Forum Discussion

Bronze II

4 months ago

PowerShell Deobfuscation: Ep.8 - Stuck Halfway

I was working on Ep.8 of PowerShell Deob. Got stuck in second step. Step 1: Base64 & RAW Inflate (Twice) Step 2: Stuck with this weird looking code. Tried to run with PowerShell and received...

Bronze II

4 months ago

Hi netcat, how do we move forward with python/powershell for this?

netcat

Silver III

4 months ago

Well, start with "${ }". You know what this is, isn't it? And "+=", "${}", etc.?
If not, read the PowerShell specification, or play with in PowerShell to get an understanding what happens.

All in all, very ugly, but not impossible to decode.
I can't (well I could) post my decoder here, so can't really give details on how I did it.

Forum Discussion

PowerShell Deobfuscation: Ep.8 - Stuck Halfway

Featured Places

Help & Support Forum

Related Content

PowerShell Deobfuscation: Ep.9

Powershell Deobsfuscation Ep.7

PowerShell Deobfuscation: Ep 8 help

Powershell Deobsfuscation Ep.7

Powershell Deobsfuscation Ep.7

Recent Discussions

Trying to post a question and this popup is stopping me

A Letter to Santa

GuardDuty: Demonstrate Your Skills

Hack Your First Web App: Ep.6 - Hydra

Foundational Static Analysis: API Analysis step 10