Operator On The Wire
← Back to Knowledge Base
OOTW / Chapter I - Foundation / 05. Common Applications & Services / 05. Encoding & Encryption

Encoding & Encryption

People often use the terms encoding, hashing and encryption interchangeably. They are not the same thing.

Understanding the distinction is important because these concepts appear everywhere in offensive security, from web applications and Active Directory to malware and command-and-control frameworks.

A popular online tool to quickly transform data is CyberChef.

Keep in mind that you should never expose sensitive real-life information in public tooling and generally must rely on alternate offline approaches (as you get better). However, it's very good for CTFs and training.


Encoding

Encoding is the process of transforming data into a different representation.

The primary goal of encoding is compatibility, not secrecy.

Anyone who understands the encoding format can immediately recover the original data without requiring a secret key.

Common examples include:

  • ASCII
  • Unicode (UTF-8)
  • Hexadecimal
  • Base64

For example, the string:

Hello

becomes:

SGVsbG8=

when Base64 encoded.

However, this does not provide security. Anyone can simply decode it and recover the original value.

A useful way to remember this is:

Encoding = Representation

This is good to transport data without breaking it as it passes through multiple parsers.


Hashing

Hashing transforms data into a fixed-size value.

The primary goal of hashing is integrity, not secrecy.

A good hash function is one-way: given the hash, we should not be able to recover the original input.

Common examples include:

  • SHA-256
  • SHA-1
  • MD5

For example, defenders may hash a file and compare the result against a known value:

File
    ↓
SHA-256
    ↓
Hash Value

If the file changes, the hash changes.

Hashes are frequently used for:

  • File integrity
  • Password storage
  • Malware identification
  • Deduplication
  • Digital signatures

MD5 and SHA-1 are considered weak for collision-resistant security. SHA-256 is a safer default for modern integrity checks.

A useful way to remember this is:

Hashing = Fingerprint

XOR Encoding

XOR occupies an interesting position.

In its simplest form, XOR is often used as a lightweight encoding or obfuscation mechanism.

For example:

Original Data
        XOR
Secret Value
        ↓
Encoded Data

Applying the same XOR operation a second time restores the original value:

Encoded Data
        XOR
Secret Value
        ↓
Original Data

This makes XOR extremely popular in malware, shellcode and proof-of-concept tooling because it is simple, fast and easy to implement.

However, XOR alone should generally not be considered secure encryption.

The primary purpose is usually:

  • Obfuscation
  • Avoiding simple signatures
  • Hiding strings or payloads from casual inspection

rather than providing meaningful security.


Encryption

Encryption is the process of transforming data into an unreadable form using a secret key.

Unlike encoding, encryption is specifically designed to prevent unauthorized parties from recovering the original information.

Without the correct key, recovering the plaintext should be computationally difficult or practically impossible.

A useful way to remember this is:

Encoding   = Compatibility
Hashing    = Integrity
Encryption = Confidentiality

RC4

RC4 is a stream cipher that was historically very popular due to its simplicity and speed.

Conceptually:

Plaintext
    +
Keystream
    ↓
Ciphertext

The same key is used to generate a stream of pseudo-random bytes which are combined with the plaintext.

RC4 was widely used in:

  • Malware
  • Legacy software
  • Wireless protocols
  • Early TLS implementations

Today, RC4 is considered cryptographically broken and should generally be avoided for new systems.

However, operators and reverse engineers still encounter it regularly when analyzing older software and malware.


AES

AES (Advanced Encryption Standard) is the modern industry standard for symmetric encryption.

Unlike RC4, AES operates on blocks of data and is designed to provide strong confidentiality and resistance against modern cryptographic attacks.

AES is used virtually everywhere:

  • HTTPS/TLS
  • VPNs
  • Password managers
  • Disk encryption
  • Cloud services
  • Modern malware
  • Command-and-control frameworks

Conceptually:

Plaintext
    +
AES Key
    ↓
Ciphertext

The encrypted data appears random and cannot be meaningfully recovered without the correct key.

Common AES key sizes include:

  • AES-128
  • AES-192
  • AES-256

In practice, AES-256 is one of the most common choices for modern offensive and defensive tooling.