Analysing meterpreter payload with Ghidra, (Fri, Mar 8th)

Yesterday I found a powershell script using urlscan.io which can be found. I didn’t (and still don’t) have any idea about the origins, being benign or malicious. Spoiler, it is (just) a meterpreter reverse-https payload being delivered using Metasploit’s Web Delivery. 

Article Link: https://isc.sans.edu/diary/rss/24722