My Games
Account 🔐
Sign Up
Login
Global Leaderboard
Case Vault
Badge Backpack
Blue Team Glossary
Login and start playing
Leaving so soon?
×
You really want to log out? We were having so much fun!
Home
›
Glossary
›
encoding
Encoding
Definition
Encoding is the process of **transforming data into a different format** so it can be safely stored, transmitted, or processed by a system — without changing its actual meaning. It’s not encryption (which is meant to hide information) and it’s not compression (which is meant to make things smaller). Encoding is about **compatibility and safe transport**. Examples you’ve probably seen: * **Base64** – Turns binary data into text characters so it can be sent in email or embedded in scripts. * **URL encoding** – Replaces unsafe characters in URLs (`space` → `%20`) so web browsers can handle them. * **Character encoding** – Defines how letters and symbols are represented as bytes (UTF-8, ASCII). In cybersecurity investigations, encoding is important because: * Attackers often encode malicious payloads to bypass filters or avoid detection (e.g., a PowerShell script encoded in Base64). * Data exfiltration might use encoding to hide in plain sight (e.g., sensitive data sent in a URL query string but encoded to look harmless). * Decoding suspicious strings is a common analysis step to reveal the actual command, file, or URL. Example of Base64 encoding: ``` Text: Hello Base64: SGVsbG8= ``` If an attacker sends `SGVsbG8=` in a script, it’s just “Hello” once decoded. Real-world examples: * Many phishing kits deliver payloads via `powershell.exe -enc <Base64String>` to hide the real script from plain sight. * Malware families like Emotet and Agent Tesla encode stolen credentials before sending them back to the attacker. * Web shell uploads may be Base64-encoded to evade simple keyword-based detection. ### Encoding v. Encryption Encoding and encryption both change the way data looks, but they serve very different purposes and have very different security implications. **Encoding** * **Purpose:** Make data compatible for storage or transmission * **Goal:** Ensure systems can handle the data without altering its meaning * **Key needed to read it?** No — anyone can decode it using the defined method * **Security benefit:** None — it’s not meant to hide data, just format it * **Example:** Base64 turns `Hello` into `SGVsbG8=` so it can be safely sent in an email **Encryption** * **Purpose:** Protect data from unauthorized access * **Goal:** Make the data unreadable to anyone without the correct key * **Key needed to read it?** Yes — you must have the decryption key * **Security benefit:** Strong — keeps data confidential if implemented properly * **Example:** AES encryption turns `Hello` into unreadable ciphertext like `q1w2e3r4t5...` that you can’t reverse without the right key Quick analogy: * Encoding is like writing a note in all caps so it’s easier to read from far away — the message is still public. * Encryption is like locking the note in a safe — without the key, no one can see what it says. In cybersecurity investigations, this distinction matters because: * If you find **encoded** malicious commands (e.g., Base64 in PowerShell), you can decode them easily to see the payload. * If you find **encrypted** data being exfiltrated, you may not be able to see what’s inside without the key — but the mere fact it’s encrypted might be suspicious if it’s going somewhere it shouldn’t. Further reading: * Base64 Encoding & Decoding (RFC 4648): [https://datatracker.ietf.org/doc/html/rfc4648](https://datatracker.ietf.org/doc/html/rfc4648) * MDN – URL Encoding: [https://developer.mozilla.org/en-US/docs/Glossary/percent-encoding](https://developer.mozilla.org/en-US/docs/Glossary/percent-encoding) * MITRE ATT\&CK – Obfuscated Files or Information (T1027): [https://attack.mitre.org/techniques/T1027/](https://attack.mitre.org/techniques/T1027/)
Explore More Terms
Indicator Of Compromise
Indicent Response
Distinct
Password-Spray
Phishing-Campaign
.png)
