open source

CyberChef Cyber “Swiss-Army” Knife – Free Tool For Security Professionals

Cyber Chef Logo

CyberChef is a web-based tool that assists with carrying out a number of complex operations such as compressing or decompressing data, encrypting data, creating binary and hex dumps, extracting metadata, matching YARA rules, and so much more. It was created by the GCHQ or Government Communications Headquarters, which is an intelligence service in the United Kingdom. It’s completely open source and is available for anyone and everyone on GitHub.

CyberChef is an absolute must for any security operations analyst or security professional, and can save you time in almost every use case. That is why we at Rogue Security are proud to introduce the Rogue Security hosted, CyberChef instance!

Direct Link: https://cyberchef.roguesecurity.ca/

Disclaimer: Rogue Security will not take responsibility for any data that you use within the tool. Please make sure that you never place secret of confidential data into a tool that you do not have full trust on.

We are making CyberChef available to the general public because we believe that access to tools and resources is critical to the growth of Information Security and Cybersecurity.

CyberChef Interface

Cyberchef Interface
Cyberchef Interface

The CyberChef interface is made up of 4 areas:

1. Input — The Input field provides an area to enter or paste your text or file input.

2. Output — The Output field provides the outcome of your recipe.

3. Operations — The Operations menu provides you wish access to both simple and complex operations, in which will be performed against the input.

4. Recipe — In the Recipe field, you will use any number of Operations that will determine how your input will be processed.

We can use the Input Menu to upload folders and files. The plus ( + ) sign allows us to create multiple tabs for inputs. The Input window will also allow you to drag and drop files, or paste text directly.

Operations list in CyberChef
Operations list in CyberChef

The Operations menu gives you a list of both simple and complex operations that can be performed against

The screenshot to the right provides a list of operations categories that can be performed. I won’t go through the list because it’s extensive, but if you can think about a data manipulation technique then it’s probably here.

Operations can be hovered over to see additional details on what they do, and can be dragged into the recipe window for use against your input. Once your drag an operation into the recipe window, and as long as you have an input and the Auto Bake feature turned on, an output will automatically be generated in the Output window.

CyberChef Resources

CylanceProtect API Wrapper in Python3

Open Source

CylanceProtect is an artificial intelligence based anti-virus solution that is now owned by Blackberry.

A few years ago I wrote a Python3 wrapper for the CylanceProtect API. It’s not well testing, but fairly well documented. Feel free to check it out on Github and modify it as you see fit.

CyPyAPI was designed as an object oriented class so you’ll simply need to instantiate the object with the required connection settings, and then call whatever methods that you wish.

import cypyapi

# Create a new CyPyAPI object
cypiapi_object = CyPyApi(Tenant_ID, App_ID, App_Secret)

# Now call whatever method that you wish.
users = cypiapi_object.get_users()

It’s as simple as that.

Check out the code over on GitHub.