Forum Discussion

m1zt3rIL's avatar
m1zt3rIL
Icon for Bronze II rankBronze II
3 months ago

Powershell Deobsfuscation Ep.7

Hello can anybody help me or give some hints how to solve this lab? I can notice some URL encoding. I did try in Cyberchef below recipe but still stuck url decode > from hex > from charcode Next th...
  • CyberSharpe's avatar
    2 months ago

    Firstly great detail. The last one seems like we've missed something.

    The easier thing to do with this lab is remove any way of detonating (removable of shell commands or IEX or Invoke expression and so on) and use powershell to return the data then pipe it to an 'Add-Content -Path command or > NewLayer1.ps1 and continue that way

    Happy to jump on a discord chat Mr Hand Grenade#6321 

    Honestly I learnt so much from this 12 days of Deobfs but there is also another Powershell Deobs that actually shows you how to do it... I wish I had of done that first but learnt so much this way