PowerShell Deobfuscation: Ep.9

Question

Hello guys I am now on ep 9 on this fantastic collection but been banging my head for couple of days now for this appreciate any help.

Able to decode the first layer using frombase64 and raw inflate

Then I copied the resulting script and remove some parts to be able to execute it on powershell console I read somewhere that it is a enrypted base64 string given there is a -key on the second layer

I found this article which seems related then followed how to decrypt I tried following it with same variable but I am stuck. Not sure how to do this via Cyberchef as well. Appreciate any help in right direction.

m1zt3ril · Accepted Answer

Chatgpt helped me on this :)&nbsp;&nbsp;

Forum Discussion

PowerShell Deobfuscation: Ep.9

Related Content

Powershell Deobsfuscation Ep.7

Powershell Deobsfuscation Ep.7

FIN7 Threat Hunting with Splunk: Ep.3 – Execution Logs

Re: Malicious Document Analysis: Dropper Analysis

Weaponization: Payloads – Office Macros

Recent Discussions

SuperSonic: Ep.6 – TEMPLE

Events & Breaches: Magecart Skimmer

Zeek - Demonstrate Your Skills

CVE-2022-29799/CVE-2022-29800 (Nimbuspwn) – Defensive

Foundational Static Analysis: Analyzing Structures