilities and gain complete control of the […]https://aredopseagle.wordpress.com/2026/03/15/sequence-tryhackme-writeup/
-
Combine the Encode/Decode/Hash add-on with CyberChef operations in ZAP Encode/Decode Scripts for flexible encoding, decoding, and hashing in your testing workflow.
https://www.zaproxy.org/blog/2026-02-17-encoder-cyberchef-via-scripts/
#zaproxy #appsec #cyberchef -
Decoding malware C2 with #CyberChef
https://netresec.com/?b=261f535 -
@badrihippo #ittools #cyberchef #4get #fossq search engine as well.
-
CyberChef is a very cool web app made by GCHQ.
I originally found out about it because @UK_Daniel_Card tweeted about it a long time ago.
I created a blog post about using CyberChef and self-hosting it with Docker.
Check it out. https://thedxt.ca/2026/01/cyberchef/
-
This loading message on #cyberchef never made so much sense...
-
#Cyberchef
Sachen gibts :gura_laugh:CyberChef is a simple, intuitive web app for carrying out all manner of "cyber" operations within a web browser. These operations include simple encoding like XOR and Base64, more complex encryption like AES, DES and Blowfish, creating binary and hexdumps, compression and decompression of data, calculating hashes and checksums, IPv6 and X.509 parsing, changing character encodings, and much more.
#Love #Opensource
The tool is designed to enable both technical and non-technical analysts to manipulate data in complex ways without having to deal with complex tools or algorithms. It was conceived, designed, built and incrementally improved by an analyst in their 10% innovation time over several years.
https://other.li/cyberchef -
Bon, c'était pas trop difficile : le nom était encodé en UTF-16 big-endian.
Merci #Cyberchef + convmv !!
J'aurais aussi pu exploiter les métadonnées internes : le nom du fichier était inscrit dans le champ "Title"...
-
Is there any way to decode #ANSI color sequences in #CyberChef? You know, old school stuff like
]2m
or
]0;39m
?
-
Building #CyberChef #GCHQ
tested with latest version 10.15.0 (2024-04-02)
https://www.infosecworrier.dk/blog/2021/12/how-to-build-cyberchef.html -
Recent #stegocampaign delivering #XWorm RAT #malware samples.
Quick review of #sandbox analysis reports reveal simple, yet interesting infection chain. It contains #VisualBasic script, #PowerShell scripts, picture with Base64-encoded executable and the #xwormrat itself. Those payloads have been downloaded from online hosting services such as #Pastebin and #Firebase.My new article with #IOC and analysis https://malwarelab.eu/posts/stego-xworm/
#steganography #Steganoanalysis #anyrun #malwareanalysis #obfuscation #cyberchef
-
The extension follows an approach similar to that of GCHQ's #CyberChef: https://gchq.github.io/CyberChef/
This itself is a super handy tool for all kinds of data operations.
-
Analysis of #infostealer #malware pretending to be a hack for #roblox anticheat.
This week I delivered one lecture about cyber attacks and three 45-minutes malware analysis workshops with #anyrun and #cyberchef for high school students in #Roznava, #Slovakia.
#Education #CyberSecurity #blueteam #dfir #sandbox
https://infosec.exchange/@securitydungeon/111914649805730340
-
https://www.infosecworrier.dk/blog/2021/12/how-to-build-cyberchef.html How to build CyberChef. Tested with latest version 10.6.0 (2024-02-03) #CyberSecurity #Information #Analysis #CyberChef #GCHQ #LocalInstall
-
#Hall1 In other news: The loading screen of #CyberChef is also very cool. #37c3
-
Tested CyberChef build script on Debian 12 Bookworm: https://www.infosecworrier.dk/blog/2021/12/how-to-build-cyberchef.html
-
Cobalt Strike Loader Deobfuscation Using CyberChef and Emulation (.hta files): https://embee-research.ghost.io/malware-analysis-decoding-a-simple-hta-loader/
-
Cobalt Strike Loader Deobfuscation Using CyberChef and Emulation (.hta files): https://embee-research.ghost.io/malware-analysis-decoding-a-simple-hta-loader/
-
Cobalt Strike Loader Deobfuscation Using CyberChef and Emulation (.hta files): https://embee-research.ghost.io/malware-analysis-decoding-a-simple-hta-loader/
-
My write-up for the #kaspersky challenge from #ekoparty #CTF is online. This was very nice challenge - #network traffic analysis, exploitation, #malware, #reverseengineering and #crypto
https://malwarelab.eu/posts/ekoparty-ctf-2023-kaspersky/
#networksecurity #malwareanalysis #cyberchef #IDAFree #IDAFreeware #cutter @rizin
-
My write-up for the #kaspersky challenge from #ekoparty #CTF is online. This was very nice challenge - #network traffic analysis, exploitation, #malware, #reverseengineering and #crypto
https://malwarelab.eu/posts/ekoparty-ctf-2023-kaspersky/
#networksecurity #malwareanalysis #cyberchef #IDAFree #IDAFreeware #cutter @rizin
-
My write-up for the #kaspersky challenge from #ekoparty #CTF is online. This was very nice challenge - #network traffic analysis, exploitation, #malware, #reverseengineering and #crypto
https://malwarelab.eu/posts/ekoparty-ctf-2023-kaspersky/
#networksecurity #malwareanalysis #cyberchef #IDAFree #IDAFreeware #cutter @rizin
-
My write-up for the #kaspersky challenge from #ekoparty #CTF is online. This was very nice challenge - #network traffic analysis, exploitation, #malware, #reverseengineering and #crypto
https://malwarelab.eu/posts/ekoparty-ctf-2023-kaspersky/
#networksecurity #malwareanalysis #cyberchef #IDAFree #IDAFreeware #cutter @rizin
-
My write-up for the #kaspersky challenge from #ekoparty #CTF is online. This was very nice challenge - #network traffic analysis, exploitation, #malware, #reverseengineering and #crypto
https://malwarelab.eu/posts/ekoparty-ctf-2023-kaspersky/
#networksecurity #malwareanalysis #cyberchef #IDAFree #IDAFreeware #cutter @rizin
-
Hot Off The Press
To start with let’s see what kind of file this is.
“UHARC is a compression/archiving system for PC platforms, which appears to be neglected since around 2005. It achieves better compression than most other archivers, at the expense of being much slower.”
I scoured the internet looking for a copy of UHARC to download. I’m not going to link any here as many if not all may contain malware. Since this is a Windows only tool, (or Wine under Linux), we’ll open this one in a sandboxed Windows system.
When the file extracts we are presented with hot_off_the_press.ps1.
OMG that’s a lot of obfuscation! Let’s see if we can clean this up and make it more readable. First let’s remove all the ”+”
That’s a little bit better. There’s another obfuscation method going on where specific numbers are used to represent different letters. Originally, I tried to determine the substitution by completing terms I knew. Early ahead I saw (”Sc{2}i’pt{1}loc{0}Logging”) which to me reads like ScriptBlockLogging. So all 2’s are i’s, 1’s are B’s, and 0’s are k. I do a find/replace through the script with replacements on {0},{1}, and {2}. Now it looks like a block of Base64 in the middle block. I copy it over to CyberChef and … NADA. Something’s not right.
If you look closer at the code, you’ll see that each one of the strings that had a {#} substitution in it ends with “-f” followed by other letters in quotations. The first character after -f is substituted for {0}, the next for {1}, etc. So I run the same substitution pattern on the script using the correct letters for this string this time.
Replace the {0} with L.
Replace the {1} with E.
Now we’ve got a nice clean block of Base64.
Bring that over to CyberChef for decoding and:
We’ve got a script within the script.
If you scroll down in the output, you’ll see that there’s something else encoded as well.
We’ll run that through CyberChef.
Interesting we have an encoded_flag. Let’s add URL decode to the recipe.
HumanTwo
There were 1,000 files in the zip container. Easy comparison options like file size, modification date etc. don’t help as they are the same for all the files. It’s something in the content that has to be different. How the ‘f’ am I going to find the outlier in 1,000 files?! Meld and diff are two options coming up in the Discord. I install Meld, which is really a gui for diff, and start getting a feel for it. You can compare files or directories. If doing files you could do a 3 way comparison between 3 files. But not 1000. As I was looking through the files with Meld it struck me that all of the file contents we also the same with the exception of one line.
Let’s run through all the files with the_silver_searcher and isolate on String.Equals
Scrolling down through the output we see that one is a definite outlier, or as we like to say around here, an Irregular.
Once more to CyberChef, this time from Hex.
PHP Stager
Heavily obfuscated PHP. This is going to be fun.
Let’s see if ChatGPT can give some insight into what’s going on here.
After several hours of back and forth from PHP to Python to PowerShell, online IDE’s, more ChatGPT, googling, and back again I was able to roughly reproduce the PHP in a Python and get it to execute.
Looks like we’re not done yet. In the middle of the output we can see another block of Base64. What happens if we toss that into CyberChef.
Great! Now we have a Perl script. How far down does this challenge go? It’s like those Matryoshka dolls from Russia. One inside another inside another. But wait… there’s something interesting in the Perl script.
There’s a reference to UU encoding and a string. We’ll copy the string and bring it over to another of my favorite decoding sites, dcode.fr.
Sure enough it handles the decoding and we have our flag.
Zerion
Yay (said no one), another crazy PHP file.
Looks to be using Base64 encoding, Rot13, and some other options to obfuscate the code. Back to school (ChatGPT) to see what’s going on.
Let’s copy the large encoded text block to CyberChef. We’ll apply Rot13, then Reverse the text by Character, and finally – decrypt using Base64.
And that’s our flag!
Use the tag #HuntressCTF on BakerStreetForensics.com to see all related posts and solutions for the 2023 Huntress CTF.
#base64 #CyberChef #decodeFr #DFIR #diff #meld #Perl #PowerShell #Python #theSilverSearcher #uuencode
-
Decryption of strings from #AsyncRAT/#DcRat/#VenomRAT configuration with #CyberChef. Little bit of #Dotnet #reversing and commented recipe with usage of registers for PBKDF2 and AES decryption
Blog post: https://malwarelab.eu/posts/asyncrat-cyberchef/
Recipe with example input: https://tinyurl.com/AsyncRatConfigDecryptor2 -
During 80s a Finnish computer magazine #Mikrobitti had a ton of different odd and cool platforms covered. There was a wide variation of systems available and things hadn't yet been consolidated to just a couple of offerings. The November 1986 issue has a #Sinclair QL program called GMOVE covered. The software adds a "software blitter" extension to Sinclair QL basic.
As it was common at the time, the listing of the software was provided in the magazine as a basic program + data statements that would load the code to memory and hook the system to enable it to function as an extension.
Since I'm fluent in 68k assembly (but not Sinclair) I decided to experiment a bit by scanning the magazine page, OCRing the listing and dumping the actual code from the data statements. As usual the data statement lines had an embedded checksum, which was rather useful when determining if my OCR readout was correct, and enabled me to fix the minor OCR mistakes. I created a #CyberChef recipe to do this part of the work.
I used #Ghidra to decompile the code but I had to deal with various weird idiosyncrasies and outright bugs in the #Ghidra 68k support, so the disassembly was heavily edited in post. Also, resources on Sinclair QL were a bit scarce unfortunately but I believe I managed to do a fairly decent job. The result is at: https://sintonen.fi/gmove/
Oh yes, the guy who wrote the GMOVE ended up writing a bit more software, later, too.
Here's a cool video by Urs König of GMOVE in action on real hardware: https://www.youtube.com/watch?v=pxx6brHlwJI @torvalds #sinclair #retrocomputing #reverseengineering #68k
-
The number of the blog is 666 (words that is).
Automated build of CyberChef: https://www.infosecworrier.dk/blog/2021/12/how-to-build-cyberchef.html
#CyberChef #GCHQ #Automate #Build #CyberSwissArmyKnife #TheNumberOfTheBlog
-
Great guide for learning the capabilities of CyberChef and how to create some automated recipes.
#CyberChef #Regex
https://www.huntress.com/blog/advanced-cyberchef-tips-asyncrat-loader -
Yesterday's Advent of Cyber utilized CyberChef. Last night I completed a malware challenge in LetsDefend that also utilized CyberChef.
I'm starting to think this CyberChef is pretty useful :think_mind_blown: