Didier Stevens

Friday 25 May 2018

Update: base64dump.py Version 0.0.10

Filed under: My Software,Update — Didier Stevens @ 0:00

And even more encodings added to this version of base64dump.py: 0x…. little-endian (zxle) and 0x…. big endian (zxbe).

base64dump_V0_0_10.zip (https)
MD5: 6670ACD88FD384BA9172F2B98E72D0D4
SHA256: C080F2A5F60A8E9593AE789A69D233EFC86AEF9BD319C409229B3E518E15C725


  1. […] Update: base64dump.py Version 0.0.10 […]

    Pingback by Overview of Content Published In May | Didier Stevens — Tuesday 5 June 2018 @ 0:01

  2. […] I showed a colleague, it’s easy to analyze a file encoded with certutil using my base64dump.py […]

    Pingback by Quickpost: Decoding Certutil Encoded Files | Didier Stevens — Wednesday 27 June 2018 @ 0:00

  3. […] array of hexadecimal values: this is often the payload in malicious PDFs. To decode it, we will use base64dump.py. This is a tool to decode embedded payloads, not only base64 encodings, but several other encodings […]

    Pingback by Extracting a Windows Zero-Day from an Adobe Reader Zero-Day PDF | NVISO LABS – blog — Tuesday 3 July 2018 @ 20:49

  4. […] is an example showing how output from base64dump is piped into […]

    Pingback by New Tool: file-magic.py | Didier Stevens — Wednesday 11 July 2018 @ 0:00

  5. […] has 0 out of 60 detections on VirusTotal. But when we analyze it with base64dump.py, something stands […]

    Pingback by PowerShell Inside a Certificate? – Part 1 – NVISO Labs — Tuesday 31 July 2018 @ 8:20

RSS feed for comments on this post. TrackBack URI

Leave a Reply (comments are moderated)

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Blog at WordPress.com.