Back to Blogs

Announcing VMware Carbon Black Cloud Script Deobfuscation API

Posted on July 17, 2023

---

Script-based attacks are commonly used to gain entry into systems and to move laterally to inflict damage. The latest Script Deobfuscation API allows users to deobfuscate obfuscated PowerShell scripts. Deobfuscation increases an analyst’s efficiency when analyzing malicious scripts.

Use Cases

• Automatically deobfuscating PowerShell is not something that is generally and automatically available in industry.
• Deobfuscation of PowerShell opens the doors to understanding attackers better and faster than manually deobfuscating
• This API allows customers to automatically extract previously difficult information from a PowerShell script, and also deobfuscating and returning a more human readable version.

Note: This was initially released under the internal name Reveal and updated shortly after to Script Deobfuscation API.

More Information

• Script Deobfuscation API
• Carbon Black Cloud User Guide
• Postman Collection

Have questions or feedback?

• Use the Developer Community Forum to discuss issues and get answers from other API developers in the Carbon Black Community
• Report bugs and change requests to Carbon Black Support

• Subscribe to the Developer Network Newsletter