[BLUE TEAMING] - Analyzing using CyberChef and OleDump

<aside> 💡 CyberChef - The Cyber Swiss Army Knife tool that encrypts/decrypts and does a lot of thing. SUPER USEFUL!

</aside>

<aside> 💡 Base64 encoding schemes are commonly used when there is a need to encode binary data that needs to be stored and transferred over media that are designed to deal with ASCII

</aside>

<aside> 💡 The XOR cipher is commonly used by attackers.

</aside>

<aside> 💡 Oledump is used to analyze OLE (compound file binary format) files

• OLE files are similar to a zip archive
• MS office applications .doc, .xls, and .ppt are OLE files, and attackers can use macros to hide scripts inside them </aside>

<aside> 💡 OLE files have storages, which are folders that contain streams of data or other storages

• View with oledump <file>
  • M letter next to a stream indicates a macro </aside>

Questions ➖

1, 2, 3, 4 -

5 - Dump contents of each stream and view

6 - enumerate in the file system