This new version of base64dump.py has a new option: -z. With this option, you can ignore leading null bytes (to be used for example to handle UNICODE).
You can see this option used in this video (starting 1:28):
base64dump_V0_0_7.zip (https)
MD5: D37DE7CEFDA55ADD1822EADDD84D5FFB
SHA256: 5F676DF8B36172A1D7B29F03E2B0CCB026BB9A96DF8830FDB137E65CBB59DD63
[…] Tools: re-search.py, base64dump.py […]
Pingback by Didier Stevens Videos — Sunday 2 July 2017 @ 9:53
[…] base64dump was updated to version 0.0.7, adding the option to “ignore leading null bytes”. Update; base64dump.py Version 0.0.7 […]
Pingback by Week 27 – 2017 – This Week In 4n6 — Sunday 9 July 2017 @ 13:08
[…] oledump.py, zipdump.py, base64dump.py, […]
Pingback by Emotet Maldoc & ViperMonkey – Didier Stevens Videos — Thursday 10 August 2017 @ 20:03
[…] Tools: oledump.py, base64dump.py […]
Pingback by It’s Not An Invoice – Didier Stevens Videos — Monday 21 August 2017 @ 19:59
[…] oledump.py, zipdump.py, base64dump.py, pecheck.py, […]
Pingback by Metasploit’s msf.docm Analysis – Didier Stevens Videos — Monday 21 August 2017 @ 20:39
[…] BASE64 encoded PowerShell commands (i.e. with option -EncodedCommand) for analysis with my tool base64dump.py, thus I turned to Metasploit to generate these […]
Pingback by Quickpost: Metasploit PowerShell BASE64 Commands | Didier Stevens — Saturday 26 August 2017 @ 21:29
[…] this file with base64dump.py (a BASE64 decoding tool), confirms that it is a PE file (cfr. MZ header) that is BASE64 […]
Pingback by Decoding malware via simple statistical analysis | NVISO LABS – blog — Wednesday 30 August 2017 @ 13:18