This content is open to everyone — sign in to save your progress, earn points, and unlock module exams.
Topic 5.3 of In-Depth Malware Analysis
Six PowerShell obfuscation techniques with decode procedures, AMSI interception and bypass, Script Block Logging for automatic cleartext capture, de-obfuscation tools, and a four-step workflow.
By the end of this topic, you will
Quadrant 1 · e-Tutorial
Quadrant 2 · e-Content
Quadrant 3 · Web Resources
Downloadable reference material
External links
PSDecode — PowerShell De-obfuscation Tool
Python-based tool for iterative PowerShell de-obfuscation. Handles Base64, string concatenation, and compression layers.
CyberChef — Manual Decode Chains
Build a recipe for From Base64 → Gunzip to decode compressed PowerShell payloads. Add steps iteratively.
MITRE ATT&CK — Command and Scripting Interpreter: PowerShell (T1059.001)
ATT&CK technique for PowerShell abuse with obfuscation examples, detection guidance, and real-world procedure references.
Quadrant 4 · Self-Assessment
In-Depth Malware Analysis
Covers packed malware, manual unpacking, obfuscated PowerShell, fileless malware, code injection, API hooking, memory forensics with Volatility, sandbox analysis, and network signatures.
REMA Complete Assessment
A comprehensive 120-question assessment covering the entire Reverse Engineering and Malware Analysis curriculum: malware taxonomy and reverse engineering fundamentals, static and dynamic analysis, reversing malicious code, malicious web and document files, in-depth analysis of packed and fileless malware, and self-defending malware techniques.