Forum Discussion

Bronze II

24 days ago

PowerShell Deobfuscation: Ep.8 - Stuck Halfway

I was working on Ep.8 of PowerShell Deob. Got stuck in second step. Step 1: Base64 & RAW Inflate (Twice) Step 2: Stuck with this weird looking code. Tried to run with PowerShell and received...

Bronze II

23 days ago

Hi netcat, how do we move forward with python/powershell for this?

netcat

Silver II

23 days ago

Well, start with "${ }". You know what this is, isn't it? And "+=", "${}", etc.?
If not, read the PowerShell specification, or play with in PowerShell to get an understanding what happens.

All in all, very ugly, but not impossible to decode.
I can't (well I could) post my decoder here, so can't really give details on how I did it.

Forum Discussion

PowerShell Deobfuscation: Ep.8 - Stuck Halfway

Featured Places

Help & Support Forum

Related Content

PowerShell Deobfuscation: Ep.9

Powershell Deobsfuscation Ep.7

PowerShell Deobfuscation: Ep 8 help

Powershell Deobsfuscation Ep.7

Powershell Deobsfuscation Ep.7

Recent Discussions

Privilege Escalation: Linux – Demonstrate Your Skills

S3: Demonstrate Your Skills

World Cup Special - Immersive Squad

Radare2 Reverse Engineering: Ep.2 – Windows Binary Part 2

Radare2 Reverse Engineering: Ep.1 – Windows Binary Part 1