GitHub Repo
Repo containing YARA, SIGMA and OpenIOC Rules
Downloads
-
Powershell String Format De-obfuscation Lucas Acha
This decoder writte in python will work for malware variants that use obfuscation such as described here:
Example: string something = String.Format("{4}{2}{3}{1}{0}", "ion", "at", "fu", "sc", "ob");
To use, simply replace the content in flagindex and flaglist
Download -
DOSfuscation Decoder 1 Lucas Acha
This decoder written in python works to decode cmd/bat file variables which use a custom "alphabet" as shown in this public sample:
DownloadExample:set gevemcijbn=0.iR'x.GLbN872we)1sb"0/Nti gevemcijbn:~2,1%%gevemcijbn:~38,1%%gevemcijbn:~5,1%%
-
DOSfuscation Decoder 2 Lucas Acha
This decoder written in python works to decode cmd/bat file variables which use a custom "alphabet" as shown in this public sample:
DownloadExample:set XMY=aKCCwqhCJrGjTzC7WfZ/N &&for %9 in (73;17;66;49;47;58;4;11;
-
Multibyte XOR Decoder Lucas Acha
This decoder was written for a CTF where there was a known text key for a multibyte xor encoded image file.
Download#For multibye text based key #xorkey.py -k
-f inputfile -o outputfile