I’m blown away by how many people enjoyed my first PowerShell reverse-engineering write-up! In fact, it was such a popular post that people were even sharing it with their work teams in order to learn new malware techniques being used by attackers! I’m thrilled that my post was useful, and I hope that it inspires others to give malware reversing a try.
After reading my write-up, a Twitter user named Chad got in touch with me and shared a couple other samples of PowerShell malware that his team had found. With those samples in hand, I went ahead and wrote a second PowerShell reverse-engineering guide for your enjoyment! (Thanks Chad!!)
This one wasn’t as obnoxious as the first, but it took advantage of some impressive techniques to execute a fileless binary payload. I hope you enjoy the write-up! As always, tell me what you think!