Revoke-Obfuscation v1.0
Revoke-Obfuscation is a PowerShell v3.0+ compatible PowerShell obfuscation detection framework. It was designed to highlight the limitations of a purely signature-based approach to detecting attackers' usage of PowerShell. It provides a new, scalable means of generically detecting both known and unknown obfuscation techniques. Authors: Daniel Bohannon (@danielhbohannon) Lee Holmes (@Lee_Homes) Research Blog Post: https://www.fireeye.com/blog/threat-research/2017/07/revoke-obfuscation-powershell.html White Paper: https://www.fireeye.com/content/dam/fireeye-www/blog/pdfs/revoke-obfuscation-report.pdf
FEATURES
EXPLORE BY TAGS
SIMILAR TOOLS
Discontinued project for file-less persistence, attacks, and anti-forensic capabilities on Windows 7 32-bit systems.
angr is a Python 3 library for binary analysis with various capabilities like symbolic execution and decompilation.
Binwalk is a tool for analyzing, reverse engineering, and extracting firmware images with security and Python 2.7 deprecation notices.
A collection of resources for beginners to learn assembly language.
Repository of YARA rules for Trellix ATR blogposts and investigations
YARA module for supporting DCSO format bloom filters with hashlookup capabilities.
PINNED
Mandos
Fractional CISO service that helps B2B companies implement security leadership to win enterprise deals, achieve compliance, and develop strategic security programs.
Checkmarx SCA
A software composition analysis tool that identifies vulnerabilities, malicious code, and license risks in open source dependencies throughout the software development lifecycle.
Orca Security
A cloud-native application protection platform that provides agentless security monitoring, vulnerability management, and compliance capabilities across multi-cloud environments.
DryRun
A GitHub application that performs automated security code reviews by analyzing contextual security aspects of code changes during pull requests.