chopping vegetables Defense

Firstly, you need some Powershell Base64 commands, you could search your security logs or Sysmon logs for these, or simply generate some yourself!


Next, we head over to Cyber Chef!

Graphical user interface, text, application, email

Description automatically generated

Now we copy the base64 component to the INPUT window:

Graphical user interface, text, application, Word

Description automatically generated

We add the “From Base64” operation into our RECIPE!We now need to decode the text!

Graphical user interface, application

Description automatically generated with medium confidence

The format of the encoding is UTF-16LE (1200)

Graphical user interface, text, application

Description automatically generated

With this recipe BAKED we can see the clear text output! Simples!

Leave a Reply