It is very useful. I have issues with how both GCHQ and NSA operate, but I also really like the tools they provide like Cyberchef and Ghidra as they automate a lot of workflows.
The 'magic' command in cyberchef is pretty magic, especially for obscure (to me) utf and language encodings, though I have certainly run down more than a few rabbit holes because it detects the file magic for 'inflate' compression in pretty much everything, which would be perfect for hiding embedded files because of the number of false positives that appear when you're looking for them, and it's just the algorithm someone of a certain vintage who was serious about hiding something from everyone but someone else of that era would use.
The image analysis stuff is great. I use palette randomization for detecting embeds, and the entropy analyzer/visualizer is great fast method for detecting encrypted and zipped payloads. I like that it's fast, and it's there on the web so I can use it on anything.
The 'magic' command in cyberchef is pretty magic, especially for obscure (to me) utf and language encodings, though I have certainly run down more than a few rabbit holes because it detects the file magic for 'inflate' compression in pretty much everything, which would be perfect for hiding embedded files because of the number of false positives that appear when you're looking for them, and it's just the algorithm someone of a certain vintage who was serious about hiding something from everyone but someone else of that era would use.
The image analysis stuff is great. I use palette randomization for detecting embeds, and the entropy analyzer/visualizer is great fast method for detecting encrypted and zipped payloads. I like that it's fast, and it's there on the web so I can use it on anything.