Forum Discussion
Bronze IIPowerShell Deobfuscation: Ep.9
Hello guys I am now on ep 9 on this fantastic collection but been banging my head for couple of days now for this appreciate any help.
Able to decode the first layer using frombase64 and raw inflate
Then I copied the resulting script and remove some parts to be able to execute it on powershell console I read somewhere that it is a enrypted base64 string given there is a -key on the second layer
I found this article which seems related then followed how to decrypt I tried following it with same variable but I am stuck. Not sure how to do this via Cyberchef as well. Appreciate any help in right direction.
Chatgpt helped me on this :)
3 Replies
m1zt3rILForgot to paste the article https://medium.com/@nikhilsda/encryption-and-decryption-in-powershell-e7a678c5cd7d
- m1zt3rIL
Chatgpt helped me on this :)
- jagira
Bronze III
yeah, this episode is giving me headache too. what i am able to understand is that it is using runtime.interopservices.marshal.
what i am unable to understand is the key part. There are some integers, and some base64 type of data and then a key.
struck.
