Forum Discussion

Bronze II

9 months ago

Solved

Powershell Deobsfuscation Ep.7

Hello can anybody help me or give some hints how to solve this lab? I can notice some URL encoding. I did try in Cyberchef below recipe but still stuck url decode > from hex > from charcode Next th...

defensive cyber

CyberSharpe
9 months ago
Firstly great detail. The last one seems like we've missed something.

The easier thing to do with this lab is remove any way of detonating (removable of shell commands or IEX or Invoke expression and so on) and use powershell to return the data then pipe it to an 'Add-Content -Path command or > NewLayer1.ps1 and continue that way

Happy to jump on a discord chat Mr Hand Grenade#6321

Honestly I learnt so much from this 12 days of Deobfs but there is also another Powershell Deobs that actually shows you how to do it... I wish I had of done that first but learnt so much this way

ray96

Bronze II

4 months ago

I am stuck here too. Anyone can help on how to proceed from here?

ray96

Bronze II

4 months ago

CyberSharpe and GusC were you guys able to solve it?

CyberSharpe
Silver I
3 months ago
ray96 Apologies for the late reply. Ive been somewhat AFK recently.

remove anything that can run the command. the trim it, and run it without the IEX.

Forum Discussion

Powershell Deobsfuscation Ep.7

Featured Places

Help & Support Forum

Related Content

Powershell Deobsfuscation Ep.7

Powershell Deobsfuscation Ep.7

Snort Rules: Ep.7 – Lokibot Infection Traffic

Help with Introduction to Python Scripting: Ep.7 – Demonstrate Your Skills

PowerShell Deobfuscation: Ep.9

Recent Discussions

Microsoft Defender for Cloud: Inventory, Resource Health and Recommendations.

Snort Rules: Ep.9 – Exploit Kits

Snort Rules: Ep.7 – Lokibot Infection Traffic

Pen Test CTFs: Artica Shipping Company

Help with Foundational Static Analysis: 64-Bit Analysis