Threat Level: green Handler on Duty: Xavier Mertens

SANS ISC: Video: De-DOSfuscation Example - SANS Internet Storm Center SANS ISC InfoSec Forums

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
Video: De-DOSfuscation Example

I created a video showing how to de-obfuscate a DOSfuscated PowerShell command obtained from a maldoc I analyzed in diary entry "De-DOSfuscation Example":

This is the obfuscated command:

In the video, I rely mainly on my tool numbers-to-string to do the de-obfuscation.


Didier Stevens
Senior handler
Microsoft MVP


386 Posts
ISC Handler

Sign Up for Free or Log In to start participating in the conversation!