Encoding – CISSP Domain 3

Today we’re going to take a quick look at encoding, as covered in Domain 3 of the CISSP common body of knowledge (CBK). There is often some confusion between encoding and encryption, so one of the purposes of this article is to look at how the CB… Continue reading Encoding – CISSP Domain 3

The Catch 22 of Base64: Attacker Dilemma from a Defender Point of View

Web application threats come in different shapes and sizes. These threats mostly stem from web application vulnerabilities, published daily by the vendors themselves or by third-party researchers, followed by vigilant attackers exploiting them. To cove… Continue reading The Catch 22 of Base64: Attacker Dilemma from a Defender Point of View

[SANS ISC] Base64 All The Things!

I published the following diary on isc.sans.org: “Base64 All The Things!“. Here is an interesting maldoc sample captured with my spam trap. The attached file is “PO# 36-14673.DOC” and has a score of 6 on VT. The file contains Open XML data that refers to an invoice.. [Read more]

[The post [SANS ISC] Base64 All The Things! has been first published on /dev/random]

Continue reading [SANS ISC] Base64 All The Things!

Locky Freaky Friday Your Remittance Advice with base64 encoded attachments to emails instead of zip files

It is Freaky Friday again today. The Locky gang must be having a long weekend off and left the apprentice in charge. They have made a bit of a mess up of encoding the files today and the so called 7z attachment is actually a base64 file that needs decoding Continue reading → Continue reading Locky Freaky Friday Your Remittance Advice with base64 encoded attachments to emails instead of zip files