Forum Discussion
PRABAKARANRAMAMURTHY
Bronze II
3 months agoPowerShell Deobfuscation: Ep.8 - Stuck Halfway
I was working on Ep.8 of PowerShell Deob. Got stuck in second step. Step 1: Base64 & RAW Inflate (Twice) Step 2: Stuck with this weird looking code. Tried to run with PowerShell and received...
PRABAKARANRAMAMURTHY
Bronze II
3 months agoHi netcat, how do we move forward with python/powershell for this?
netcat
Silver III
3 months agoWell, start with "${ }". You know what this is, isn't it? And "+=", "${}", etc.?
If not, read the PowerShell specification, or play with in PowerShell to get an understanding what happens.
All in all, very ugly, but not impossible to decode.
I can't (well I could) post my decoder here, so can't really give details on how I did it.