Phishing Analysis Fundamentals – Cybersecurity Journal

In the attached virtual machine, view the information in email2.txt and reconstruct the PDF using the base64 data. What is the text within the PDF?

cat base64email2.txt | base64 -d > Khafagy.pdf In this way we decode the base64 from the email2.txt and then save it as pdf file

first time doing this.

From: =?UTF-8?B?VGhhbmsgeW91ISBIb21lIERlcG90?= support@teckbe.com

To understand this, you can follow the format from RFC 2047:

encoded-word = “=?” charset “?” encoding “?” encoded-text “?=”

This actually tells us that the email header is encoded in UTF-8, and the B refers to Base64. Now, you want to take the encoded text and decode it.

VGhhbmsgeW91ISBIb21lIERlcG9 —> base64 —> Thank you! Home Depot

What is the subject line? Subject: =?UTF-8?B?T3JkZXIgUGxhY2VkIDogWW91ciBPcmRlciBJRCBPRDIzMjE2NTcwODkyOTEgUGxhY2VkIFN1Y2Nlc3NmdWxseQ==?=

again base64

We start getting more familiar with base64; sometimes after copying the whole string, base64 may not work. We may have to remove the characters at the end.

NOTES:

The primary function of a tracking pixel image is to track user behavior and interactions, enabling it to collect a wide range of data points. Depending on how you configure a pixel, the collected data may include:IP Address. Date and Time of Visit or Action

You Might Also Like

Sticky Situation (Retired Investigation)

Drilldown (Retired Investigation)

Blue Team Level 1 Certification Experience