Threat Level: green Handler on Duty: Rob VandenBrink

SANS ISC: Video: De-DOSfuscation Example - SANS Internet Storm Center SANS ISC InfoSec Forums


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
Video: De-DOSfuscation Example

I created a video showing how to de-obfuscate a DOSfuscated PowerShell command obtained from a maldoc I analyzed in diary entry "De-DOSfuscation Example":

This is the obfuscated command:

In the video, I rely mainly on my tool numbers-to-string to do the de-obfuscation.

 

Didier Stevens
Senior handler
Microsoft MVP
blog.DidierStevens.com DidierStevensLabs.com

DidierStevens

372 Posts
ISC Handler

Sign Up for Free or Log In to start participating in the conversation!