m1zt3rIL
2 months agoBronze II
Powershell Deobsfuscation Ep.7
Hello can anybody help me or give some hints how to solve this lab? I can notice some URL encoding. I did try in Cyberchef below recipe but still stuck url decode > from hex > from charcode Next th...
- 2 months ago
Firstly great detail. The last one seems like we've missed something.
The easier thing to do with this lab is remove any way of detonating (removable of shell commands or IEX or Invoke expression and so on) and use powershell to return the data then pipe it to an 'Add-Content -Path command or > NewLayer1.ps1 and continue that way
Happy to jump on a discord chat Mr Hand Grenade#6321
Honestly I learnt so much from this 12 days of Deobfs but there is also another Powershell Deobs that actually shows you how to do it... I wish I had of done that first but learnt so much this way