Forum Discussion

Silver I

9 months ago

Solved

Powershell Deobsfuscation Ep.7

Team, has anyone ventured into PowerShell Deobsfucation yet? I’ve got to 7 no issues but I cannot get another further. The drama is every time you reset it’s a completely different code or it freezes...

help & support

GusC
9 months ago
Hello - the labs use "invoke obfuscation" which is why they are different every time. They are really difficult, it took me a month to complete them.
Have a look at some internet articles - this is a good primer
https://medium.com/mii-cybersec/malicious-powershell-deobfuscation-using-cyberchef-dfb9faff29f

BarnyStewart

Immerser

9 months ago

Hi Jay,

What tool or approach you use is very much a personal choice, but CyberChef is very powerful and flexible as you can tweak and fine-tune your recipe and see the results in real time.

Out of interest, have you looked at the 'Introduction to PowerShell Deobfuscation' collection?

If you continue to struggle then let me know - I'll be happy discuss approaches in more detail.

Cheers,
Barny

Forum Discussion

Powershell Deobsfuscation Ep.7

Featured Places

Help & Support Forum

Related Content

Powershell Deobsfuscation Ep.7

Powershell Deobsfuscation Ep.7

Snort Rules: Ep.7 – Lokibot Infection Traffic

Help with Introduction to Python Scripting: Ep.7 – Demonstrate Your Skills

PowerShell Deobfuscation: Ep.9

Recent Discussions

Microsoft Defender for Cloud: Inventory, Resource Health and Recommendations.

Snort Rules: Ep.9 – Exploit Kits

Snort Rules: Ep.7 – Lokibot Infection Traffic

Pen Test CTFs: Artica Shipping Company

Help with Foundational Static Analysis: 64-Bit Analysis