[FEATURE] Executable on unobfuscating NAA
fatmeat opened this issue · 6 comments
Describe the solution you'd like
Hello Mayyhem, is it possible to release a separated executable on unobfuscating NAA policy?
I fail to complie the source code in my environment.
Hey @fatmeat! As of PR #28, deobfuscation of secret policies should happen automatically, but you can also use the DeobfuscateSecretString project within the SharpSCCM solution to deobfuscate the strings too. Does that answer your question? What errors does the compiler display when you try to build the solution?
I complied the DeobfuscateSecretString and feed it with HEX, but show "Error: The operation completed successfully."
May I know the exe need to run in same SCCM client?
@fatmeat , the exe for DeobfuscateSecretString does not need to be ran from a ConfigMgr client. Could you please paste redacted screenshots of the output of the commands you used to obtain the secret string you're trying to reverse and the output of DeobfuscateSecretString? If you'd like to send privately, please message me on the BloodHoundGang Slack. I'm @Mayyhem there too.