Powershell and DnSpy tricks in .NET reversing - AgentTesla [Part1]

Excellent piece of work !!! 👏

Great Work!!! Very Detailed and Learned a Alot!!!
Please keep posting such video and knowledge sharing.

Really helpful tricks 👍🏽

The best

HI, Can you help to reverse .net dll

when i put dll in dnspy it loads as PE

password for extraction files

Hi! Thanks for this awesome work. When I reproduce this project by myself, I meet a problem that I don't know how to resolve it. The question is the skill u introduce in this video that is something about how to invoke method defined as "private" via specifying "System.Reflection.BindingFlags". So I want to use this way to decode the stage1 base on the no patched file, But When I use "New-Object" to create a new target object, an error about the number of parameters is incorrect has occurred! So I check the "VandelaySplashScreen" parameter's number, I found that it is indeed 0 parameters in dnspy. So I don't know how to resolve it, can u help me!!!
The script is as follows:
$assembly = [System.Reflection.Assembly]::LoadFile("C:\Users\g0mx\Desktop\original_sample.bin")
$MapX = $assembly.GetType("VandelayHealthBenefits.VDObjects").GetField('MapX').GetValue($null)
$VandelaySplashScreen = $assembly.GetType("VandelayHealthBenefits.VandelaySplashScreen")
$my_VandelaySplashScreen = New-Object $VandelaySplashScreen
$deobfuscatedString_base64 = ($VandelaySplashScreen.GetMethod("GameLoop0",[System.Reflection.BindingFlags]::NonPublic -bor [System.Reflection.BindingFlags]::Instance)).invoke($my_VandelaySplashScreen,$MapX)
$bytes = ($VandelaySplashScreen.GetMethod("A9283",[System.Reflection.BindingFlags]::NonPublic -bor [System.Reflection.BindingFlags]::Instance)).invoke($my_VandelaySplashScreen,$deobfuscatedString_base64)
$bytes[0..250] | Format-Hex
I know this project has been over a long time, and I would appreciate it if you had time to help me resolve this problem!