There are Three CyberChefs!

September 5, 2023

Welcome, let's begin our journey through the practical use of GCHQ's CyberChef versions… Yes, there are three of them.

What you will learn:

  • How to use CyberChef server, in a Virtual Machine, on a network with other Virtual Machines.

What you should know:

  • How to use and configure Virtual Machines and networking, basic Linux and shell scripting.


In our previous article, "Obfuscating Infiltration and Exfiltration with Code Cave Artifacts" [1], we crafted several payload data examples that varied from being in plain text, encoded, enciphered and encrypted. We crafted examples using CyberChef Online [2]. CyberChef is aptly declared "The Cyber Swiss Army Knife - a web app for encryption, encoding, compression and data analysis". There certainly is no argument there.

For this article, we'll continue using these same crafted examples to dive deeper using a few versions of CyberChef that include the popular default online web app, the lesser known local [3] installation, and the least known server mode [4]. 

This article will cover the usefulness of the CyberChef Server API's endpoints bake and magic in conjunction with using scripts to integrate and automate into our workflows. We'll also cover how to create and test our queries from the server UI itself.

We all know that automation and integration is super useful in a SOC (Security Operations Center) and CTFs (Capture The Flag) (solo and/or team), as well as integrable to SOARs (Security Orchestration, Automation and Response) and SIEMs (Security Information and Event Management),....

Notify of

Inline Feedbacks
View all comments
© HAKIN9 MEDIA SP. Z O.O. SP. K. 2023