Cyberchef

Examples

• change IP format (windows log is decimal and reversed)
  • from decimal to dotted decimal see example
    • 67217600 -> 4.1.168.192
• Malware Anaylsis
  • copy file to cyberchef
  • extract strings

How To start

• Go to a Website
  • https://gchq.github.io
• Download the application and start the website
  • GitHub CyberChef releases
• Install it with nvm and start your own server

Install on Arm64

# Install
curl -o- https://raw.githubusercontent.com/nvm-sh/nvm/v0.38.0/install.sh | bash

# reload shell and install latest version
nvm install node

# restart shell and activate
nvm use node

# install CyberChef and start it
git clone https://github.com/gchq/CyberChef.git
cd CyberChef
npm install

apache2 proxy

# if you aren´t on the same system you can install an reverse proxy
# only for development
## install apache2
apt install apache2

## enable proxy mod
sudo a2enmod proxy
sudo a2enmod proxy_http

## add a configuration for the proxy
vim /etc/apache2/sites-availiable/cyberchef-proxy.conf

  <VirtualHost *:80>
      ProxyPass / http://localhost:8080/ nocanon
      ProxyPassReverse / http://localhost:8080/
  </VirtualHost>

# disable the default config and enable the new one
a2ensite chyberchef-proxy
a2dissite 000-default.conf

systemctl reload apache2

investigating the operations

• you find all the operations in
  • Cyberchef/src/core/operations/

creating new operations

• creating new operation (ref)
  • npm run newop

Refrences

• TryHackme Advent of Cyber Day 7
• macOS Big Sur: How to setup Node.js on Apple M1 Machine
• CyberChef Workshop by didiers stevens