| Base64 Code | Mnemonic Aid | Decoded* | Description |
|---|---|---|---|
JAB |
π£ Jabber | $. |
Variable declaration (UTF-16), e.g. JABlAG4AdgA for $env: |
TVq |
πΊ Television | MZ |
MZ header |
SUVY |
π SUV | IEX |
PowerShell Invoke Expression |
SQBFAF |
π£ Squab favorite | I.E. |
PowerShell Invoke Expression (UTF-16) |
SQBuAH |
π£ Squab uahhh | I.n. |
PowerShell Invoke string (UTF-16) e.g. Invoke-Mimikatz |
PAA |
πͺ "Pah!" | <. |
Often used by Emotet (UTF-16) |
i401 b401
Neo23x0
/ Base64_CheatSheet.md
Last active
December 1, 2025 19:51
Learning Aid - Top Base64 Encodings Table
OALabs
/ windows_defender_unquarantine.py
Last active
October 10, 2025 13:55
Extract quarantine files from Windows Defender | System Center Endpoint Protection | Microsoft Security Essentials
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # MS SCEP & SE quarantined files decrypter | |
| # This script is a fork from quarantine.py from the cuckoosandbox project. | |
| # Also thanks to Jon Glass (https://jon.glass/quarantines-junk/) | |
| # Usage: quarantine.py <encryptedfile> | |
| # | |
| # Copyright (C) 2015 KillerInstinct, Optiv, Inc. (brad.spengler@optiv.com) | |
| # This file is part of Cuckoo Sandbox - http://www.cuckoosandbox.org | |
| # See the file 'docs/LICENSE' for copying permission. | |