How to Execute Hidden Python Commands in a One-Line Stager

A stager is a small piece of software that's typically used by malware to hide what's happening in the early stages of infection and to download a larger payload later. We're going to explore how it works by creating a single line that downloads and runs potentially infinite lines of Python. An attacker could use this to hide a really suspicious, damaging payload in a way that a person who's just skimming through a new security tool might miss. The way we're going to unpack this is by base-encoding our different commands in Base64 and then uploading it to a JSON object so we can pull it down... more