Revoke-Obfuscation v1.0 Logo

Revoke-Obfuscation v1.0

0
Free
Visit Website

Revoke-Obfuscation is a PowerShell v3.0+ compatible PowerShell obfuscation detection framework. It was designed to highlight the limitations of a purely signature-based approach to detecting attackers' usage of PowerShell. It provides a new, scalable means of generically detecting both known and unknown obfuscation techniques. Authors: Daniel Bohannon (@danielhbohannon) Lee Holmes (@Lee_Homes) Research Blog Post: https://www.fireeye.com/blog/threat-research/2017/07/revoke-obfuscation-powershell.html White Paper: https://www.fireeye.com/content/dam/fireeye-www/blog/pdfs/revoke-obfuscation-report.pdf

FEATURES

ALTERNATIVES

KLara is a distributed system written in Python that helps Threat Intelligence researchers hunt for new malware using Yara.

OCaml wrapper for YARA matching engine for malware identification

Yara mode for GNU Emacs to edit Yara related files

Binary Ninja is an interactive decompiler, disassembler, debugger, and binary analysis platform with a focus on automation and a clean GUI.

Repository of scripts, signatures, and IOCs related to various malware analysis topics.

Compact C framework for analyzing suspected malware documents and detecting exploits and embedded executables.

A tool that reveals invisible links within JavaScript files

A Linux process injection tool that injects shellcode into a running process