CyberChef Recipe to Loop Over Values to Modify and Decode | allinfosecnews.com

March 31, 2023, 5 p.m. | Dr Josh Stroschein

Dr Josh Stroschein www.youtube.com

It's common during malware analysis to find lists, or arrays, of data that you need to decode. However, the data first needs to be manipulated before it can be decoded. In this video, we'll look at a CyberChef recipe to help you do just that. We'll use a recent HTA file used to download SnakeKeylogger that hides a Powershell script in an array of numeric values. To decode this array, an arbitrary value must first be subtracted, this is where …

analysis array cyberchef data download find fork hta lists loop malware malware analysis powershell powershell script recipe script value video

More from www.youtube.com / Dr Josh Stroschein

🔴 Malware Mondays Episode 02 - Investigating Processes with Process Explorer and System Informer 1 month ago | www.youtube.com

basics episode explorer focus +10

MM#02 - Uncover Program Behavior! Build a Sample Program to Investigate w/ Process Explorer | … 1 month, 1 week ago | www.youtube.com

basics build episode explorer +12

Malware Mondays?!? Learn more 1 month, 2 weeks ago | www.youtube.com

Malware Mondays Episode 01 - Identifying Malicious Activity in Process Monitor (ProcMon) Data 1 month, 4 weeks ago | www.youtube.com

artifact data goal learn +11

MM#01 - How to Capture Malicious Activity with Process Monitor! Using ProcMon with Amadey Malware 2 months, 1 week ago | www.youtube.com

amadey artifacts capture data +11

Malware Mondays Episode 01 - Identifying Malicious Activity in Process Monitor (ProcMon) Data 2 months, 1 week ago | www.youtube.com

artifact data goal learn +11

Why Do You Need to Know Assembly to Use IDAPro or Ghidra? Exploring disassembly and … 2 months, 1 week ago | www.youtube.com

assembly disassembly effectively ghidra +9

Ease Shellcode Analysis with SCLauncher! Learn how-to wrap shellcode into a PE file 2 months, 2 weeks ago | www.youtube.com

analysis debugging development easy +18

Customizing FakeNet-NG for Malicious Document Analysis! How to modify the web root 2 months, 3 weeks ago | www.youtube.com

analysis can default dive +16

CyberSOC Technical Lead

@ Integrity360 | Sandyford, Dublin, Ireland

View on infosec-jobs.com

Cyber Security Strategy Consultant

@ Capco | New York City

View on infosec-jobs.com

Cyber Security Senior Consultant

@ Capco | Chicago, IL

View on infosec-jobs.com

Sr. Product Manager

@ MixMode | Remote, US

View on infosec-jobs.com

Security Compliance Strategist

@ Grab | Petaling Jaya, Malaysia

View on infosec-jobs.com

Cloud Security Architect, Lead

@ Booz Allen Hamilton | USA, VA, McLean (1500 Tysons McLean Dr)

View on infosec-jobs.com