Forum Discussion

Bronze II

9 months ago

Solved

Powershell Deobsfuscation Ep.7

Hello can anybody help me or give some hints how to solve this lab? I can notice some URL encoding. I did try in Cyberchef below recipe but still stuck url decode > from hex > from charcode Next th...

defensive cyber

CyberSharpe
9 months ago
Firstly great detail. The last one seems like we've missed something.

The easier thing to do with this lab is remove any way of detonating (removable of shell commands or IEX or Invoke expression and so on) and use powershell to return the data then pipe it to an 'Add-Content -Path command or > NewLayer1.ps1 and continue that way

Happy to jump on a discord chat Mr Hand Grenade#6321

Honestly I learnt so much from this 12 days of Deobfs but there is also another Powershell Deobs that actually shows you how to do it... I wish I had of done that first but learnt so much this way

CyberSharpe

Silver I

9 months ago

I found each time the lab is reset it’s a different deobsfuscation. Which isn’t helpful after you go away and research and come back and it’s completely different. I managed 7 but now need to work on 8. That’s a problem for a future CybrSharpe

Forum Discussion

Powershell Deobsfuscation Ep.7

Featured Places

Help & Support Forum

Related Content

Powershell Deobsfuscation Ep.7

Powershell Deobsfuscation Ep.7

Help with Introduction to Python Scripting: Ep.7 – Demonstrate Your Skills

PowerShell Deobfuscation: Ep.9

Assistance: PowerShell Deobfuscation: Ep.4 - Logical and Structural Obfuscation - Question 7

Recent Discussions

Hack Your First Web App: Ep.4 Missing Cookie

It seems correct answer is not accepted.

Help with Introduction to Python Scripting: Ep.7 – Demonstrate Your Skills

Privilege Escalation: Windows – Finding Passwords

Microsoft Defender for Cloud: Inventory, Resource Health and Recommendations.