With that in mind, it’s a common practice among attackers to obfuscate their attacks using multiple encodings of the same text-to the extent of encoding an attack a few dozen times to evade detection. While Base64 encoding is very useful to transfer binary data over the web, there is no practical need to do multiple encoding of the same text. Unfortunately, this encoding technique is often abused and used to carry obfuscated malicious payloads disguised as legitimate Base64-encoded content. Since Base64 is commonly used to encode and transfer data over the web, security controls often decode the traffic as a preprocessing step just before analyzing it. If there are less than three characters as an input, the encoding pads the Base64 encoding output using the “=” sign. It then splits these 24 bits into four parts of six bits each and translates each of the six bits into a character using the Base64 encoding table. In short, Base64 takes three 8–bits ASCII characters as an input, making it 24-bits in total. Today, Base64 encoding is widely used to transfer any type of binary data across the web as a means to ensure data integrity at the recipient. Originally, Base64 encoding was used to safely transfer email messages, including binary attachments, over the web. The name Base64 comes from the fact that each output character is represented in 6-bits, hence there are characters that can be represented… lower and upper case letters, numbers and the “+” and “/” signs. What is Base64?īase64 is an encoding mechanism used to represent and stream binary data over mediums limited to printable characters only. In this blog post, we’ll dive deep into one of the simplest obfuscation techniques commonly used by web application attackers – Base64 – and uncover some of the traits making it so unique and interesting from the defender perspective. Alternatively, and as described in a recent spam campaign research we conducted, obfuscation of web application attacks can be as simple as importing common encoding schemes and re-encoding the attack payloads multiple times. Obfuscation of web application attacks can be extremely complicated, involving custom-made encoding schemes made by the attacker to suit a specific need. To cover their tracks and increase their attack success rate, hackers often obfuscate attacks using different techniques. These threats mostly stem from web application vulnerabilities, published daily by the vendors themselves or by third-party researchers, followed by vigilant attackers exploiting them. Web application threats come in different shapes and sizes.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |