ray96
Bronze II
2 months agoPowershell Deobsfuscation Ep.7
I was working on this and got stuck with Ep.7. Appreciate if anyone can assist with this Powershell de-obfuscation.
Step 1: I removed the splits accordingly and converted from hexadecimal
Step 2: Next, there was another set of splits to perform and ascii conversion. Ended up with the small snip of string at the bottom with a lot of (spaces and tabs) at the beginning. Basically empty spaces before coming to this short scripts.
I am not sure on how to move from here. Anyone can assist with this pls?
TillyCorless got it done. Could not deob it using CyberChef, used PowerShell commands to run the part that I can't deob earlier and saved the output in another txt file. I removed the IEX part from the script before execution. That worked for me!