chopping vegetables

Firstly, you need some Powershell Base64 commands, you could search your security logs or Sysmon logs for these, or simply generate some yourself!

powershell.exe -noprofile -ExecutionPolicy UnRestricted -EncodedCommand bgBlAHQAIAB1AHMAZQByACAAcwBlAGMAYQB1AGQAaQB0ACAAUABAADUANQB3ADAAcgBkADEAMgAzACEAIAAvAEEARABEADsAbgBlAHQAIAB1AHMAZQByACAAcwBlAGMAYQB1AGQAaQB0ACAALwBhAGMAdABpAHYAZQA6AHkAZQBzADsAbgBlAHQAIABsAG8AYwBhAGwAZwByAG8AdQBwACAAYQBkAG0AaQBuAGkAcwB0AHIAYQB0AG8AcgBzACAALwBhAGQAZAAgAHMAZQBjAGEAdQBkAGkAdAA=

Next, we head over to Cyber Chef!

https://gchq.github.io/CyberChef/

Graphical user interface, text, application, email

Description automatically generated

Now we copy the base64 component to the INPUT window:

Graphical user interface, text, application, Word

Description automatically generated

We add the “From Base64” operation into our RECIPE!We now need to decode the text!

Graphical user interface, application

Description automatically generated with medium confidence

The format of the encoding is UTF-16LE (1200)

Graphical user interface, text, application

Description automatically generated

With this recipe BAKED we can see the clear text output! Simples!

Leave a Reply

Your email address will not be published. Required fields are marked *