Forum Discussion

Bronze II

31 days ago

Powershell Deobsfuscation Ep.7

Hello can anybody help me or give some hints how to solve this lab? I can notice some URL encoding. I did try in Cyberchef below recipe but still stuck url decode > from hex > from charcode Next th...

defensive cyber

CyberSharpe
23 days ago
Firstly great detail. The last one seems like we've missed something.

The easier thing to do with this lab is remove any way of detonating (removable of shell commands or IEX or Invoke expression and so on) and use powershell to return the data then pipe it to an 'Add-Content -Path command or > NewLayer1.ps1 and continue that way

Happy to jump on a discord chat Mr Hand Grenade#6321

Honestly I learnt so much from this 12 days of Deobfs but there is also another Powershell Deobs that actually shows you how to do it... I wish I had of done that first but learnt so much this way

CyberSharpe

Bronze III

30 days ago

I found each time the lab is reset it’s a different deobsfuscation. Which isn’t helpful after you go away and research and come back and it’s completely different. I managed 7 but now need to work on 8. That’s a problem for a future CybrSharpe

Forum Discussion

Powershell Deobsfuscation Ep.7

Related Content

Powershell Deobsfuscation Ep.7

PowerShell Deobfuscation: Ep.9

FIN7 Threat Hunting with Splunk: Ep.3 – Execution Logs

Re: Zeek - Demonstrate Your Skills

Re: Malicious Document Analysis: Dropper Analysis

Recent Discussions

SuperSonic: Ep.6 – TEMPLE

Events & Breaches: Magecart Skimmer

Zeek - Demonstrate Your Skills

CVE-2022-29799/CVE-2022-29800 (Nimbuspwn) – Defensive

Foundational Static Analysis: Analyzing Structures