I created a video showing how to de-obfuscate a DOSfuscated PowerShell command obtained from a maldoc I analyzed in diary entry "De-DOSfuscation Example": This is the obfuscated command: In the video, I rely mainly on my tool numbers-to-string to do the de-obfuscation.
Didier Stevens |
DidierStevens 533 Posts ISC Handler Dec 29th 2018 |
Thread locked Subscribe |
Dec 29th 2018 2 years ago |
Sign Up for Free or Log In to start participating in the conversation!