base64_substring Logo

base64_substring

0
Free
Visit Website

The base64_substring tool helps malware analysts search through base64-encoded samples by enumerating all possible base64 encodings for a given search term and generating a yara rule that checks those possibilities. To run an example, generate a yara rule that matches a base64-encoded file containing the term 'Application' by using the provided script. Further reading: 'Searching for Content in Base-64 Strings' by Lee Holmes.

FEATURES

ALTERNATIVES

A static analysis tool for PE files that detects malicious behavior and provides information for manual analysis.

A tool that recovers passwords from pixelized screenshots

A write-up of the reverse engineering challenge from the 2019 BambooFox CTF competition

A javascript malware analysis tool with backend code execution.

YARA module for supporting DCSO format bloom filters with hashlookup capabilities.

Boomerang Decompiler is a machine code decompiler supporting various architectures and file formats, with a focus on high-level language output.

A PowerShell obfuscation detection framework designed to highlight the limitations of signature-based detection and provide a scalable means of detecting known and unknown obfuscation techniques.

A Python library to interface with a cuckoo-modified instance.