Revoke-Obfuscation v1.0 Logo

Revoke-Obfuscation v1.0

0
Free
Visit Website

Revoke-Obfuscation is a PowerShell v3.0+ compatible PowerShell obfuscation detection framework. It was designed to highlight the limitations of a purely signature-based approach to detecting attackers' usage of PowerShell. It provides a new, scalable means of generically detecting both known and unknown obfuscation techniques. Authors: Daniel Bohannon (@danielhbohannon) Lee Holmes (@Lee_Homes) Research Blog Post: https://www.fireeye.com/blog/threat-research/2017/07/revoke-obfuscation-powershell.html White Paper: https://www.fireeye.com/content/dam/fireeye-www/blog/pdfs/revoke-obfuscation-report.pdf

FEATURES

ALTERNATIVES

A tool for malware analysts to search through base64-encoded samples and generate yara rules.

A yara module for searching strings inside zip files

RABCDAsm is a collection of utilities for ActionScript 3 assembly/disassembly and SWF file manipulation.

A library and command line interface for extracting URLs, IP addresses, MD5/SHA hashes, email addresses, and YARA rules from text corpora.

Debugger and .NET assembly editor with advanced debugging features.

A Unix-based tool that scans for rootkits and other malware on a system, providing a detailed report of the scan results.

A multithreaded YARA scanner for incident response or malware zoos.

RetDec is a versatile machine-code decompiler with support for various file formats and architectures.