Command line obfuscation has been proved to be a non-negligible factor in fileless malware or malicious actors that are “living off the land”. To bypass signature-based detection, dedicated obfuscation techniques are shown to be used by red-team penetrations and even APT activities. Meanwhile, numerous obfuscators (namely tools perform syntax transformation) are open sourced, thus making obfuscating given commands increasingly effortless.Read More »Flerken – Obfuscated Command Detection Tool
FakeNet-NG is a next generation dynamic network analysis tool for malware analysts and penetration testers. It is open source and designed for the latest versions of Windows (and Linux, for certain modes of operation). FakeNet-NG is based on the excellent Fakenet tool developed by Andrew Honig and Michael Sikorski.
The FireEye Labs Obfuscated String Solver (FLOSS) uses advanced static analysis techniques to automatically deobfuscate strings from malware binaries. You can use it just like
strings.exe to enhance basic static analysis of unknown binaries.Read More »FLOSS – Automatically extract obfuscated strings from Malware
The objective of MISP is to foster the sharing of structured information within the security community and abroad.Read More »MISP – Malware Information Sharing Platform and Threat Sharing