Revoke-Obfuscation is a PowerShell v3.0+ compatible PowerShell obfuscation detection framework. It was designed to highlight the limitations of a purely signature-based approach to detecting attackers' usage of PowerShell. It provides a new, scalable means of generically detecting both known and unknown obfuscation techniques. Authors: Daniel Bohannon (@danielhbohannon) Lee Holmes (@Lee_Homes) Research Blog Post: https://www.fireeye.com/blog/threat-research/2017/07/revoke-obfuscation-powershell.html White Paper: https://www.fireeye.com/content/dam/fireeye-www/blog/pdfs/revoke-obfuscation-report.pdf
FEATURES
EXPLORE BY TAGS
SIMILAR TOOLS
Falcon Sandbox is a malware analysis framework that provides in-depth static and dynamic analysis of files, offering hybrid analysis, behavior indicators, and integrations with various security tools.
Code to prevent a managed .NET debugger/profiler from working.
An open source machine code decompiler that converts binary executables into readable C source code across multiple architectures and file formats.
An open-source dynamic analysis framework that intercepts and monitors API calls in Android applications using the Android Substrate framework.
A binary analysis and management framework for organizing and analyzing malware and exploit samples, and creating plugins.
A static analysis tool for PE files that identifies potential malicious indicators through compiler detection, packing analysis, signature matching, and suspicious string identification.
A sandbox for quickly sandboxing known or unknown families of Android Malware
An open source .NET deobfuscator and unpacker that restores packed and obfuscated assemblies by reversing various obfuscation techniques.