Forum Discussion
Bronze IIPowershell Deobsfuscation Ep.7
Firstly great detail. The last one seems like we've missed something.
The easier thing to do with this lab is remove any way of detonating (removable of shell commands or IEX or Invoke expression and so on) and use powershell to return the data then pipe it to an 'Add-Content -Path command or > NewLayer1.ps1 and continue that way
Happy to jump on a discord chat Mr Hand Grenade#6321
Honestly I learnt so much from this 12 days of Deobfs but there is also another Powershell Deobs that actually shows you how to do it... I wish I had of done that first but learnt so much this way
Silver IFirstly great detail. The last one seems like we've missed something.
The easier thing to do with this lab is remove any way of detonating (removable of shell commands or IEX or Invoke expression and so on) and use powershell to return the data then pipe it to an 'Add-Content -Path command or > NewLayer1.ps1 and continue that way
Happy to jump on a discord chat Mr Hand Grenade#6321
Honestly I learnt so much from this 12 days of Deobfs but there is also another Powershell Deobs that actually shows you how to do it... I wish I had of done that first but learnt so much this way
luketapBronze I
Hey CyberSharpe , I greatly appreciate your help! I've been stuck on this lab for weeks now.
I tried the method you outlined above and with GhatGPT's help with no luck. Would you mind attaching a screenshot of an example to guide me in the right direction?- CyberSharpe
luketapeach lab has a different learning objective or at least it felt that way. Which one are you doing and what is the main issue. I can then jump on that lab and attempt to assist. Removing the executing factors and running it as a new .ps1 can really help.
But there are also some really good deobs labs that can prelude this.- luketap
CyberSharpe Thank you for your quick reply!
Please disregard, I just solved it. I went back and cleaned up some syntax issues. Thank you for your help!
