You can save the text to file to get a clear view or you can do another convertion. But it is not very clear because you there are many dots which make the analysis little bit difficult. What you can see from the result is powershell text. Press preview button to see the conversion result from Base64 to the original text For example you want to base64 decode and convert them to array then what you need to do is to chain both of them where to_array will be in the second You can chain additional processing in the sequence. Then you need to click on the from_base64 and press add button that I circled. So what we can do with Cerbero function ? You must select all the by pressing Ctrl+a to select the code and Right click to select filter We need to decode with 64base to get the actual text. We can identified that the above text is base64 encoded. It is just like a text file has been loaded. I am reusing the payload shared here for this tutorialĪs shown below, You can load the file of the payload that you download from the URL given.Īnd after you loaded the file, It will look like below. A we know that Cerbero Suites has a lot of nice features to help us to on malware forensic. I want to test the Cerbero Suites functionalities on how to do the same thing. I saw OALABS video explaining to reverse the powershell just using cyberchef just before he loaded the actual binary payload into IDA. I want to test Cerbero Suites in order to reverse a small powershell code that has been encoded multyple times to evade detection.
0 Comments
Leave a Reply. |