Forum Discussion

Bronze III

2 months ago

Powershell Deobsfuscation Ep.7

Team, has anyone ventured into PowerShell Deobsfucation yet? I’ve got to 7 no issues but I cannot get another further. The drama is every time you reset it’s a completely different code or it freezes...

help & support

GusC
2 months ago
Hello - the labs use "invoke obfuscation" which is why they are different every time. They are really difficult, it took me a month to complete them.
Have a look at some internet articles - this is a good primer
https://medium.com/mii-cybersec/malicious-powershell-deobfuscation-using-cyberchef-dfb9faff29f

BarnyStewart

Immerser

2 months ago

Hi Jay,

What tool or approach you use is very much a personal choice, but CyberChef is very powerful and flexible as you can tweak and fine-tune your recipe and see the results in real time.

Out of interest, have you looked at the 'Introduction to PowerShell Deobfuscation' collection?

If you continue to struggle then let me know - I'll be happy discuss approaches in more detail.

Cheers,
Barny

Forum Discussion

Powershell Deobsfuscation Ep.7

Related Content

Powershell Deobsfuscation Ep.7

PowerShell Deobfuscation: Ep.9

FIN7 Threat Hunting with Splunk: Ep.3 – Execution Logs

Re: Zeek - Demonstrate Your Skills

Re: Malicious Document Analysis: Dropper Analysis

Recent Discussions

CVE-2022-29799/CVE-2022-29800 (Nimbuspwn) – Defensive

SuperSonic: Ep.6 – TEMPLE

Events & Breaches: Magecart Skimmer

Zeek - Demonstrate Your Skills

Foundational Static Analysis: Analyzing Structures