Revoke-Obfuscation is a PowerShell v3.0+ compatible PowerShell obfuscation detection framework. It was designed to highlight the limitations of a purely signature-based approach to detecting attackers' usage of PowerShell. It provides a new, scalable means of generically detecting both known and unknown obfuscation techniques. Authors: Daniel Bohannon (@danielhbohannon) Lee Holmes (@Lee_Homes) Research Blog Post: https://www.fireeye.com/blog/threat-research/2017/07/revoke-obfuscation-powershell.html White Paper: https://www.fireeye.com/content/dam/fireeye-www/blog/pdfs/revoke-obfuscation-report.pdf
FEATURES
EXPLORE BY TAGS
SIMILAR TOOLS
A tool that extracts and deobfuscates strings from malware binaries using advanced static analysis techniques.
A static analysis tool for PE files that detects malicious behavior and provides information for manual analysis.
Blazingly fast Yara queries for malware analysts with an analyst-friendly web GUI.
A collaborative malware analysis framework with various features for automated analysis tasks.
PinCTF is a tool for using Intel's Pin Tool to instrument reverse engineering binaries and count instructions.
Falcon Sandbox is a malware analysis framework that provides in-depth static and dynamic analysis of files, offering hybrid analysis, behavior indicators, and integrations with various security tools.
A tool designed to handle archive file data and augment Yara's capabilities.
PINNED

Checkmarx SCA
A software composition analysis tool that identifies vulnerabilities, malicious code, and license risks in open source dependencies throughout the software development lifecycle.

Orca Security
A cloud-native application protection platform that provides agentless security monitoring, vulnerability management, and compliance capabilities across multi-cloud environments.

DryRun
A GitHub application that performs automated security code reviews by analyzing contextual security aspects of code changes during pull requests.