Forum Discussion

Bronze II

3 months ago

PowerShell Deobfuscation: Ep.8 - Stuck Halfway

I was working on Ep.8 of PowerShell Deob. Got stuck in second step. Step 1: Base64 & RAW Inflate (Twice) Step 2: Stuck with this weird looking code. Tried to run with PowerShell and received...

Bronze II

3 months ago

Hi netcat, how do we move forward with python/powershell for this?

netcat

Silver III

3 months ago

Well, start with "${ }". You know what this is, isn't it? And "+=", "${}", etc.?
If not, read the PowerShell specification, or play with in PowerShell to get an understanding what happens.

All in all, very ugly, but not impossible to decode.
I can't (well I could) post my decoder here, so can't really give details on how I did it.

Forum Discussion

PowerShell Deobfuscation: Ep.8 - Stuck Halfway

Featured Places

Help & Support Forum

Related Content

PowerShell Deobfuscation: Ep.9

Powershell Deobsfuscation Ep.7

PowerShell Deobfuscation: Ep 8 help

Powershell Deobsfuscation Ep.7

Powershell Deobsfuscation Ep.7

Recent Discussions

Hack Your First Web App: Ep.4 Missing Cookie

It seems correct answer is not accepted.

Help with Introduction to Python Scripting: Ep.7 – Demonstrate Your Skills

Privilege Escalation: Windows – Finding Passwords

Microsoft Defender for Cloud: Inventory, Resource Health and Recommendations.