Original Source & Inspiration: http://www.shellntel.com/blog/2015/9/16/powershell-cc-memory-scraper

* Non-resident credit card memory scraper, now improved the obfuscation technique using -EncodedCommand 
* One-liner PowerShell script/downloader essentially does its dirty work without any additional malware corpus on the host
* Great for penetration tests of various merchants or for PCI-DSS audit compliance

• ​​(1) Setup a server with the Memory Scraper download
• (2) Encode the PowerShell memory scraper using -EncodedCommand (Base64)
• (3) Allow execution of scripts on the host via powershell.exe Set-ExecutionPolicy Unrestricted
• (4) Execute the obfuscated script on the host​ that downloads the memory scraper and parses the memory process of notepad.exe for credit card Track1/2 data with Luhn algorithm

 -NoP -NonI -W Hidden -Enc 

Source: Python for Black Hat

I. tcp_client.py (base64-encoded exfiltrated data)
1. Create a socket object
2. Connect the client
3. Send some Base64-encoded data
4. Receive data response =
II. tcp_server.py 0.0.0.0:9999 (original and decoded)
1. Send something
2. Print out what the client sends
3. Send back a packet
4. Spin up our client thread to handle incoming data