Revoke-Obfuscation v1.0 Logo

Revoke-Obfuscation v1.0

0
Free
Visit Website

Revoke-Obfuscation is a PowerShell v3.0+ compatible PowerShell obfuscation detection framework. It was designed to highlight the limitations of a purely signature-based approach to detecting attackers' usage of PowerShell. It provides a new, scalable means of generically detecting both known and unknown obfuscation techniques. Authors: Daniel Bohannon (@danielhbohannon) Lee Holmes (@Lee_Homes) Research Blog Post: https://www.fireeye.com/blog/threat-research/2017/07/revoke-obfuscation-powershell.html White Paper: https://www.fireeye.com/content/dam/fireeye-www/blog/pdfs/revoke-obfuscation-report.pdf

FEATURES

ALTERNATIVES

Tools for working with Android .dex and Java .class files, including dex-reader/writer, d2j-dex2jar, and smali/baksmali.

An online hash checker utility that retrieves information from various online sources, including Virustotal, HybridAnalysis, and more.

One stop shop for decompiling Android apps with a focus on regenerating R references.

Microservice for scanning files with Yara

Guide on emulating Raspberry Pi with QEMU and exploring Arm TrustZone research.

A program to extract IOCs from text files using regular expressions

angr is a Python 3 library for binary analysis with various capabilities like symbolic execution and decompilation.

A Python script that converts shellcode into a PE32 or PE32+ file.

PINNED