{"id":19242020,"url":"https://github.com/alphaseclab/obfuscation-stuff","last_synced_at":"2026-01-27T11:02:10.421Z","repository":{"id":45588427,"uuid":"267036679","full_name":"alphaSeclab/obfuscation-stuff","owner":"alphaSeclab","description":"Source Code Obfuscation And Binary Obfuscation, Multiple Languages And Multiple Platforms. Including 250+ Tools and 600+ Posts","archived":false,"fork":false,"pushed_at":"2021-04-06T03:02:59.000Z","size":148,"stargazers_count":371,"open_issues_count":3,"forks_count":77,"subscribers_count":16,"default_branch":"master","last_synced_at":"2025-07-11T15:29:19.162Z","etag":null,"topics":["binary-obfuscation","de-obfuscate","de-obfuscation","obfuscate","obfuscation","source-code-obfuscation"],"latest_commit_sha":null,"homepage":null,"language":null,"has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/alphaSeclab.png","metadata":{"files":{"readme":"Readme.md","changelog":"history/Obfuscate_20200526202549.json","contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null}},"created_at":"2020-05-26T12:28:10.000Z","updated_at":"2025-07-04T12:14:51.000Z","dependencies_parsed_at":"2022-09-06T17:10:09.914Z","dependency_job_id":null,"html_url":"https://github.com/alphaSeclab/obfuscation-stuff","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"purl":"pkg:github/alphaSeclab/obfuscation-stuff","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/alphaSeclab%2Fobfuscation-stuff","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/alphaSeclab%2Fobfuscation-stuff/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/alphaSeclab%2Fobfuscation-stuff/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/alphaSeclab%2Fobfuscation-stuff/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/alphaSeclab","download_url":"https://codeload.github.com/alphaSeclab/obfuscation-stuff/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/alphaSeclab%2Fobfuscation-stuff/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":28812367,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-01-27T07:41:26.337Z","status":"ssl_error","status_checked_at":"2026-01-27T07:41:08.776Z","response_time":168,"last_error":"SSL_connect returned=1 errno=0 peeraddr=140.82.121.6:443 state=error: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["binary-obfuscation","de-obfuscate","de-obfuscation","obfuscate","obfuscation","source-code-obfuscation"],"created_at":"2024-11-09T17:13:10.917Z","updated_at":"2026-01-27T11:02:10.400Z","avatar_url":"https://github.com/alphaSeclab.png","language":null,"funding_links":[],"categories":[],"sub_categories":[],"readme":"# [所有收集类项目](https://github.com/alphaSeclab/all-my-collection-repos)\n\n\n\n\n# Obfuscate\n\n\n- 源码混淆和二进制混淆，包括多种语言和多个平台。250+工具和600+文章\n- [English Version](https://github.com/alphaSeclab/obfuscation-stuff/blob/master/Readme_en.md)\n\n\n# 目录\n- [C/C++](#a2c94541e733dc4166fe521723fd7c6c)\n    - [advobfuscator](#fd70575410bcb9be603da4ba98a90d25) -\u003e  [(1)工具](#f1f170331704c576aae1e098f0536207) [(1)文章](#be4c569839c5a792ee8064cf719559f3)\n    - [(5) 工具](#1b245f51ff55d7555771f6f7fc898d9b)\n- [dotNet](#84c03c34128be291e0eb12ad0077d463)\n    - [de4dot](#c71a6f960ce8f44b0c57a702d37bc62e) -\u003e  [(2)工具](#bba0578aff98faeaa63a64270eeefd70) [(2)文章](#b8e2b8b6b8de8b1efeaa73615af96da9)\n    - [obfuscar](#ea08f203ed7f87206ebad95ca3839c9a) -\u003e  [(1)工具](#edf4e9a6332261c63567b43fb268170b)\n    - [confuserex](#cc94a1b81d3a80ae7b14dc89bc0099a1) -\u003e  [(3)工具](#99d1eb9438dc7041f9f3c8c295e8697c) [(6)文章](#872cfe60ef217b4f256f1a8cae75b76c)\n    - [(7) 工具](#ddbbfd6185056c550c66b7ebb96ff1e3)\n    - [(10) 文章](#61b574ca3dfbaad3735d0439ee178369)\n- [PowerShell](#30080561801b17f95ec33f3e9c55d207)\n    - [invoke-obfuscation](#cdbcb10be06d54ebf90abd82ff0c09a2) -\u003e  [(1)工具](#2da46403d168dd32c2e334a944ceab58) [(7)文章](#0d49b3282f2af5712568ec4c3eb5267b)\n    - [(9) 工具](#c3c5478b6d8cedce40ff35a282323b28)\n    - [(33) 文章](#8ff1250f3de2e32e3091204bccb98cb9)\n- [JavaScript](#577bc949bc0fe3b90ecb3a9c0b1c1ed5)\n    - [javascript-obfuscator](#ae1e799313605fde936a5df7fc840791) -\u003e  [(7)工具](#aaf0bc80064e2b45b47ea105845170eb)\n    - [baffle](#1c0dcabc5b79a2d8f4899a8e9ca2f36b) -\u003e  [(1)工具](#d15b1412b27cdc2c1e8500ea4f1c4349)\n    - [jstillery](#cd762c212e2232c1fd546ee849389e4c) -\u003e  [(1)工具](#349caa785e37967df92949298672c895)\n    - [(16) 工具](#2d5d6380eecf903466ebcaf5c05f19b8)\n    - [(64) 文章](#7b882dac0338cd3b78b1d2863dd61f4b)\n- [LLVM](#d4d25fcc4b3c99e23d0057b7b16b9c31)\n    - [obfuscator](#85d98a2a3d190ff4a881fb9fee756981) -\u003e  [(7)工具](#d7e2adf8a51047f3d3cfa9ba79917cd5)\n    - [armariris](#245340b4b00837dba6574ffb7b30fbbd) -\u003e  [(1)工具](#b2c0d5760dc0d1049ea3c9f19b8e421c) [(1)文章](#76c686c5eff38ffc4ac7cdc7de5a3e53)\n    - [tigress](#6b9473302b708b7d1d113da799f07caa) -\u003e  [(1)工具](#7bef6a80765d31fd23f41c83b88fdfbe)\n    - [(10) 工具](#9769f77c9be1d1a84c70892ed86a1b69)\n    - [(18) 文章](#f6d3af2c0d95023e3bb1136dc15f1760)\n- [Shellcode](#0328c02993be94615d01d76523e36181) -\u003e  [(6)工具](#b5e505df69ad535815bc8de542a3de1d) [(7)文章](#51bac3d27fdaecd233193017ce3d4d63)\n- [Bash](#c8158811d160a448a6e6a6882f0264de)\n    - [bashfuscator](#f389d3f7f415b93580a50575af01fc6e) -\u003e  [(1)工具](#206537811e24bd1f3cd8b6500a27fb6b) [(1)文章](#7ee0b9cda87c045044c9dfa652d0ffb6)\n    - [(2) 工具](#3e62e2c37b74248c36b27d9c4aec23b7)\n    - [(3) 文章](#cb790718e94e549a264a6fa6b5c4bfa6)\n- [PHP](#f9bf00d928effb18d2a237b5b2e3d5be)\n    - [php-obfuscator](#c53e3f5adb0a0312666a2b0a75afc0a7) -\u003e  [(1)工具](#7b9b1b71da2ba028093266e3a5e13f1d)\n    - [yakpro-po](#bd9e590d98dbbad1ba3e1578fb60ac17) -\u003e  [(1)工具](#74c2beb1b94aa72829a9eef190c0448b)\n    - [optimus](#531f45736bfe4f930def4c40029af8d8) -\u003e  [(2)工具](#5fa6b1a17d15dacdd357631f392762de)\n    - [(11) 工具](#3b5533d8ba7e27c1cae2993919aca8a2)\n    - [(9) 文章](#b340e8a1c2de74fb198271d3a14e962f)\n- [Go](#3ef488c941a5684f3336975b7df1d9b7)\n    - [gobfuscate](#3ba2cf7fe57eaa3a81129e99e70fd77b) -\u003e  [(1)工具](#09d794248c8032a5baf2e26147bf78cf)\n    - [(1) 工具](#33c1998f141ab7b059ee273fec12f0f7)\n- [Office](#2c434d33f0dc3e0b8291a1173d4c863a)\n    - [macro_pack](#a675e8b1cf8bafb2abf40ffe1cda6130) -\u003e  [(1)工具](#6695a309cb7dd5c8819776479c0a729f) [(4)文章](#e132b5a30c0eaf8dad0103b5e17dbb54)\n    - [maliciousmacrogenerator](#393c2d829a1a1edfb7c804373b8b27d6) -\u003e  [(1)工具](#f9882cc1b17c8003597d7ea53306f505)\n    - [(2) 工具](#57f22eded50566be7e5f37c260f42c58)\n    - [(16) 文章](#e03c9dba02b3d4e48678bc865877f3c1)\n- [Python](#c8be8cbc9e92418ec4eb91a15608969f)\n    - [pyminifier](#96c7873e76e7825abcea18eeafdc2afa) -\u003e  [(1)工具](#6037ed842fe61659d01d8d32a1a9170b)\n    - [pyarmor](#bab1b5a63fc4e3e2379fad4f45653ef4) -\u003e  [(1)工具](#153179ac6f717a249d21dbba08571bba)\n    - [neopi](#710ad15004534cfe5f939655e055b3df) -\u003e  [(1)工具](#fe2b5593a8909ffd901de8cb9861a149) [(2)文章](#4a4963766e96524479d6da2fafc75602)\n    - [intensio-obfuscator](#00354d933f4c483d011b1a891e4765c6) -\u003e  [(1)工具](#4db25e79c2c40899d30dbf80d1731c40) [(1)文章](#22a022e9e7d4d4e2f1cee842b1ae8586)\n    - [(15) 工具](#b2d59d57c43592a88b115dfb8cc41eb4)\n    - [(10) 文章](#eab89cedf1706e7fa90dc6530899c968)\n- [Android](#4169178cfbac7e4e03c182600d58d40e)\n    - [simplify](#263fb2577d8c578768f677ca34d517bd) -\u003e  [(1)工具](#98a46d73a2511e58cf348049e1c33e5f)\n    - [(14) 工具](#5c67e3ac71ff94cd820ed382f96d359f)\n    - [(36) 文章](#b8bd64107751a6e271414bd1db39dad1)\n- [Apple](#beb0e19614fb8044452ae90b74138f2d)\n    - [stcobfuscator](#c9bdd398b84c5ddfede6e2b1a78492aa) -\u003e  [(1)工具](#61ba58d5e151bbeabb078767f437dff5)\n    - [(13) 工具](#5c8857ae3e654bd79d8257595e05e229)\n    - [(11) 文章](#e9ed9f70cf4150a9f8eb4c2983ea4f6d)\n- [Java](#8a996fdcd6ee02c19fd55b09fcd7f9c0)\n    - [nullproguard](#96942f90fddd05d4c70ce45a3b3cafb7) -\u003e  [(1)工具](#23fb4af31b14c09156b20c85f7d05953)\n    - [(12) 工具](#77ab5d96e4ca64cb5913c61540baa0a6)\n    - [(11) 文章](#85a8cd8871da13161f05993c1029e867)\n- [CMD](#193bfef38cb82179a6115c52799286fa)\n    - [invoke-dosfuscation](#63a2b1b7b26fa06579654d2e39cc2f33) -\u003e  [(1)工具](#9d707b82be5392b16016bfee435f8bf6) [(2)文章](#0b5910871dcca88d837fed60e2de27b1)\n    - [(1) 文章](#0738123add9a88b1b717696ad5e3dee5)\n- [其他](#978ec8680ae0965ce50c6948e6c740fa)\n    - [flare-floss](#3df7c00560baca22e97aa3842646f208) -\u003e  [(1)工具](#da84308c817371ee9a7168afd8c08879) [(1)文章](#524722c4a4090595c6aeb0e245793c2b)\n    - [demovfuscator](#816c07719bc43d5fbdb096c357fa52cd) -\u003e  [(1)工具](#be0c014ea3736628b4f9278b5291ac41)\n    - [hexraysdeob](#c9354b20e62e3781b0e194d7ac7b2b1a) -\u003e  [(2)工具](#25deb9c341c4f5d5b2c165f85bdc7cb8)\n    - [callobfuscator](#a5243005269510c9270b86faaaa708f0) -\u003e  [(1)工具](#1aac846077f425c1c6d557d9b0e9e3b0)\n- [恶意代码](#ac6cc2eb18f961bdbfb16151e1f9f686) -\u003e  [(83)文章](#1006f3d956b3a62601532cccb9ef1f8d)\n- [新添加-混淆](#48905dbcdd16a4b3ca77dc0193723720) -\u003e  [(78)工具](#40f09a7bfb3cb928c2f912aa6634c775) [(262)文章](#d90fb43c51f97711585f6906a045de96)\n- [新添加-反混淆](#b3551c683c83f36d15d84d207f2b1c9b) -\u003e  [(33)工具](#ac795f859fb0f410e2fbda2ef60f407f) [(43)文章](#6b28f0c3d5bfab275e21b6e943063a17)\n\n\n# \u003ca id=\"a2c94541e733dc4166fe521723fd7c6c\"\u003e\u003c/a\u003eC/C++\n\n\n***\n\n\n## \u003ca id=\"fd70575410bcb9be603da4ba98a90d25\"\u003e\u003c/a\u003eadvobfuscator\n\n\n### \u003ca id=\"f1f170331704c576aae1e098f0536207\"\u003e\u003c/a\u003e工具\n\n\n- [**551**星][13d] [C++] [andrivet/advobfuscator](https://github.com/andrivet/advobfuscator) Obfuscation library based on C++11/14 and metaprogramming\n\n\n### \u003ca id=\"be4c569839c5a792ee8064cf719559f3\"\u003e\u003c/a\u003e文章\n\n\n- 2019.10 [vkremez] [Let's Learn: Dissecting Lazarus Windows x86 Loader Involved in Crypto Trading App Distribution: \"snowman\" \u0026 ADVObfuscator](https://www.vkremez.com/2019/10/lets-learn-dissecting-lazarus-windows.html)\n\n\n\n\n***\n\n\n## \u003ca id=\"1b245f51ff55d7555771f6f7fc898d9b\"\u003e\u003c/a\u003e工具\n\n\n- [**303**星][4y] [C++] [kgretzky/obfusion](https://github.com/kgretzky/obfusion) bfusion - C++ X86 Code Obfuscation Library\n- [**182**星][12d] [C++] [fritzone/obfy](https://github.com/fritzone/obfy) A tiny C++ obfuscation framework\n- [**130**星][2y] [C++] [urshadow/stringobfuscator](https://github.com/urshadow/stringobfuscator) Compile-time string obfuscation (C++14)\n- [**126**星][6m] [C++] [adamyaxley/obfuscate](https://github.com/adamyaxley/obfuscate) Guaranteed compile-time string literal obfuscation header-only library for C++14\n- [**39**星][3y] [Assembly] [macmade/obfuscate](https://github.com/macmade/obfuscate) C/C++ machine code obfuscation.\n\n\n# \u003ca id=\"84c03c34128be291e0eb12ad0077d463\"\u003e\u003c/a\u003edotNet\n\n\n***\n\n\n## \u003ca id=\"c71a6f960ce8f44b0c57a702d37bc62e\"\u003e\u003c/a\u003ede4dot\n\n\n### \u003ca id=\"bba0578aff98faeaa63a64270eeefd70\"\u003e\u003c/a\u003e工具\n\n\n- [**4114**星][12d] [C#] [0xd4d/de4dot](https://github.com/0xd4d/de4dot) .NET 反混淆和脱壳\n- [**256**星][18d] [C#] [brianhama/de4dot](https://github.com/brianhama/de4dot) .NET deobfuscator and unpacker.\n\n\n### \u003ca id=\"b8e2b8b6b8de8b1efeaa73615af96da9\"\u003e\u003c/a\u003e文章\n\n\n- 2018.01 [MalwareAnalysisForHedgehogs] [Malware Analysis - When De4dot fails, Removing Anti Tamper from NullShield](https://www.youtube.com/watch?v=1RNcZpBLZHs)\n- 2018.01 [MalwareAnalysisForHedgehogs] [Malware Analysis - Deobfuscating .NET Assemblies with De4Dot](https://www.youtube.com/watch?v=0DV1bhnnOyM)\n\n\n\n\n***\n\n\n## \u003ca id=\"ea08f203ed7f87206ebad95ca3839c9a\"\u003e\u003c/a\u003eobfuscar\n\n\n### \u003ca id=\"edf4e9a6332261c63567b43fb268170b\"\u003e\u003c/a\u003e工具\n\n\n- [**811**星][12d] [C#] [obfuscar/obfuscar](https://github.com/obfuscar/obfuscar) Open source obfuscation tool for .NET assemblies\n\n\n\n\n***\n\n\n## \u003ca id=\"cc94a1b81d3a80ae7b14dc89bc0099a1\"\u003e\u003c/a\u003econfuserex\n\n\n### \u003ca id=\"99d1eb9438dc7041f9f3c8c295e8697c\"\u003e\u003c/a\u003e工具\n\n\n- [**312**星][13d] [C#] [xenocoderce/neo-confuserex](https://github.com/xenocoderce/neo-confuserex) Updated ConfuserEX, an open-source, free obfuscator for .NET applications\n- [**207**星][4m] [C#] [bedthegod/confuserex-mod-by-bed](https://github.com/bedthegod/confuserex-mod-by-bed) Beds Protector | Best free obfuscation out right now\n- [**196**星][4y] [C#] [codeshark-dev/nofuserex](https://github.com/codeshark-dev/nofuserex) Free deobfuscator for ConfuserEx.\n\n\n### \u003ca id=\"872cfe60ef217b4f256f1a8cae75b76c\"\u003e\u003c/a\u003e文章\n\n\n- 2019.08 [markmotig] [I am loving ConfuserEx/Neo-ConfuserEx for C# obfuscation](https://medium.com/p/eb7d7eb0e4d1)\n- 2019.08 [markmotig] [Neo-ConfuserEX the successor of ConfuserEX for obfuscation](https://medium.com/p/b8a208aff923)\n- 2019.08 [markmotig] [Quick Introduction to ConfuserEX](https://medium.com/p/ce373553138f)\n- 2017.12 [360] [Recam终极版：如何一步步脱掉ConfuserEx保护壳（下）](https://www.anquanke.com/post/id/90174/)\n- 2017.12 [360] [Recam终极版：如何一步步脱掉ConfuserEx保护壳（上）](https://www.anquanke.com/post/id/89730/)\n- 2017.12 [talosintelligence] [脱自定义 ConfuserEx 壳, 分析其 Payload](http://blog.talosintelligence.com/2017/12/recam-redux-deconfusing-confuserex.html)\n\n\n\n\n***\n\n\n## \u003ca id=\"ddbbfd6185056c550c66b7ebb96ff1e3\"\u003e\u003c/a\u003e工具\n\n\n- [**131**星][2y] [C#] [xenocoderce/noisette-obfuscator](https://github.com/xenocoderce/noisette-obfuscator) An Obfuscator for .NET assembly\n- [**73**星][16d] [C#] [holly-hacker/dnspy.extension.holly](https://github.com/holly-hacker/dnspy.extension.holly) A dnSpy extension to aid reversing of obfuscated assemblies\n- [**47**星][5m] [rustemsoft/skater-.net-obfuscator](https://github.com/rustemsoft/skater-.net-obfuscator) 一个用于.net代码保护的混淆工具\n- [**37**星][2y] [C#] [codeofdark/panda-obfuscator](https://github.com/codeofdark/panda-obfuscator) PandaObfuscator an simple Obfuscator, free, OpenSource for .Net Applications\n- [**24**星][4y] [C#] [tum-i22/vot4cs](https://github.com/tum-i22/vot4cs) C#虚拟化混淆工具\n- [**19**星][4m] [C#] [dentrax/z00bfuscator](https://github.com/dentrax/z00bfuscator) Z00bfuscator is the simple, open-source, cross-platform obfuscator for .NET Assemblies built on .NET Core\n- [**None**星][notprab/.net-deobfuscator](https://github.com/notprab/.net-deobfuscator) Lists of .NET Deobfuscator and Unpacker (Open Source)\n\n\n***\n\n\n## \u003ca id=\"61b574ca3dfbaad3735d0439ee178369\"\u003e\u003c/a\u003e文章\n\n\n- 2016.12 [securityblog] [Open source .NET deobfuscator and unpacker](http://securityblog.gr/3883/open-source-net-deobfuscator-and-unpacker/)\n- 2013.11 [digitaloperatives] [Programmatic String Deobfuscation in .NET Malware](https://www.digitaloperatives.com/2013/11/27/programmatic-string-deobfuscation-in-net-malware/)\n- 2013.11 [digitaloperatives] [Programmatic String Deobfuscation in .NET Malware](https://digitaloperatives.blogspot.com/2013/11/DotNet-String-Deobfuscation.html)\n- 2013.10 [forcepoint] [PHP.net compromised, serving up obfuscated content](https://www.forcepoint.com/blog/security-labs/phpnet-compromised-serving-obfuscated-content)\n- 2013.04 [pediy] [[翻译].NET混淆器Dotfuscator的五大看点](https://bbs.pediy.com/thread-168353.htm)\n- 2013.03 [pediy] [[原创].Net 下的混淆器作用原理](https://bbs.pediy.com/thread-163781.htm)\n- 2010.09 [pediy] [[原创]DotNet混淆后程序的破解](https://bbs.pediy.com/thread-120805.htm)\n- 2006.12 [pediy] [从reflector实现看.net的混淆与反混淆技术[原创]](https://bbs.pediy.com/thread-37217.htm)\n- 2006.11 [pediy] [[原创]数据结构在.net反流程混淆中的应用[看雪学院2006金秋读书季]](https://bbs.pediy.com/thread-34505.htm)\n- 2004.10 [sans] [Microsoft ASP.NET vulnerability, URL obfuscation, more MD5](https://isc.sans.edu/forums/diary/Microsoft+ASPNET+vulnerability+URL+obfuscation+more+MD5/329/)\n\n\n# \u003ca id=\"30080561801b17f95ec33f3e9c55d207\"\u003e\u003c/a\u003ePowerShell\n\n\n***\n\n\n## \u003ca id=\"cdbcb10be06d54ebf90abd82ff0c09a2\"\u003e\u003c/a\u003einvoke-obfuscation\n\n\n### \u003ca id=\"2da46403d168dd32c2e334a944ceab58\"\u003e\u003c/a\u003e工具\n\n\n- [**1450**星][1y] [PS] [danielbohannon/invoke-obfuscation](https://github.com/danielbohannon/invoke-obfuscation) PowerShell Obfuscator\n\n\n### \u003ca id=\"0d49b3282f2af5712568ec4c3eb5267b\"\u003e\u003c/a\u003e文章\n\n\n- 2018.08 [cqureacademy] [Going Undercover With Invoke-Obfuscation](https://cqureacademy.com/blog/penetration-testing/invoke-obfuscation)\n- 2017.12 [danielbohannon] [The Invoke-Obfuscation Usage Guide :: Part 2](http://www.danielbohannon.com/blog-1/2017/12/2/the-invoke-obfuscation-usage-guide-part-2)\n- 2017.12 [danielbohannon] [Invoke-Obfuscation 使用指南(Part 1)](http://www.danielbohannon.com/blog-1/2017/12/2/the-invoke-obfuscation-usage-guide)\n- 2017.11 [pcsxcetrasupport3] [De-obfuscating a PowerShell Script Obfuscated by Invoke-Obfuscation](https://pcsxcetrasupport3.wordpress.com/2017/11/11/de-obfuscating-a-powershell-script-obfuscated-by-invoke-obfuscation/)\n- 2017.01 [trustedsec] [TrustedSec Security Podcast Ep: 2.5 – Mirai, Rudy Cyber head, ransomware, Invoke-Obfuscation and more!](https://www.trustedsec.com/2017/01/trustedsec-security-podcast-ep-2-5-mirai-rudy-cyber-head-ransomware-invoke-obfuscation/)\n- 2016.10 [danielbohannon] [Invoke-Obfuscation v1.1 (coming Sunday, Oct 9)](http://www.danielbohannon.com/blog-1/2016/10/1/invoke-obfuscation-v11-release-sunday-oct-9)\n- 2016.09 [danielbohannon] [Invoke-Obfuscation :: Public Release](http://www.danielbohannon.com/blog-1/2016/9/25/invoke-obfuscation-public-release)\n\n\n\n\n***\n\n\n## \u003ca id=\"c3c5478b6d8cedce40ff35a282323b28\"\u003e\u003c/a\u003e工具\n\n\n- [**505**星][2y] [PS] [danielbohannon/invoke-cradlecrafter](https://github.com/danielbohannon/invoke-cradlecrafter) PowerShell Remote Download Cradle Generator \u0026 Obfuscator\n- [**451**星][2y] [PS] [danielbohannon/revoke-obfuscation](https://github.com/danielbohannon/revoke-obfuscation) PowerShell Obfuscation Detection Framework\n- [**204**星][5m] [PS] [r3mrum/psdecode](https://github.com/r3mrum/psdecode) PowerShell script for deobfuscating encoded PowerShell scripts\n- [**143**星][4m] [Py] [cbhue/pyfuscation](https://github.com/cbhue/pyfuscation) Obfuscate powershell scripts by replacing Function names, Variables and Parameters.\n- [**89**星][3y] [PS] [danielbohannon/out-fincodedcommand](https://github.com/danielbohannon/out-fincodedcommand) POC Highlighting Obfuscation Techniques used by FIN threat actors based on cmd.exe's replace functionality and cmd.exe/powershell.exe's stdin command invocation capabilities\n- [**42**星][11d] [Py] [cwolff411/powerob](https://github.com/cwolff411/powerob) An on-the-fly Powershell script obfuscator meant for red team engagements. Built out of necessity.\n- [**13**星][6m] [PS] [gh0x0st/invoke-psobfuscation](https://github.com/gh0x0st/invoke-psobfuscation) A Red and Blue team introduction into PowerShell obfuscation\n- [**3**星][1y] [Py] [3nc0d/powershell-obfuscator](https://github.com/3nc0d/powershell-obfuscator) Powerful script for logical obfuscation of powershell scripts\n- [**1**星][11m] [Py] [secureyourself7/powershell_code_basic_obfuscation](https://github.com/secureyourself7/powershell_code_basic_obfuscation) Simple PowerShell Script Code Obfuscator written in Python\n\n\n***\n\n\n## \u003ca id=\"8ff1250f3de2e32e3091204bccb98cb9\"\u003e\u003c/a\u003e文章\n\n\n- 2019.11 [freebuf] [分析银行木马的恶意快捷方式及混淆的Powershell](https://www.freebuf.com/articles/network/215898.html)\n- 2019.11 [4hou] [Unit42发布powershell自动反混淆工具](https://www.4hou.com/tools/21411.html)\n- 2019.10 [HackersOnBoard] [Black Hat USA 2017 Revoke Obfuscation PowerShell Obfuscation Detection And Evasion Using Science](https://www.youtube.com/watch?v=7gBkczIWvUo)\n- 2019.07 [PowerShellConferenceEU] [Daniel Bohannon - PesterSec: Using Pester \u0026 ScriptAnalyzer to Detect Obfuscated PowerShell](https://www.youtube.com/watch?v=qYgCLzBaVaw)\n- 2019.06 [beny] [Weaponization: Howto Fully Undetectable Empire Powershell MS macro (VBA obfuscation \u0026 Stomping)](https://www.peerlyst.com/posts/weaponization-howto-fully-undetectable-empire-powershell-ms-macro-vba-obfuscation-and-stomping-beny-bertin)\n- 2019.04 [arxiv] [[1904.10270] PowerDrive: Accurate De-Obfuscation and Analysis of PowerShell Malware](https://arxiv.org/abs/1904.10270)\n- 2019.03 [xednaps] [WannaMine dropper – Powershell Obfuscation](https://www.xednaps.com/2019/03/26/wannamine-dropper-powershell-obfuscation/)\n- 2019.02 [4hou] [Powershell混淆——使用安全字符串](http://www.4hou.com/technology/13672.html)\n- 2019.01 [sans] [\"Invoke Obfuscation: PowerShell obFUsk8tion Techniques \u0026 How To (Try To) D\"\"e'Tec'T 'Th'+'em' \"](https://www.sans.org/cyber-security-summit/archives/file/summit_archive_1492186586.pdf)\n- 2018.12 [4hou] [尝试根据字符频度检测Powershell混淆](http://www.4hou.com/web/15163.html)\n- 2018.11 [yoroi] [Dissecting the Mindscrew-Powershell Obfuscation](https://blog.yoroi.company/research/dissecting-the-mindscrew-powershell-obfuscation/)\n- 2018.11 [pediy] [[翻译]Powershell 代码反混淆技术研究](https://bbs.pediy.com/thread-248034.htm)\n- 2018.10 [aliyun] [反混淆powershell](https://xz.aliyun.com/t/2923)\n- 2018.10 [endgame] [Deobfuscating PowerShell: Putting the Toothpaste Back in the Tube](https://www.endgame.com/blog/technical-blog/deobfuscating-powershell-putting-toothpaste-back-tube)\n- 2018.08 [aliyun] [反混淆Emotet powershell payload](https://xz.aliyun.com/t/2517)\n- 2018.08 [360] [解混淆Emotet powershell payload](https://www.anquanke.com/post/id/153537/)\n- 2018.06 [PowerShellConferenceEU] [Revoke-Obfuscation: PowerShell Obfuscation Detection (And Evasion) Using Science - Daniel Bohannon](https://www.youtube.com/watch?v=UVbbpZiYnTs)\n- 2018.02 [dissectmalware] [Obfuscated PowerShell Script 2 – Emotet](https://dissectmalware.wordpress.com/2018/02/24/obfuscated-powershell-script-2-emotet/)\n- 2017.12 [4hou] [PSAmsi：四两拨千斤实现PowerShell代码混淆隐藏](http://www.4hou.com/penetration/8915.html)\n- 2017.12 [4hou] [基于AST抽象语法树的PowerShell代码混淆技术](http://www.4hou.com/penetration/9002.html)\n- 2017.11 [360] [基于抽象语法树的PowerShell混淆技术](https://www.anquanke.com/post/id/87329/)\n- 2017.11 [cobbr] [AbstractSyntaxTree-Based PowerShell Obfuscation](https://cobbr.io/AbstractSyntaxTree-Based-PowerShell-Obfuscation.html)\n- 2017.09 [jaapbrasser] [Decipher obfuscated URLs with PowerShell](https://www.jaapbrasser.com/decipher-obfuscated-urls-with-powershell/)\n- 2017.09 [softscheck] [Deobfuscating VBA \u0026 PowerShell Scripts of an Emotet Trojan Downloader](https://www.softscheck.com/en/deobfuscating-vba-powershell-scripts-of-an-emotet-trojan-downloader/)\n- 2017.08 [360] [根据powershell语言的特性来混淆代码的方法与原理](https://www.anquanke.com/post/id/86637/)\n- 2017.08 [n0where] [PowerShell Obfuscation Detection Framework: Revoke-Obfuscation](https://n0where.net/powershell-obfuscation-detection-framework-revoke-obfuscation)\n- 2017.07 [fireeye] [Revoke-Obfuscation: PowerShell Obfuscation Detection Using Science](https://www.fireeye.com/blog/threat-research/2017/07/revoke-obfuscation-powershell.html)\n- 2017.06 [] [无文件应用程序白名单绕过以及 Powershell 混淆](https://4n6ir.com/2017/06/21/fileless-application-whitelist-bypass-and-powershell-obfuscation/)\n- 2017.06 [mikefrobbins] [Simple Obfuscation with PowerShell using Base64 Encoding](http://mikefrobbins.com/2017/06/15/simple-obfuscation-with-powershell-using-base64-encoding/)\n- 2017.06 [freebuf] [Powershell编码与混淆](http://www.freebuf.com/sectool/136328.html)\n- 2017.04 [cobbr] [Trying to Detect PowerShell Obfuscation Through Character Frequency](https://cobbr.io/ObfuscationDetection.html)\n- 2017.03 [danielbohannon] [PowerShell执行参数混淆](http://www.danielbohannon.com/blog-1/2017/3/12/powershell-execution-argument-obfuscation-how-it-can-make-detection-easier)\n- 2017.03 [cobbr] [ObfuscatedEmpire - Use an obfuscated, in-memory PowerShell C2 channel to evade AV signatures](https://cobbr.io/ObfuscatedEmpire.html)\n\n\n# \u003ca id=\"577bc949bc0fe3b90ecb3a9c0b1c1ed5\"\u003e\u003c/a\u003eJavaScript\n\n\n***\n\n\n## \u003ca id=\"ae1e799313605fde936a5df7fc840791\"\u003e\u003c/a\u003ejavascript-obfuscator\n\n\n### \u003ca id=\"aaf0bc80064e2b45b47ea105845170eb\"\u003e\u003c/a\u003e工具\n\n\n- [**4393**星][12d] [TS] [javascript-obfuscator/javascript-obfuscator](https://github.com/javascript-obfuscator/javascript-obfuscator) 一个强大的JavaScript和Node.js模糊器，包含为源代码提供保护的各种特性\n- [**355**星][9d] [TS] [javascript-obfuscator/webpack-obfuscator](https://github.com/javascript-obfuscator/webpack-obfuscator) javascript-obfuscator plugin for Webpack\n- [**107**星][4m] [JS] [javascript-obfuscator/javascript-obfuscator-ui](https://github.com/javascript-obfuscator/javascript-obfuscator-ui) A web UI to the JavaScript Obfuscator node.js package.\n- [**70**星][1m] [JS] [javascript-obfuscator/gulp-javascript-obfuscator](https://github.com/javascript-obfuscator/gulp-javascript-obfuscator) Gulp plugin for javascript-obfuscator package.\n- [**40**星][12d] [JS] [javascript-obfuscator/obfuscator-loader](https://github.com/javascript-obfuscator/obfuscator-loader) A webpack loader for obfuscating single modules using javascript-obfuscator\n- [**33**星][8m] [JS] [tomasz-oponowicz/grunt-javascript-obfuscator](https://github.com/tomasz-oponowicz/grunt-javascript-obfuscator) Obfuscates JavaScript files using amazing javascript-obfuscator.\n- [**16**星][4m] [JS] [javascript-obfuscator/grunt-contrib-obfuscator](https://github.com/javascript-obfuscator/grunt-contrib-obfuscator) Grunt plugin for the javascript-obfuscator package.\n\n\n\n\n***\n\n\n## \u003ca id=\"1c0dcabc5b79a2d8f4899a8e9ca2f36b\"\u003e\u003c/a\u003ebaffle\n\n\n### \u003ca id=\"d15b1412b27cdc2c1e8500ea4f1c4349\"\u003e\u003c/a\u003e工具\n\n\n- [**1665**星][3y] [JS] [camwiegert/baffle](https://github.com/camwiegert/baffle) 一个用于混淆和显示DOM元素中的文本的小型javascript库。\n\n\n\n\n***\n\n\n## \u003ca id=\"cd762c212e2232c1fd546ee849389e4c\"\u003e\u003c/a\u003ejstillery\n\n\n### \u003ca id=\"349caa785e37967df92949298672c895\"\u003e\u003c/a\u003e工具\n\n\n- [**530**星][1y] [JS] [mindedsecurity/jstillery](https://github.com/mindedsecurity/jstillery) Advanced JavaScript Deobfuscation via Partial Evaluation\n\n\n\n\n***\n\n\n## \u003ca id=\"2d5d6380eecf903466ebcaf5c05f19b8\"\u003e\u003c/a\u003e工具\n\n\n- [**314**星][10m] [JS] [hynekpetrak/malware-jail](https://github.com/hynekpetrak/malware-jail) 半自动Javascript恶意软件分析的沙箱，去混淆和Payload提取\n- [**269**星][12d] [JS] [lelinhtinh/de4js](https://github.com/lelinhtinh/de4js) JavaScript Deobfuscator and Unpacker\n- [**207**星][30d] [JS] [chichou/etacsufbo](https://github.com/chichou/etacsufbo) 基于 AST 变换的简易 Javascript 反混淆辅助工具\n- [**85**星][29d] [JS] [rapid7/jsobfu](https://github.com/rapid7/jsobfu) Obfuscate JavaScript (beyond repair) with Ruby\n- [**83**星][4m] [JS] [zswang/jfogs](https://github.com/zswang/jfogs) JavaScript Obfuscator\n- [**79**星][5m] [HTML] [szimeus/evalyzer](https://github.com/szimeus/evalyzer) Using WinDBG to tap into JavaScript and help with deobfuscation and browser exploit detection\n- [**73**星][17d] [TS] [geeksonsecurity/illuminatejs](https://github.com/geeksonsecurity/illuminatejs) IlluminateJs is a static JavaScript deobfuscator\n- [**40**星][14d] [JS] [anseki/gnirts](https://github.com/anseki/gnirts) Obfuscate string literals in JavaScript code.\n- [**35**星][7m] [PHP] [propaganistas/email-obfuscator](https://github.com/propaganistas/email-obfuscator) A text filter for automatic email obfuscation using the well-established Javascript and a CSS fallback:\n- [**26**星][1y] [JS] [alexhorn/defendjs](https://github.com/alexhorn/defendjs) A free and open source JavaScript and Node.js obfuscator.\n- [**26**星][4m] [Py] [aurore54f/jast](https://github.com/aurore54f/jast) Syntactic detection of malicious (obfuscated) JavaScript files\n- [**23**星][1y] [JS] [veggiedefender/marveloptics_malware](https://github.com/veggiedefender/marveloptics_malware) Deobfuscated + reverse engineered javascript malware\n- [**10**星][7y] [Py] [lucianogiuseppe/js-auto-deobfuscator](https://github.com/lucianogiuseppe/js-auto-deobfuscator) JSADO automatically deobfuscates javascript scripts which use eval or some other function\n- [**2**星][8m] [Haskell] [prate658/hajas](https://github.com/prate658/hajas) JavaScript deobfuscator\n- [**2**星][3m] [JS] [filipemgs/poisonjs](https://github.com/filipemgs/poisonjs) PoisonJS - De-obfuscate eval-based JavaScript obfuscation with monkey-patched eval(-like) functions.\n- [**1**星][2y] [JS] [enzou/javascript2img_decoder](https://github.com/enzou/javascript2img_decoder) Decoder for JavaScript code which was obfuscated by JavaScript2img\n\n\n***\n\n\n## \u003ca id=\"7b882dac0338cd3b78b1d2863dd61f4b\"\u003e\u003c/a\u003e文章\n\n\n- 2019.09 [antoinevastel] [Benchmarking our JavaScript obfuscator](https://antoinevastel.com/javascript/2019/09/10/benchmarking-obfuscator.html)\n- 2019.09 [antoinevastel] [Improving our homemade JavaScript obfuscator](https://antoinevastel.com/javascript/2019/09/09/improving-obfuscator.html)\n- 2019.09 [antoinevastel] [A simple homemade JavaScript obfuscator](https://antoinevastel.com/javascript/2019/09/04/home-made-obfuscator.html)\n- 2019.09 [bromium] [Deobfuscating Ostap: TrickBot’s 34,000 Line JavaScript Downloader](https://www.bromium.com/deobfuscating-ostap-trickbots-javascript-downloader/)\n- 2019.08 [SecurityWeekly] [Deobfuscating JavaScript to Investigate Phishing Domains - PSW #617](https://www.youtube.com/watch?v=e0Dd0znmNas)\n- 2019.04 [freebuf] [如何使用JavaScript混淆来躲避AV](https://www.freebuf.com/articles/web/199060.html)\n- 2019.04 [netsparker] [Announcing the Deobfuscating JavaScript White Paper](https://www.netsparker.com/blog/web-security/announcing-deobfuscating-javascript-white-paper/)\n- 2019.03 [360] [恶意代码使用JavaScript混淆规避反病毒程序](https://www.anquanke.com/post/id/172984/)\n- 2019.03 [yoroi] [Evading AV with JavaScript Obfuscation](https://blog.yoroi.company/research/evading-av-with-javascript-obfuscation/)\n- 2019.01 [fuzzysecurity] [Angler EK JavaScript Deobfuscation: The Emperor Has No Clothes](http://fuzzysecurity.com/tutorials/22.html)\n- 2018.10 [sucuri] [Obfuscated JavaScript Cryptominer](https://blog.sucuri.net/2018/10/obfuscated-javascript-cryptominer.html)\n- 2018.04 [pediy] [[翻译]通过Javascript中的CFI实现混淆阻止解密分析](https://bbs.pediy.com/thread-225748.htm)\n- 2017.07 [freebuf] [从javascript脚本混淆说起](http://www.freebuf.com/articles/system/140062.html)\n- 2017.06 [vkremez] [\"Amazon Order Cancelled\": Weight Loss Spam Campaign via Obfuscated JavaScript](https://www.vkremez.com/2017/06/amazon-order-cancelled-weight-loss-spam.html)\n- 2017.05 [netskope] [Obfuscated Javascript Malware using Cloud Services](https://www.netskope.com/blog/obfuscated-javascript-malware-using-cloud-services/)\n- 2017.05 [intrinsec] [Malware : désobfuscation d’un Javascript encodé](https://securite.intrinsec.com/2017/05/16/exercice-de-desobfuscation-dun-jse-par-le-cert-intrinsec/)\n- 2017.04 [ColinHardy] [Emotet JavaScript dropper deobfuscation and analysis](https://www.youtube.com/watch?v=13rX3cLUHhU)\n- 2017.03 [sans] [Nicely Obfuscated JavaScript Sample ](https://isc.sans.edu/forums/diary/Nicely+Obfuscated+JavaScript+Sample/22227/)\n- 2017.02 [metabrik] [Deobfuscate JavaScript from the command line made easy](https://www.metabrik.org/blog/2017/02/14/deobfuscate-javascript-from-the-command-line-made-easy/)\n- 2017.01 [CodeColoristX] [一例简易静态 Javascript 反混淆](https://blog.chichou.me/%E4%B8%80%E4%BE%8B%E7%AE%80%E6%98%93%E9%9D%99%E6%80%81-javascript-%E5%8F%8D%E6%B7%B7%E6%B7%86-d856f6e5a9b4)\n- 2016.11 [netskope] [Manually Deobfuscating Strings Obfuscated in Malicious JavaScript Code](https://www.netskope.com/blog/manually-deobfuscating-strings-obfuscated-malicious-javascript-code/)\n- 2016.08 [sans] [Spam with Obfuscated Javascript](https://isc.sans.edu/forums/diary/Spam+with+Obfuscated+Javascript/21415/)\n- 2016.07 [doyler] [JavaScript Deobfuscation (ABCTF2016 – JS Pls)](https://www.doyler.net/security-not-included/javascript-deobfuscation-abctf)\n- 2016.06 [] [Automatically deobfuscate eval packed javascript with node.js](https://medium.com/p/664af9c2d62)\n- 2016.06 [mcafee] [Locky Ransomware Hides Under Multiple Obfuscated Layers of JavaScript](https://www.mcafee.com/blogs/other-blogs/mcafee-labs/locky-ransomware-hides-under-multiple-obfuscated-layers-of-javascript/)\n- 2016.06 [mcafee] [Locky Ransomware Hides Under Multiple Obfuscated Layers of JavaScript](https://securingtomorrow.mcafee.com/mcafee-labs/locky-ransomware-hides-under-multiple-obfuscated-layers-of-javascript/)\n- 2016.05 [jeffsoh] [Excellent Manual Javascript Deobfuscation Walk through](http://jeffsoh.blogspot.com/2016/05/excellent-manual-javascript.html)\n- 2016.05 [theevilbit] [JavaScript deobfuscation: criminal case against you.wsf](http://theevilbit.blogspot.com/2016/05/javascript-deobfuscation-criminal-case.html)\n- 2016.03 [freebuf] [技术分享：几种常见的JavaScript混淆和反混淆工具分析实战](http://www.freebuf.com/articles/web/97945.html)\n- 2016.02 [jeffsoh] [JavaScript Deobfuscation Update](http://jeffsoh.blogspot.com/2016/02/javascript-deobfuscation-update.html)\n- 2016.02 [sans] [Locky: JavaScript Deobfuscation](https://isc.sans.edu/forums/diary/Locky+JavaScript+Deobfuscation/20749/)\n- 2016.02 [sans] [More Malicious JavaScript Obfuscation](https://isc.sans.edu/forums/diary/More+Malicious+JavaScript+Obfuscation/20703/)\n- 2016.01 [sans] [JavaScript Deobfuscation Tool](https://isc.sans.edu/forums/diary/JavaScript+Deobfuscation+Tool/20619/)\n- 2016.01 [360] [Javascript Deobfuscator：JavaScript反混淆工具更新](https://www.anquanke.com/post/id/83275/)\n- 2015.12 [] [estools 辅助反混淆 Javascript](http://www.91ri.org/14876.html)\n- 2015.09 [trustwave] [Lessons in Spam JavaScript Obfuscation Layers](https://www.trustwave.com/Resources/SpiderLabs-Blog/Lessons-in-Spam-JavaScript-Obfuscation-Layers/)\n- 2015.08 [knownsec] [使用 estools 辅助反混淆 Javascript](http://blog.knownsec.com/2015/08/use-estools-aid-deobfuscate-javascript/)\n- 2013.09 [pwndizzle] [How not to Obfuscate your Javascript](http://pwndizzle.blogspot.com/2013/09/how-not-to-obfuscate-your-javascript.html)\n- 2013.02 [jeffsoh] [JavaScript Deobfuscation](http://jeffsoh.blogspot.com/2013/02/javascript-deobfuscation.html)\n- 2012.10 [defensecode] [Diving into recent 0day Javascript obfuscations](http://blog.defensecode.com/2012/10/diving-into-recent-0day-javascript.html)\n- 2012.09 [techyzilla] [Better Javascript Obfuscating Method To Protect Your Code](https://techyzilla.blogspot.com/2012/09/better-javascript-obfuscating-method-to-protect-your-code.html)\n- 2012.07 [jeffsoh] [JavaScript unescape obfuscated code](http://jeffsoh.blogspot.com/2012/07/javascript-unescape-obfuscated-code.html)\n- 2012.06 [sans] [Using JSDetox to Analyze and Deobfuscate Javascript](https://isc.sans.edu/forums/diary/Using+JSDetox+to+Analyze+and+Deobfuscate+Javascript/13558/)\n- 2012.04 [hiddenillusion] [Deobfuscating JavaScript with Malzilla](http://hiddenillusion.blogspot.com/2012/04/deobfuscating-javascript-with-malzilla.html)\n- 2012.04 [sans] [Blacole's obfuscated JavaScript](https://isc.sans.edu/forums/diary/Blacoles+obfuscated+JavaScript/13051/)\n- 2012.03 [sans] [Phishing with obfuscated javascript, shellcode and malware](https://isc.sans.edu/forums/diary/Phishing+with+obfuscated+javascript+shellcode+and+malware/12700/)\n- 2012.01 [sans] [The tale of obfuscated JavaScript continues](https://isc.sans.edu/forums/diary/The+tale+of+obfuscated+JavaScript+continues/12313/)\n- 2011.12 [sans] [V8 as an Alternative to SpiderMonkey for JavaScript Deobfuscation](https://isc.sans.edu/forums/diary/V8+as+an+Alternative+to+SpiderMonkey+for+JavaScript+Deobfuscation/12157/)\n- 2011.07 [rapid7] [Javascript Obfuscation in Metasploit](https://blog.rapid7.com/2011/07/08/jsobfu/)\n- 2011.03 [talosintelligence] [Attack Obfuscation - Not Just For JavaScript](https://blog.talosintelligence.com/2011/03/attack-obfuscation-not-just-for.html)\n- 2010.12 [talosintelligence] [Detecting Obfuscated Malicious JavaScript with Snort and Razorback](https://blog.talosintelligence.com/2010/12/detecting-obfuscated-malicious.html)\n- 2010.09 [kkotowicz] [Creating, obfuscating and analyzing malware JavaScript](https://www.slideshare.net/kkotowicz/owaspmaliciousjavascripten)\n- 2010.06 [trustedsec] [Anti-Virus Evasion through JavaScript Obfuscation](https://www.trustedsec.com/2010/06/anti-virus-evasion-through-javascript-obfuscation/)\n- 2010.04 [forcepoint] [Multi-layer Obfuscated JavaScript Using Twitter API](https://www.forcepoint.com/blog/security-labs/multi-layer-obfuscated-javascript-using-twitter-api)\n- 2010.04 [sans] [JavaScript obfuscation in PDF: Sky is the limit](https://isc.sans.edu/forums/diary/JavaScript+obfuscation+in+PDF+Sky+is+the+limit/8587/)\n- 2009.05 [talosintelligence] [Gumblar and More On Javascript Obfuscation](https://blog.talosintelligence.com/2009/05/gumblar-and-more-on-javascript.html)\n- 2009.04 [sans] [Advanced JavaScript obfuscation (or why signature scanning is a failure)](https://isc.sans.edu/forums/diary/Advanced+JavaScript+obfuscation+or+why+signature+scanning+is+a+failure/6142/)\n- 2009.02 [talosintelligence] [Detecting Silly Javascript Obfuscation Techniques](https://blog.talosintelligence.com/2009/02/detecting-silly-javascript-obfuscation.html)\n- 2008.07 [sans] [Obfuscated JavaScript Redux](https://isc.sans.edu/forums/diary/Obfuscated+JavaScript+Redux/4724/)\n- 2008.04 [sans] [Advanced obfuscated JavaScript analysis](https://isc.sans.edu/forums/diary/Advanced+obfuscated+JavaScript+analysis/4246/)\n- 2008.04 [sans] [Mixed (VBScript and JavaScript) obfuscation](https://isc.sans.edu/forums/diary/Mixed+VBScript+and+JavaScript+obfuscation/4231/)\n- 2007.10 [sans] [Deobfuscating javascript](https://isc.sans.edu/forums/diary/Deobfuscating+javascript/3484/)\n- 2007.08 [sans] [Raising the bar: dynamic JavaScript obfuscation](https://isc.sans.edu/forums/diary/Raising+the+bar+dynamic+JavaScript+obfuscation/3219/)\n- 2006.07 [sans] [Browser *does* matter, not only for vulnerabilities - a story on JavaScript deobfuscation](https://isc.sans.edu/forums/diary/Browser+does+matter+not+only+for+vulnerabilities+a+story+on+JavaScript+deobfuscation/1519/)\n\n\n# \u003ca id=\"d4d25fcc4b3c99e23d0057b7b16b9c31\"\u003e\u003c/a\u003eLLVM\n\n\n***\n\n\n## \u003ca id=\"85d98a2a3d190ff4a881fb9fee756981\"\u003e\u003c/a\u003eobfuscator\n\n\n### \u003ca id=\"d7e2adf8a51047f3d3cfa9ba79917cd5\"\u003e\u003c/a\u003e工具\n\n\n- [**2113**星][12d] [obfuscator-llvm/obfuscator](https://github.com/obfuscator-llvm/obfuscator) Obfuscator-LLVM \n- [**1182**星][4m] [hikariobfuscator/hikari](https://github.com/HikariObfuscator/Hikari) LLVM Obfuscator\n- [**249**星][12d] [Py] [rpisec/llvm-deobfuscator](https://github.com/rpisec/llvm-deobfuscator) Performs the inverse operation of the control flow flattening pass performed by LLVM-Obfuscator\n- [**71**星][12d] [C++] [qtfreet00/llvm-obfuscator](https://github.com/qtfreet00/llvm-obfuscator) ollvm based on llvm 5.0 release\n- [**39**星][6m] [Shell] [lawliet89/llvm-obfuscator](https://github.com/lawliet89/llvm-obfuscator) LLVM Obfuscator\n- [**32**星][4m] [C++] [exorxw/kylin-llvm-obfuscator](https://github.com/exorxw/kylin-llvm-obfuscator) based on llvm 5.0.1 release with ollvm\n- [**28**星][19d] [C++] [tsarpaul/llvm-string-obfuscator](https://github.com/tsarpaul/llvm-string-obfuscator) LLVM String Obfuscator\n\n\n\n\n***\n\n\n## \u003ca id=\"245340b4b00837dba6574ffb7b30fbbd\"\u003e\u003c/a\u003earmariris\n\n\n### \u003ca id=\"b2c0d5760dc0d1049ea3c9f19b8e421c\"\u003e\u003c/a\u003e工具\n\n\n- [**691**星][12m] [C++] [gossip-sjtu/armariris](https://github.com/gossip-sjtu/armariris) 由上海交通大学密码与计算机安全实验室维护的LLVM混淆框架\n\n\n### \u003ca id=\"76c686c5eff38ffc4ac7cdc7de5a3e53\"\u003e\u003c/a\u003e文章\n\n\n- 2019.06 [360] [使用unicorn engin还原Armariris字符串混淆](https://www.anquanke.com/post/id/181051/)\n\n\n\n\n***\n\n\n## \u003ca id=\"6b9473302b708b7d1d113da799f07caa\"\u003e\u003c/a\u003etigress\n\n\n### \u003ca id=\"7bef6a80765d31fd23f41c83b88fdfbe\"\u003e\u003c/a\u003e工具\n\n\n- [**475**星][7m] [LLVM] [jonathansalwan/tigress_protection](https://github.com/jonathansalwan/tigress_protection) Playing with the Tigress binary protection. Break some of its protections and solve some of its challenges. Automatic deobfuscation using symbolic execution, taint analysis and LLVM.\n\n\n\n\n***\n\n\n## \u003ca id=\"9769f77c9be1d1a84c70892ed86a1b69\"\u003e\u003c/a\u003e工具\n\n\n- [**199**星][4y] [Py] [f8left/decllvm](https://github.com/f8left/decllvm) IDA plugin for OLLVM analysis\n- [**178**星][11d] [Py] [amimo/ollvm-breaker](https://github.com/amimo/ollvm-breaker) 使用Binary Ninja去除ollvm流程平坦混淆\n- [**158**星][6y] [C] [fuzion24/androidobfuscation-ndk](https://github.com/fuzion24/androidobfuscation-ndk) Example of obfuscating an Android NDK project using O-LLVM\n- [**101**星][12d] [amimo/goron](https://github.com/amimo/goron) Yet another llvm based obfuscator\n- [**52**星][4m] [Py] [sfwishes/ollvm_de_fla](https://github.com/sfwishes/ollvm_de_fla) deobfuscation ollvm's fla\n- [**29**星][15d] [C++] [allocandinit/ollvm5.0.1](https://github.com/allocandinit/ollvm5.0.1) obfuscator 基于 llvm 5.0.1 版本\n- [**16**星][1m] [Py] [get1t/deollvm64](https://github.com/get1t/deollvm64) deobfuscator llvm arm64 script\n- [**14**星][15d] [Shell] [nickdiego/docker-ollvm](https://github.com/nickdiego/docker-ollvm) Easily build and package Obfuscator-LLVM into Android NDK.\n- [**10**星][2m] [Py] [get1t/deollvm](https://github.com/get1t/deollvm) deollvm arm64 based unicorn\n- [**None**星][Py] [maiyao1988/deobf](https://github.com/maiyao1988/deobf) An arm32 ollvm like deofuscator,aim to remove obfuscation made by ollvm like compiler\n\n\n***\n\n\n## \u003ca id=\"f6d3af2c0d95023e3bb1136dc15f1760\"\u003e\u003c/a\u003e文章\n\n\n- 2019.11 [aliyun] [使用IDA microcode去除ollvm混淆(下)](https://xz.aliyun.com/t/6795)\n- 2019.11 [zimperium] [SATURN Software deobfuscation framework based on LLVM](https://blog.zimperium.com/saturn-software-deobfuscation-framework-based-on-llvm/)\n- 2019.11 [aliyun] [使用IDA microcode去除ollvm混淆(上)](https://xz.aliyun.com/t/6749)\n- 2019.09 [quarkslab] [Obfuscating Java bytecode with LLVM and Epona](https://blog.quarkslab.com/obfuscating-java-bytecode-with-llvm-and-epona.html)\n- 2019.08 [mediacccde] [LO! An LLVM Obfuscator - deutsche Übersetzung](https://www.youtube.com/watch?v=VJL4MvYB-Qw)\n- 2019.08 [mediacccde] [LO! An LLVM Obfuscator](https://www.youtube.com/watch?v=k1UfE6Bp5Ck)\n- 2019.08 [BornHack] [BornHack 2019 - Klondike - LO! An LLVM Obfuscator](https://www.youtube.com/watch?v=CoZGtwBSwlg)\n- 2019.05 [SecurityFest] [Calle Svensson - Software Obfuscation with LLVM - SecurityFest 2019](https://www.youtube.com/watch?v=bQpPdT7RDqQ)\n- 2019.01 [pediy] [[原创]ollvm字符混淆修复](https://bbs.pediy.com/thread-249071.htm)\n- 2018.10 [pediy] [[原创] obfuscator-llvm-3.6.1 的 VS2017 win32 修正编译](https://bbs.pediy.com/thread-247231.htm)\n- 2018.04 [pediy] [[原创]ollvm快速学习](https://bbs.pediy.com/thread-225756.htm)\n- 2018.02 [pediy] [[翻译]LLVM代码混淆分析及逻辑还原](https://bbs.pediy.com/thread-224484.htm)\n- 2017.07 [360] [为OLLVM添加字符串混淆功能](https://www.anquanke.com/post/id/86384/)\n- 2017.05 [pediy] [[原创]ollvm的混淆反混淆和定制修改](https://bbs.pediy.com/thread-217727.htm)\n- 2017.03 [freebuf] [反混淆：恢复被OLLVM保护的程序](http://www.freebuf.com/articles/terminal/130142.html)\n- 2016.07 [pediy] [基于LLVM IR的源代码混淆的实现](https://bbs.pediy.com/thread-211717.htm)\n- 2015.05 [yurichev] [16-May-2015: Tweaking LLVM Obfuscator + quick look into some of LLVM internals.](https://yurichev.com/blog/llvm/)\n- 2014.12 [quarkslab] [Deobfuscation: recovering an OLLVM-protected program](https://blog.quarkslab.com/deobfuscation-recovering-an-ollvm-protected-program.html)\n\n\n# \u003ca id=\"0328c02993be94615d01d76523e36181\"\u003e\u003c/a\u003eShellcode\n\n\n***\n\n\n## \u003ca id=\"b5e505df69ad535815bc8de542a3de1d\"\u003e\u003c/a\u003e工具\n\n\n- [**506**星][21d] [Py] [zdresearch/owasp-zsc](https://github.com/zdresearch/OWASP-ZSC) Shellcode/混淆代码生成器\n- [**195**星][2y] [Py] [mr-un1k0d3r/unibyav](https://github.com/mr-un1k0d3r/unibyav)  a simple obfuscator that take raw shellcode and generate executable that are Anti-Virus friendly.\n- [**148**星][4y] [Py] [kgretzky/python-x86-obfuscator](https://github.com/kgretzky/python-x86-obfuscator) This is a **WIP** tool that performs shellcode obfuscation in x86 instruction set.\n- [**45**星][20d] [Py] [eteissonniere/elidecode](https://github.com/ETeissonniere/EliDecode) The tool to decode obfuscated shellcodes using the unicorn and capstone engine\n- [**44**星][4m] [Py] [offsecginger/pythonaesobfuscate](https://github.com/offsecginger/pythonaesobfuscate) Obfuscates a Python Script and the accompanying Shellcode.\n- [**13**星][4m] [C++] [hoodoer/enneos](https://github.com/hoodoer/enneos) Evolutionary Neural Network Encoder of Shenanigans. Obfuscating shellcode with an encoder that uses genetic algorithms to evolve neural networks to contain and output the shellcode on demand.\n\n\n***\n\n\n## \u003ca id=\"51bac3d27fdaecd233193017ce3d4d63\"\u003e\u003c/a\u003e文章\n\n\n- 2020.04 [morphisec] [Lokibot with AutoIt Obfuscator + Frenchy Shellcode](https://blog.morphisec.com/lokibot-with-autoit-obfuscator-frenchy-shellcode)\n- 2017.08 [zerosum0x0] [在线版 混淆字符串/Shellcode 生成器](https://zerosum0x0.blogspot.com/2017/08/obfuscatedencrypted-cc-online-string.html)\n- 2017.02 [csyssec] [X86 Shellcode代码混淆(一)](http://www.csyssec.org/20170223/obfuscation1/)\n- 2016.06 [breakdev] [X86 Shellcode Obfuscation - Part 3](https://breakdev.org/x86-shellcode-obfuscation-part-3/)\n- 2016.05 [breakdev] [X86 Shellcode Obfuscation - Part 2](https://breakdev.org/x86-shellcode-obfuscation-part-2/)\n- 2016.05 [breakdev] [X86 Shellcode Obfuscation - Part 1](https://breakdev.org/x86-shellcode-obfuscation-part-1/)\n- 2014.03 [zairon] [Obfuscated shellcode inside a malicious RTF document](https://zairon.wordpress.com/2014/03/06/obfuscated-shellcode-inside-a-malicious-rtf-document/)\n\n\n# \u003ca id=\"c8158811d160a448a6e6a6882f0264de\"\u003e\u003c/a\u003eBash\n\n\n***\n\n\n## \u003ca id=\"f389d3f7f415b93580a50575af01fc6e\"\u003e\u003c/a\u003ebashfuscator\n\n\n### \u003ca id=\"206537811e24bd1f3cd8b6500a27fb6b\"\u003e\u003c/a\u003e工具\n\n\n- [**495**星][8m] [Py] [bashfuscator/bashfuscator](https://github.com/bashfuscator/bashfuscator) 一个完全可配置和可扩展的Bash混淆框架。\n\n\n### \u003ca id=\"7ee0b9cda87c045044c9dfa652d0ffb6\"\u003e\u003c/a\u003e文章\n\n\n- 2018.12 [0x00sec] [Yes, Bash Can Get Uglier: Introducing Bashfuscator, A Bash Obfuscation Framework](https://0x00sec.org/t/yes-bash-can-get-uglier-introducing-bashfuscator-a-bash-obfuscation-framework/10216/)\n\n\n\n\n***\n\n\n## \u003ca id=\"3e62e2c37b74248c36b27d9c4aec23b7\"\u003e\u003c/a\u003e工具\n\n\n- [**80**星][9m] [PHP] [rizer0/blind-bash](https://github.com/rizer0/blind-bash) Obfuscate your Bash Code\n- [**19**星][2m] [JS] [willshiao/node-bash-obfuscate](https://github.com/willshiao/node-bash-obfuscate) A Node.js CLI tool and library to heavily obfuscate bash scripts.\n\n\n***\n\n\n## \u003ca id=\"cb790718e94e549a264a6fa6b5c4bfa6\"\u003e\u003c/a\u003e文章\n\n\n- 2018.11 [ironcastle] [Obfuscated bash script targeting QNap boxes, (Mon, Nov 26th)](https://www.ironcastle.net/obfuscated-bash-script-targeting-qnap-boxes-mon-nov-26th/)\n- 2018.11 [sans] [Obfuscated bash script targeting QNap boxes](https://isc.sans.edu/forums/diary/Obfuscated+bash+script+targeting+QNap+boxes/24348/)\n- 2014.10 [f5] [Shellshock: Malicious Bash, Obfuscated perlb0t, Echo Probes, and More](https://f5.com/labs/articles/threat-intelligence/malware/shellshock-malicious-bash-obfuscated-perlb0t-echo-probes-and-more-22438)\n\n\n# \u003ca id=\"f9bf00d928effb18d2a237b5b2e3d5be\"\u003e\u003c/a\u003ePHP\n\n\n***\n\n\n## \u003ca id=\"c53e3f5adb0a0312666a2b0a75afc0a7\"\u003e\u003c/a\u003ephp-obfuscator\n\n\n### \u003ca id=\"7b9b1b71da2ba028093266e3a5e13f1d\"\u003e\u003c/a\u003e工具\n\n\n- [**417**星][4m] [PHP] [naneau/php-obfuscator](https://github.com/naneau/php-obfuscator) A parsing PHP obfuscator\n\n\n\n\n***\n\n\n## \u003ca id=\"bd9e590d98dbbad1ba3e1578fb60ac17\"\u003e\u003c/a\u003eyakpro-po\n\n\n### \u003ca id=\"74c2beb1b94aa72829a9eef190c0448b\"\u003e\u003c/a\u003e工具\n\n\n- [**551**星][9d] [PHP] [pk-fr/yakpro-po](https://github.com/pk-fr/yakpro-po) YAK Pro - Php Obfuscator\n\n\n\n\n***\n\n\n## \u003ca id=\"531f45736bfe4f930def4c40029af8d8\"\u003e\u003c/a\u003eoptimus\n\n\n### \u003ca id=\"5fa6b1a17d15dacdd357631f392762de\"\u003e\u003c/a\u003e工具\n\n\n- [**1001**星][12d] [PHP] [jenssegers/optimus](https://github.com/jenssegers/optimus) 根据Knuth的整数散列将内部id转换为模糊整数。它类似于hashid，但将生成整数而不是随机字符串。它也非常快\n- [**100**星][4m] [PHP] [cybercog/laravel-optimus](https://github.com/cybercog/laravel-optimus) Transform your internal id's to obfuscated integers based on Knuth's integer hash. Laravel wrapper for the Optimus Library by Jens Segers with multiple connections support.\n\n\n\n\n***\n\n\n## \u003ca id=\"3b5533d8ba7e27c1cae2993919aca8a2\"\u003e\u003c/a\u003e工具\n\n\n- [**96**星][4m] [PHP] [ph-7/obfuscator-class](https://github.com/ph-7/obfuscator-class) Simple and effective Obfuscator PHP class (this is not a stupid base64 encoding script, but a real and effective obfuscation script)\n- [**72**星][18d] [PHP] [bediger4000/php-malware-analysis](https://github.com/bediger4000/php-malware-analysis) Deobfuscation and analysis of PHP malware captured by a WordPress honey pot\n- [**70**星][3y] [Py] [antelox/fopo-php-deobfuscator](https://github.com/antelox/fopo-php-deobfuscator) A simple script to deobfuscate PHP file obfuscated with FOPO Obfuscator -\n- [**49**星][5m] [PHP] [bediger4000/reverse-php-malware](https://github.com/bediger4000/reverse-php-malware) De-obfuscate and reverse engineer PHP malware\n- [**25**星][1m] [Py] [zigzag2050/mzphp2-deobfuscator](https://github.com/zigzag2050/mzphp2-deobfuscator) A de-obfuscate tool for code generated by mzphp2. 用于解混淆mzphp2加密的php文件的工具。\n- [**22**星][5m] [coldev/coldevprolayer](https://github.com/coldev/coldevprolayer) Protect your PHP code with obfuscation and encryption\n- [**18**星][3m] [PHP] [darsyn/obfuscator](https://github.com/darsyn/obfuscator) Obfuscate PHP source files with basic XOR encryption in userland code at runtime.\n- [**12**星][1m] [PHP] [ammarfaizi2/php-integral-obfuscator](https://github.com/ammarfaizi2/php-integral-obfuscator) PHP Integral Obfuscator\n- [**10**星][4y] [PHP] [k0u5uk3/obfuscated-php-webshell-detector](https://github.com/k0u5uk3/obfuscated-php-webshell-detector) obfuscated-php-webshell-detector - Detect PHP Webshell in obfusucation\n- [**10**星][12m] [PHP] [th1k404/unishell](https://github.com/th1k404/unishell) A piece of php webshell which are using khmer unicode and yak obfuscator to be undetectable and silently.\n- [**9**星][1m] [PHP] [simon816/phpdeobfuscator](https://github.com/simon816/phpdeobfuscator) Advanced PHP deobfuscator\n\n\n***\n\n\n## \u003ca id=\"b340e8a1c2de74fb198271d3a14e962f\"\u003e\u003c/a\u003e文章\n\n\n- 2020.03 [aliyun] [开发简单的PHP混淆器与解混淆器](https://xz.aliyun.com/t/7363)\n- 2019.08 [0x00sec] [Reverse Obfuscated PHP Code](https://0x00sec.org/t/reverse-obfuscated-php-code/15459)\n- 2019.05 [detectify] [How-to Tutorial: PHP Webshell De-Obfuscation](https://labs.detectify.com/2019/05/24/how-to-tutorial-php-webshell-de-obfuscation/)\n- 2014.07 [coder] [PHP script deobfuscation for dummies](https://coder.pub/2014/07/php-script-deobfuscation-for-dummies/)\n- 2012.05 [freebuf] [php的代码混淆工具-carbylamine](http://www.freebuf.com/sectool/1606.html)\n- 2012.01 [coder] [PHP script deobfuscation for dummies](https://kaimi.io/en/2012/01/php-script-deobfuscation-for-dummies/)\n- 2010.11 [e] [php code obfuscator](http://e-omidfar.blogspot.com/2010/11/php-code-obfuscator.html)\n- 2010.04 [coder] [PHP Obfuscator by dx](https://coder.pub/2010/04/php-obfuscator-by-dx/)\n- 2009.06 [gamelinux] [Obfuscating php code with base64](https://gamelinux.wordpress.com/2009/06/23/obfuscating-php-code-with-base64/)\n\n\n# \u003ca id=\"3ef488c941a5684f3336975b7df1d9b7\"\u003e\u003c/a\u003eGo\n\n\n***\n\n\n## \u003ca id=\"3ba2cf7fe57eaa3a81129e99e70fd77b\"\u003e\u003c/a\u003egobfuscate\n\n\n### \u003ca id=\"09d794248c8032a5baf2e26147bf78cf\"\u003e\u003c/a\u003e工具\n\n\n- [**404**星][11d] [Go] [unixpickle/gobfuscate](https://github.com/unixpickle/gobfuscate) Obfuscate Go binaries and packages\n\n\n\n\n***\n\n\n## \u003ca id=\"33c1998f141ab7b059ee273fec12f0f7\"\u003e\u003c/a\u003e工具\n\n\n- [**201**星][13d] [Go] [mvdan/garble](https://github.com/mvdan/garble) Obfuscate Go builds\n\n\n# \u003ca id=\"2c434d33f0dc3e0b8291a1173d4c863a\"\u003e\u003c/a\u003eOffice\n\n\n***\n\n\n## \u003ca id=\"a675e8b1cf8bafb2abf40ffe1cda6130\"\u003e\u003c/a\u003emacro_pack\n\n\n### \u003ca id=\"6695a309cb7dd5c8819776479c0a729f\"\u003e\u003c/a\u003e工具\n\n\n- [**817**星][15d] [Py] [sevagas/macro_pack](https://github.com/sevagas/macro_pack) 自动生成并混淆MS 文档, 用于渗透测试、演示、社会工程评估等\n\n\n### \u003ca id=\"e132b5a30c0eaf8dad0103b5e17dbb54\"\u003e\u003c/a\u003e文章\n\n\n- 2019.09 [freebuf] [Macro_Pack中的宏代码混淆方法分析](https://www.freebuf.com/sectool/211592.html)\n- 2019.08 [4hou] [Macro_Pack中的宏代码混淆方法分析](https://www.4hou.com/info/news/19640.html)\n- 2018.05 [freebuf] [Macro_Pack：一款用于自动化混淆和生成Office文档等文件格式的工具](http://www.freebuf.com/sectool/170695.html)\n- 2017.12 [n0where] [Automatize Obfuscation and Generation of MS Office Documents: macro_pack](https://n0where.net/automatize-obfuscation-and-generation-of-ms-office-documents-macro_pack)\n\n\n\n\n***\n\n\n## \u003ca id=\"393c2d829a1a1edfb7c804373b8b27d6\"\u003e\u003c/a\u003emaliciousmacrogenerator\n\n\n### \u003ca id=\"f9882cc1b17c8003597d7ea53306f505\"\u003e\u003c/a\u003e工具\n\n\n- [**524**星][1y] [Visual Basic .NET] [mr-un1k0d3r/maliciousmacrogenerator](https://github.com/mr-un1k0d3r/maliciousmacrogenerator) 生成混淆的宏，可进行AV /沙箱逃逸\n\n\n\n\n***\n\n\n## \u003ca id=\"57f22eded50566be7e5f37c260f42c58\"\u003e\u003c/a\u003e工具\n\n\n- [**355**星][3y] [Py] [pepitoh/vbad](https://github.com/pepitoh/vbad) VBA Obfuscation Tools combined with an MS office document generator\n- [**29**星][8d] [Py] [bonnetn/vba-obfuscator](https://github.com/bonnetn/vba-obfuscator) 2018 School project - PoC of malware code obfuscation in Word macros\n\n\n***\n\n\n## \u003ca id=\"e03c9dba02b3d4e48678bc865877f3c1\"\u003e\u003c/a\u003e文章\n\n\n- 2020.02 [rootshell] [[SANS ISC] Simple but Efficient VBScript Obfuscation](https://blog.rootshell.be/2020/02/22/sans-isc-simple-but-efficient-vbscript-obfuscation/)\n- 2020.01 [freebuf] [Office控件钓鱼：混淆拼接篇](https://www.freebuf.com/articles/es/224347.html)\n- 2019.09 [dylankatz] [Deobfuscating And Analyzing A Vbs Dropper](https://dylankatz.com/deobfuscating-and-analyzing-a-vbs-dropper/)\n- 2018.11 [ironcastle] [ViperMonkey: VBA maldoc deobfuscation, (Mon, Nov 26th)](https://www.ironcastle.net/vipermonkey-vba-maldoc-deobfuscation-mon-nov-26th/)\n- 2018.08 [cofense] [Recent Geodo Malware Campaigns Feature Heavily Obfuscated Macros](https://cofense.com/recent-geodo-malware-campaigns-feature-heavily-obfuscated-macros/)\n- 2018.08 [ColinHardy] [Analysing Obfuscated VBA - Extracting indicators from a Trickbot downloader](https://www.youtube.com/watch?v=auB7mkwfHrk)\n- 2017.12 [sans] [Microsoft Office VBA Macro Obfuscation via Metadata](https://isc.sans.edu/forums/diary/Microsoft+Office+VBA+Macro+Obfuscation+via+Metadata/23139/)\n- 2017.07 [sans] [A VBScript with Obfuscated Base64 Data](https://isc.sans.edu/forums/diary/A+VBScript+with+Obfuscated+Base64+Data/22590/)\n- 2017.05 [malwaretracker] [恶意 Office 文档使用基于EPS 的混淆技术，躲避检测](http://blog.malwaretracker.com/2017/05/eps-obfuscation-for-ms-office-exploits.html)\n- 2016.10 [cysinfo] [Cyber Security with Amit Malik – Episode 2 – Macro Code De-obfuscation using Vbscript Debugger](https://cysinfo.com/cyber-security-amit-malik-episode-2-macro-code-de-obfuscation-using-vbscript-debugger/)\n- 2016.04 [mcafee] [Macro Malware Employs Advanced Obfuscation to Avoid Detection](https://www.mcafee.com/blogs/other-blogs/mcafee-labs/macro-malware-employs-advanced-obfuscation-to-avoid-detection/)\n- 2016.04 [mcafee] [Macro Malware Employs Advanced Obfuscation to Avoid Detection](https://securingtomorrow.mcafee.com/mcafee-labs/macro-malware-employs-advanced-obfuscation-to-avoid-detection/)\n- 2016.02 [malwarebytes] [De-obfuscating malicious Vbscripts](https://blog.malwarebytes.com/cybercrime/2016/02/de-obfuscating-malicious-vbscripts/)\n- 2014.08 [securelist] [Obfuscated malicious office documents adopted by cybercriminals around the world](https://securelist.com/obfuscated-malicious-office-documents-adopted-by-cybercriminals-around-the-world/65414/)\n- 2013.09 [pwndizzle] [How not to Obfuscate your VBScript](http://pwndizzle.blogspot.com/2013/09/how-not-to-obfuscate-your-malware.html)\n- 2007.09 [sans] [Deobfuscating VBScript](https://isc.sans.edu/forums/diary/Deobfuscating+VBScript/3351/)\n\n\n# \u003ca id=\"c8be8cbc9e92418ec4eb91a15608969f\"\u003e\u003c/a\u003ePython\n\n\n***\n\n\n## \u003ca id=\"96c7873e76e7825abcea18eeafdc2afa\"\u003e\u003c/a\u003epyminifier\n\n\n### \u003ca id=\"6037ed842fe61659d01d8d32a1a9170b\"\u003e\u003c/a\u003e工具\n\n\n- [**912**星][4m] [Py] [liftoff/pyminifier](https://github.com/liftoff/pyminifier) Pyminifier is a Python code minifier, obfuscator, and compressor.\n\n\n\n\n***\n\n\n## \u003ca id=\"bab1b5a63fc4e3e2379fad4f45653ef4\"\u003e\u003c/a\u003epyarmor\n\n\n### \u003ca id=\"153179ac6f717a249d21dbba08571bba\"\u003e\u003c/a\u003e工具\n\n\n- [**449**星][4m] [Py] [dashingsoft/pyarmor](https://github.com/dashingsoft/pyarmor) A tool used to obfuscate python scripts, bind obfuscated scripts to fixed machine or expire obfuscated scripts.\n\n\n\n\n***\n\n\n## \u003ca id=\"710ad15004534cfe5f939655e055b3df\"\u003e\u003c/a\u003eneopi\n\n\n### \u003ca id=\"fe2b5593a8909ffd901de8cb9861a149\"\u003e\u003c/a\u003e工具\n\n\n- [**348**星][6y] [Py] [neohapsis/neopi](https://github.com/neohapsis/neopi) a Python script that uses a variety of statistical methods to detect obfuscated and encrypted content within text/script files\n\n\n### \u003ca id=\"4a4963766e96524479d6da2fafc75602\"\u003e\u003c/a\u003e文章\n\n\n- 2020.04 [oshpark] [Neopixel Rotary Encoder](http://blog.oshpark.com/2020/04/18/neopixel-rotary-encoder/)\n- 2017.05 [particle] [Heads up – WS2812B NeoPixels are about to change!](https://blog.particle.io/2017/05/11/ws2812b-neopixels-are-about-to-change/)\n\n\n\n\n***\n\n\n## \u003ca id=\"00354d933f4c483d011b1a891e4765c6\"\u003e\u003c/a\u003eintensio-obfuscator\n\n\n### \u003ca id=\"4db25e79c2c40899d30dbf80d1731c40\"\u003e\u003c/a\u003e工具\n\n\n- [**302**星][4m] [Py] [hnfull/intensio-obfuscator](https://github.com/hnfull/intensio-obfuscator) Obfuscate a python code 2.x and 3.x\n\n\n### \u003ca id=\"22a022e9e7d4d4e2f1cee842b1ae8586\"\u003e\u003c/a\u003e文章\n\n\n- 2019.06 [freebuf] [Intensio-Obfuscator：一款专业Python代码混淆处理工具](https://www.freebuf.com/sectool/205926.html)\n\n\n\n\n***\n\n\n## \u003ca id=\"b2d59d57c43592a88b115dfb8cc41eb4\"\u003e\u003c/a\u003e工具\n\n\n- [**340**星][12d] [Py] [astrand/pyobfuscate](https://github.com/astrand/pyobfuscate) Python源码混淆: 使得Python源代码对于人类来说难以阅读，而对于Python解释器来说仍然是可执行的\n- [**123**星][9d] [Py] [felamos/weirdhta](https://github.com/felamos/weirdhta) A python tool to create obfuscated HTA script.\n- [**82**星][2m] [Java] [enovella/jebscripts](https://github.com/enovella/jebscripts) A set of JEB Python/Java scripts for reverse engineering Android obfuscated code\n- [**75**星][7m] [Py] [anvilventures/lookinsidethebox](https://github.com/anvilventures/lookinsidethebox) Breaks the encryption and obfuscation layers that Dropbox applies to their modified Python interpreter.\n- [**74**星][4m] [Py] [pyobfx/pyobfx](https://github.com/pyobfx/pyobfx) Python Obfuscator \u0026 Packer\n- [**72**星][22d] [Py] [chris-rands/emojify](https://github.com/chris-rands/emojify) Obfuscate your python script by converting it to emoji icons\n- [**68**星][1m] [Py] [plantdaddy/fuzzap](https://github.com/PlantDaddy/FuzzAP) A python script for obfuscating wireless networks\n- [**50**星][1m] [Py] [bwall/markovobfuscate](https://github.com/bwall/markovobfuscate) Python library and tools to obfuscate data based on Markov models built off shared data\n- [**48**星][3m] [YARA] [decalage2/balbuzard](https://github.com/decalage2/balbuzard) Balbuzard is a package of malware analysis tools in python to extract patterns of interest from suspicious files (IP addresses, domain names, known file headers, interesting strings, etc). It can also crack malware obfuscation such as XOR, ROL, etc by bruteforcing and checking for those patterns.\n- [**42**星][23d] [Py] [extremecoders-re/bytecode_simplifier](https://github.com/extremecoders-re/bytecode_simplifier) A generic deobfuscator for PjOrion obfuscated python scripts\n- [**39**星][3y] [Py] [extremecoders-re/pjorion-deobfuscator](https://github.com/extremecoders-re/pjorion-deobfuscator) A deobfuscator for PjOrion, python cfg generator and more\n- [**38**星][1m] [Py] [lasq88/deobfuscate](https://github.com/lasq88/deobfuscate) Python script to automatically deobfuscate malware code\n- [**31**星][4m] [Py] [alberties/ghostfuscator](https://github.com/alberties/ghostfuscator) The Python Password-Protected Obfuscator\n- [**9**星][4m] [PHP] [chrissy-morgan/php-webshell-deobfuscator](https://github.com/chrissy-morgan/php-webshell-deobfuscator) A Tool written in Python to help de-obfuscate the $GLOBALS type malware.\n- [**8**星][7m] [Py] [thngkaiyuan/mynaim](https://github.com/thngkaiyuan/mynaim) Nymaim 家族样本反混淆插件\n\n\n***\n\n\n## \u003ca id=\"eab89cedf1706e7fa90dc6530899c968\"\u003e\u003c/a\u003e文章\n\n\n- 2019.03 [thief] [Python代码加密混淆](https://thief.one/2019/03/21/1/)\n- 2018.02 [0x00sec] [Plain Obfuscate Python script as malware](https://0x00sec.org/t/plain-obfuscate-python-script-as-malware/5545/)\n- 2016.07 [doyler] [Deobfuscate Python (ABCTF2016 –  Obfuscated 1)](https://www.doyler.net/security-not-included/deobfuscate-python-abctf)\n- 2016.05 [freebuf] [用Python和Smali模拟器搞定一个加混淆、防篡改的APK逆向](http://www.freebuf.com/articles/web/103980.html)\n- 2016.04 [evilsocket] [How I Defeated an Obfuscated and Anti-Tamper APK With Some Python and a Home-Made Smali Emulator.](https://www.evilsocket.net/2016/04/18/how-i-defeated-an-obfuscated-and-anti-tamper-apk-with-some-python-and-a-home-made-smali-emulator/)\n- 2016.04 [aassfxxx] [Breaking Cerber strings obfuscation with Python and radare2](http://aassfxxx.infos.st/article26/breaking-cerber-strings-obfuscation-with-python-and-radare2)\n- 2016.04 [aassfxxx] [Breaking Cerber strings obfuscation with Python and radare2](http://aassfxxx.infos.st/breaking-cerber-strings-obfuscation-with-python-and-radare2.html)\n- 2014.05 [quarkslab] [Building an obfuscated Python interpreter: we need more opcodes](https://blog.quarkslab.com/building-an-obfuscated-python-interpreter-we-need-more-opcodes.html)\n- 2013.12 [HackersSecurity] [DEFCON 18: Obfuscated Python](https://www.youtube.com/watch?v=1bJoZ-O0QS0)\n- 2012.06 [trustwave] [使用IDAPython对Flame的字符串进行反混淆](https://www.trustwave.com/Resources/SpiderLabs-Blog/Defeating-Flame-String-Obfuscation-with-IDAPython/)\n\n\n# \u003ca id=\"4169178cfbac7e4e03c182600d58d40e\"\u003e\u003c/a\u003eAndroid\n\n\n***\n\n\n## \u003ca id=\"263fb2577d8c578768f677ca34d517bd\"\u003e\u003c/a\u003esimplify\n\n\n### \u003ca id=\"98a46d73a2511e58cf348049e1c33e5f\"\u003e\u003c/a\u003e工具\n\n\n- [**3296**星][11d] [Java] [calebfenton/simplify](https://github.com/calebfenton/simplify) Android虚拟机和deobfuscator\n\n\n\n\n***\n\n\n## \u003ca id=\"5c67e3ac71ff94cd820ed382f96d359f\"\u003e\u003c/a\u003e工具\n\n\n- [**745**星][5m] [YARA] [rednaga/apkid](https://github.com/rednaga/apkid) Android应用程序标识符，用于包装器、保护器、混淆器和奇怪的东西\n- [**370**星][12d] [Ruby] [calebfenton/dex-oracle](https://github.com/calebfenton/dex-oracle) A pattern based Dalvik deobfuscator which uses limited execution to improve semantic analysis\n- [**314**星][9m] [C] [shadowsocks/simple-obfs-android](https://github.com/shadowsocks/simple-obfs-android) 一个简单的Android混淆工具\n- [**258**星][2m] [Java] [godlikewangjun/dexknife-wj](https://github.com/godlikewangjun/dexknife-wj) apk加固插件 带签名校验、dex加密、资源混淆\n- [**230**星][4y] [Ruby] [strazzere/apkfuscator](https://github.com/strazzere/apkfuscator) A generic DEX file obfuscator and munger\n- [**196**星][4m] [Py] [claudiugeorgiu/obfuscapk](https://github.com/claudiugeorgiu/obfuscapk) A black-box obfuscation tool for Android apps\n- [**165**星][3y] [ysrc/androidobfusedictionary](https://github.com/ysrc/androidobfusedictionary) Android ProGuard变态混淆字典\n- [**119**星][5m] [Java] [stringcare/androidlibrary](https://github.com/stringcare/androidlibrary) Android library to reveal or obfuscate strings and assets at runtime\n- [**94**星][6m] [Py] [thuxnder/dalvik-obfuscator](https://github.com/thuxnder/dalvik-obfuscator) a set of tools/scripts to obfuscate and manipulate dex files\n- [**90**星][1m] [Py] [necst/aamo](https://github.com/necst/aamo) Another Android Malware Obfuscator\n- [**61**星][5y] [Py] [hamiltoniancycle/classnamedeobfuscator](https://github.com/hamiltoniancycle/classnamedeobfuscator) Simple script to parse through the .smali files produced by apktool and extract the .source annotation lines.\n- [**25**星][5y] [Py] [burningcodes/dexconfuse](https://github.com/burningcodes/dexconfuse) 简易dex混淆器\n- [**17**星][12d] [Py] [omirzaei/androdet](https://github.com/omirzaei/androdet) AndrODet: An Adaptive Android Obfuscation Detector\n- [**15**星][12d] [Java] [miwong/tiro](https://github.com/miwong/tiro) TIRO - A hybrid iterative deobfuscation framework for Android applications\n\n\n***\n\n\n## \u003ca id=\"b8bd64107751a6e271414bd1db39dad1\"\u003e\u003c/a\u003e文章\n\n\n- 2020.02 [freebuf] [Obfuscapk：一款针对Android应用程序的黑盒混淆工具](https://www.freebuf.com/sectool/226391.html)\n- 2020.02 [hakin9] [Obfuscapk - A black-box obfuscation tool for Android apps](https://hakin9.org/obfuscapk-a-black-box-obfuscation-tool-for-android-apps/)\n- 2019.12 [hakin9] [Quark Engine - An Obfuscation-Neglect Android Malware Scoring System](https://hakin9.org/quark-engine-an-obfuscation-neglect-android-malware-scoring-system/)\n- 2019.10 [aliyun] [apk混淆工具Obfuscapk原理探究](https://xz.aliyun.com/t/6438)\n- 2019.05 [arxiv] [[1905.09136] DaDiDroid: An Obfuscation Resilient Tool for Detecting Android Malware via Weighted Directed Call Graph Modelling](https://arxiv.org/abs/1905.09136)\n- 2019.03 [virusbulletin] [VB2018 paper and video: Android app deobfuscation using static-dynamic cooperation](https://www.virusbulletin.com/blog/2019/03/vb2018-paper-and-video-android-app-deobfuscation-using-static-dynamic-cooperation/)\n- 2018.10 [securitygossip] [Tackling Runtime-based Obfuscation in Android With TIRO](https://securitygossip.com/blog/2018/10/08/tackling-runtime-based-obfuscation-in-android-with-tiro/)\n- 2018.10 [sjtu] [Tackling Runtime-based Obfuscation in Android With TIRO](https://loccs.sjtu.edu.cn/gossip/blog/2018/10/08/tackling-runtime-based-obfuscation-in-android-with-tiro/)\n- 2018.04 [360] [对混淆的Android应用进行渗透测试](https://www.anquanke.com/post/id/104794/)\n- 2018.03 [guardsquare] [Decompiling obfuscated Android applications](https://www.guardsquare.com/en/blog/decompiling-obfuscated-android-applications)\n- 2018.03 [pediy] [[原创]御安全浅析安卓开发代码混淆技术](https://bbs.pediy.com/thread-224966.htm)\n- 2018.02 [tinyhack] [Pentesting obfuscated Android App](http://tinyhack.com/2018/02/05/pentesting-obfuscated-android-app/)\n- 2018.02 [pnfsoftware] [A new APK Resources Decoder with de-Obfuscation Capabilities](https://www.pnfsoftware.com/blog/a-new-apk-resources-decoder-with-de-obfuscation-capabilities/)\n- 2018.01 [arxiv] [[1801.01633] Understanding Android Obfuscation Techniques: A Large-Scale Investigation in the Wild](https://arxiv.org/abs/1801.01633)\n- 2017.10 [360] [如何使用dex-oracle对抗混淆后的Android恶意软件](https://www.anquanke.com/post/id/87120/)\n- 2017.10 [rednaga] [Hacking with dex-oracle for Android Malware Deobfuscation](https://rednaga.io/2017/10/28/hacking-with-dex-oracle-for-android-malware-deobfuscation/)\n- 2017.04 [360] [Android代码混淆技术总结（一）](https://www.anquanke.com/post/id/85843/)\n- 2017.03 [360] [Android 字符串及字典混淆开源实现](https://www.anquanke.com/post/id/85637/)\n- 2017.01 [360] [Android程序反混淆利器——Simplify工具](https://www.anquanke.com/post/id/85388/)\n- 2016.12 [securitygossip] [Statistical Deobfuscation of Android Applications](http://securitygossip.com/blog/2016/12/16/2016-12-16/)\n- 2016.12 [sjtu] [Statistical Deobfuscation of Android Applications](https://loccs.sjtu.edu.cn/gossip/blog/2016/12/16/2016-12-16/)\n- 2016.11 [arxiv] [[1611.10231] Android Code Protection via Obfuscation Techniques: Past, Present and Future Directions](https://arxiv.org/abs/1611.10231)\n- 2016.11 [deepsec] [DeepSec 2016 Talk: Obfuscated Financial Fraud Android Malware: Detection And Behavior Tracking – Inseung Yang](http://blog.deepsec.net/deepsec-2016-talk-obfuscated-financial-fraud-android-malware-detection-behavior-tracking-inseung-yang/)\n- 2016.04 [n0where] [Generic Android Deobfuscator: Simplify](https://n0where.net/generic-android-deobfuscator-simplify)\n- 2016.03 [pnfsoftware] [Deobfuscating Android Triada malware](https://www.pnfsoftware.com/blog/deobfuscating-android-triada-malware/)\n- 2016.01 [freebuf] [Oracle：安卓反混淆工具](http://www.freebuf.com/sectool/92545.html)\n- 2015.03 [Roland] [用ProGuard混淆Android代码](https://blog.csdn.net/Roland_Sun/article/details/44629319)\n- 2015.02 [arxiv] [[1502.01625] A Self-Compiling Android Data Obfuscation Tool](https://arxiv.org/abs/1502.01625)\n- 2014.12 [androidcracking] [Simplify - Android Deobfuscator / Decryptor](http://androidcracking.blogspot.com/2014/12/simplify-android-deobfuscator-decryptor.html)\n- 2014.07 [virusbulletin] [Paper: Obfuscation in Android malware, and how to fight back](https://www.virusbulletin.com/blog/2014/07/paper-obfuscation-android-malware-and-how-fight-back/)\n- 2013.08 [pediy] [[原创]Android分析之路（二）——代码混淆分析研究1](https://bbs.pediy.com/thread-176457.htm)\n- 2013.06 [pediy] [apkprotect（免费android代码混淆、加密保护工具）版本v0.3.8 2013.10.22更新](https://bbs.pediy.com/thread-172733.htm)\n- 2013.04 [xyz] [android应用安全——代码安全（android代码混淆）](https://blog.csdn.net/xyz_lmn/article/details/8802785)\n- 2012.12 [pediy] [[原创]一个简单的判断APK文件是否混淆的方法](https://bbs.pediy.com/thread-159959.htm)\n- 2011.07 [pediy] [[原创]APK反破解之一：Android Java混淆(ProGuard)](https://bbs.pediy.com/thread-137112.htm)\n- 2008.10 [ysl] [請為你的 Android 程式加上 obfuscation 吧！](http://ysl-paradise.blogspot.com/2008/10/android-obfuscation.html)\n\n\n# \u003ca id=\"beb0e19614fb8044452ae90b74138f2d\"\u003e\u003c/a\u003eApple\n\n\n***\n\n\n## \u003ca id=\"c9bdd398b84c5ddfede6e2b1a78492aa\"\u003e\u003c/a\u003estcobfuscator\n\n\n### \u003ca id=\"61ba58d5e151bbeabb078767f437dff5\"\u003e\u003c/a\u003e工具\n\n\n- [**663**星][1y] [ObjC] [chenxiancai/stcobfuscator](https://github.com/chenxiancai/stcobfuscator) iOS全局自动化 代码混淆 工具！支持cocoapod组件代码一并 混淆，完美避开hardcode方法、静态库方法和系统库方法！\n\n\n\n\n***\n\n\n## \u003ca id=\"5c8857ae3e654bd79d8257595e05e229\"\u003e\u003c/a\u003e工具\n\n\n- [**1500**星][12d] [ObjC] [polidea/ios-class-guard](https://github.com/polidea/ios-class-guard) Simple Objective-C obfuscator for Mach-O executables.\n- [**1205**星][11d] [Swift] [rockbruno/swiftshield](https://github.com/rockbruno/swiftshield) 为你的iOS项目的类型和方法(包括第三方库和故事板)生成不可逆加密名称的工具，以保护你的应用程序免受iOS逆向工程工具，如类转储和Cycript。\n- [**520**星][4y] [ObjC] [pjebs/obfuscator-ios](https://github.com/pjebs/obfuscator-ios) Secure your app by obfuscating all the hard-coded security-sensitive strings.\n- [**500**星][2m] [Ruby] [kaich/codeobscure](https://github.com/kaich/codeobscure) 方便强大的OC工程代码自动混淆工具\n- [**358**星][2y] [C] [codermjlee/mjcodeobfuscation](https://github.com/codermjlee/mjcodeobfuscation) 一个用于代码混淆和字符串加密的Mac小Demo\n- [**334**星][2y] [C++] [polidea/siriusobfuscator](https://github.com/polidea/siriusobfuscator) a tool for performing source-to-source obfuscation of Swift projects\n- [**265**星][9m] [ObjC] [preemptive/ppios-rename](https://github.com/preemptive/ppios-rename) Symbol obfuscator for iOS apps\n- [**216**星][5m] [Py] [lennonchin/code-confuse-plugin](https://github.com/lennonchin/code-confuse-plugin) iOS代码混淆插件\n- [**144**星][22d] [Swift] [danleechina/mixplaintext](https://github.com/danleechina/mixplaintext) 可对 Xcode 项目工程所有的 objective-c 文件内包含的明文进行加密混淆，提高逆向分析难度。\n- [**44**星][15d] [Swift] [pabloroca/obfuscateapi](https://github.com/pabloroca/obfuscateapi) Mac OSX, Command line Swift 4 Utility for obfuscate / defuscate strings (API endpoints) in AES128 format.\n- [**38**星][6y] [C] [x43x61x69/mach-o-prettifier](https://github.com/x43x61x69/mach-o-prettifier) A Mach-O Load Command deobfuscator.\n- [**27**星][2m] [C++] [cuitche/code-obfuscation](https://github.com/cuitche/code-obfuscation) 一款iOS代码混淆工具(A code obfuscation tool for iOS.)\n- [**3**星][1m] [Java] [maxpixelstudios/minecraftdecompiler](https://github.com/maxpixelstudios/minecraftdecompiler) A useful tool to decompile and deobfuscate Minecraft by CFR/FernFlower and Proguard/SRG/CSRG/TSRG mappings\n\n\n***\n\n\n## \u003ca id=\"e9ed9f70cf4150a9f8eb4c2983ea4f6d\"\u003e\u003c/a\u003e文章\n\n\n- 2019.10 [freebuf] [Swiftshield：SwiftOBJ-C 代码混淆工具](https://www.freebuf.com/sectool/213922.html)\n- 2019.06 [h2hconference] [Android Game of Obfuscation - Jurriaan Bremer and Rodrigo Chiossi - H2HC 2013](https://www.youtube.com/watch?v=VGJTubBspJA)\n- 2019.06 [hitbsecconf] [#HITB2019AMS D1T1 - Deobfuscate UEFI/BIOS Malware And Virtualized Packers - Alexandre Borges](https://www.youtube.com/watch?v=bCaMuHAJcHw)\n- 2018.11 [ironcastle] [More obfuscated shell scripts: Fake MacOS Flash update, (Tue, Nov 27th)](https://www.ironcastle.net/more-obfuscated-shell-scripts-fake-macos-flash-update-tue-nov-27th/)\n- 2018.11 [sans] [More obfuscated shell scripts: Fake MacOS Flash update](https://isc.sans.edu/forums/diary/More+obfuscated+shell+scripts+Fake+MacOS+Flash+update/24352/)\n- 2018.09 [pediy] [[原创]尝试解下fairplayd(苹果|ios)的混淆(块调度)](https://bbs.pediy.com/thread-247018.htm)\n- 2018.09 [4hou] [用于保护iOS应用程序的开源代码混淆工具Sirius发布（二）](http://www.4hou.com/tools/13362.html)\n- 2018.09 [4hou] [用于保护iOS应用程序的开源代码混淆工具Sirius发布（一）](http://www.4hou.com/mobile/13352.html)\n- 2017.11 [pnfsoftware] [Having Fun with Obfuscated Mach-O Files](https://www.pnfsoftware.com/blog/having-fun-with-obfuscated-mach-o-files/)\n- 2015.04 [securityintelligence] [CVE-2015-1097: Deobfuscating iOS Kernel Pointers With an IBM X-Force-Discovered Vulnerability](https://securityintelligence.com/cve-2015-1097-deobfuscating-ios-kernel-pointers-with-an-ibm-x-force-discovered-vulnerability/)\n- 2012.02 [reverse] [Anti-disassembly \u0026 obfuscation #1: Apple doesn’t follow their own Mach-O specifications?](https://reverse.put.as/2012/02/02/anti-disassembly-obfuscation-1-apple-doesnt-follow-their-own-mach-o-specifications/)\n\n\n# \u003ca id=\"8a996fdcd6ee02c19fd55b09fcd7f9c0\"\u003e\u003c/a\u003eJava\n\n\n***\n\n\n## \u003ca id=\"96942f90fddd05d4c70ce45a3b3cafb7\"\u003e\u003c/a\u003enullproguard\n\n\n### \u003ca id=\"23fb4af31b14c09156b20c85f7d05953\"\u003e\u003c/a\u003e工具\n\n\n- [**273**星][4m] [Java] [w296488320/nullproguard](https://github.com/w296488320/nullproguard) 空白混淆 源码\n\n\n\n\n***\n\n\n## \u003ca id=\"77ab5d96e4ca64cb5913c61540baa0a6\"\u003e\u003c/a\u003e工具\n\n\n- [**615**星][13d] [Java] [java-deobfuscator/deobfuscator](https://github.com/java-deobfuscator/deobfuscator) Java 代码反混淆工具\n- [**172**星][4m] [Java] [superblaubeere27/obfuscator](https://github.com/superblaubeere27/obfuscator) A java obfuscator (GUI)\n- [**165**星][5m] [Java] [itzsomebody/radon](https://github.com/itzsomebody/radon) A crappy Java bytecode obfuscator (meaning: not for production use)\n- [**142**星][12d] [Java] [graxcode/threadtear](https://github.com/graxcode/threadtear) Multifunctional java deobfuscation tool suite\n- [**92**星][13d] [Java] [yworks/yguard](https://github.com/yworks/yguard) The open-source Java obfuscation tool working with Ant and Gradle by yWorks - the diagramming experts\n- [**82**星][19d] [Java] [ysrc/obfusesmalitext](https://github.com/ysrc/obfusesmalitext) smali文件，jar包字符串混淆，支持gradle插件\n- [**65**星][1m] [Java] [calebwhiting/java-asm-obfuscator](https://github.com/calebwhiting/java-asm-obfuscator) Obfuscates compiled java code to make it harder to reverse engineer.\n- [**56**星][4m] [Java] [johnjohndoe/proguard](https://github.com/johnjohndoe/proguard) Java class file shrinker, optimizer, obfuscator, and preverifier\n- [**23**星][19d] [Java] [alpheratzteam/obfuscator](https://github.com/alpheratzteam/obfuscator) Java Obfuscator\n- [**18**星][25d] [Java] [damianszczepanik/silencio](https://github.com/damianszczepanik/silencio) Silencio is a Java library for transforming and converting XML, JSON, YAML, Properties and other formats. It is applicable for most operations such as obfuscation, encryption, minimisation (minifying), anonymous. Library is fully customizable and extensible.\n- [**14**星][9m] [Java] [graxcode/stringer-verification-bypass](https://github.com/graxcode/stringer-verification-bypass) Patch java archives obfuscated and signed by stringer 3.x - 9.0 (\n- [**9**星][4m] [Java] [mjvl/uniobfuscator](https://github.com/mjvl/uniobfuscator) Java obfuscator that hides code in comment tags and Unicode garbage by making use of Java's Unicode escapes.\n\n\n***\n\n\n## \u003ca id=\"85a8cd8871da13161f05993c1029e867\"\u003e\u003c/a\u003e文章\n\n\n- 2020.04 [hakin9] [Threadtear - Multifunctional java deobfuscation tool suite](https://hakin9.org/threadtear-multifunctional-java-deobfuscation-tool-suite/)\n- 2018.09 [arxiv] [[1809.11037] A Systematic Study on Static Control Flow Obfuscation Techniques in Java](https://arxiv.org/abs/1809.11037)\n- 2017.09 [360] [基于ASM的Java字符串混淆工具实现](https://www.anquanke.com/post/id/86941/)\n- 2016.07 [MalwareAnalysisForHedgehogs] [Malware Analysis - Java Malware Deobfuscation](https://www.youtube.com/watch?v=SFaDTQiiiww)\n- 2015.02 [contextis] [Automating Removal of Java Obfuscation](https://www.contextis.com/blog/automating-removal-of-java-obfuscation)\n- 2013.07 [netspi] [Java Obfuscation Tutorial with Zelix Klassmaster](https://blog.netspi.com/java-obfuscation-tutorial-with-zelix-klassmaster/)\n- 2013.02 [security] [Deobfuscating Java 7u11 Exploit from Cool Exploit Kit (CVE-2013-0431)](http://security-obscurity.blogspot.com/2013/02/deobfuscating-java-7u11-exploit-from.html)\n- 2013.01 [quequero] [Malicious Java Applet Deobfuscation](https://quequero.org/2013/01/malicious-java-applet-deobfuscation/)\n- 2012.11 [security] [Java Exploit Code Obfuscation and Antivirus Bypass/Evasion (CVE-2012-4681)](http://security-obscurity.blogspot.com/2012/11/java-exploit-code-obfuscation-and.html)\n- 2008.09 [arxiv] [[0809.3503] JDATATRANS for Array Obfuscation in Java Source Code to Defeat Reverse Engineering from Decompiled Codes](https://arxiv.org/abs/0809.3503)\n- 2008.07 [arxiv] [[0807.4309] Array Based Java Source Code Obfuscation Using Classes with Restructured Arrays](https://arxiv.org/abs/0807.4309)\n\n\n# \u003ca id=\"193bfef38cb82179a6115c52799286fa\"\u003e\u003c/a\u003eCMD\n\n\n***\n\n\n## \u003ca id=\"63a2b1b7b26fa06579654d2e39cc2f33\"\u003e\u003c/a\u003einvoke-dosfuscation\n\n\n### \u003ca id=\"9d707b82be5392b16016bfee435f8bf6\"\u003e\u003c/a\u003e工具\n\n\n- [**416**星][2y] [PS] [danielbohannon/invoke-dosfuscation](https://github.com/danielbohannon/invoke-dosfuscation) Cmd.exe Command Obfuscation Generator \u0026 Detection Test Harness\n\n\n### \u003ca id=\"0b5910871dcca88d837fed60e2de27b1\"\u003e\u003c/a\u003e文章\n\n\n- 2018.10 [NorthSec] [Daniel Bohannon - Invoke-DOSfuscation: Techniques FOR %F IN (-style) DO (S-level CMD Obfuscation)](https://www.youtube.com/watch?v=StmzEvO3H-Q)\n- 2018.07 [pcsxcetrasupport3] [A look at a Word document macro using Invoke-DOSfuscation](https://pcsxcetrasupport3.wordpress.com/2018/07/28/a-look-at-a-word-document-macro-using-invoke-dosfuscation/)\n\n\n\n\n***\n\n\n## \u003ca id=\"0738123add9a88b1b717696ad5e3dee5\"\u003e\u003c/a\u003e文章\n\n\n- 2018.03 [fireeye] [DOSfuscation: Exploring the Depths of Cmd.exe Obfuscation and Detection Techniques](https://www.fireeye.com/blog/threat-research/2018/03/dosfuscation-exploring-obfuscation-and-detection-techniques.html)\n\n\n# \u003ca id=\"978ec8680ae0965ce50c6948e6c740fa\"\u003e\u003c/a\u003e其他\n\n\n***\n\n\n## \u003ca id=\"3df7c00560baca22e97aa3842646f208\"\u003e\u003c/a\u003eflare-floss\n\n\n### \u003ca id=\"da84308c817371ee9a7168afd8c08879\"\u003e\u003c/a\u003e工具\n\n\n- [**1497**星][12d] [Py] [fireeye/flare-floss](https://github.com/fireeye/flare-floss) 自动从恶意代码中提取反混淆后的字符串\n    - [floss](https://github.com/fireeye/flare-floss/tree/master/floss) \n    - [IDA插件](https://github.com/fireeye/flare-floss/blob/master/scripts/idaplugin.py) \n\n\n### \u003ca id=\"524722c4a4090595c6aeb0e245793c2b\"\u003e\u003c/a\u003e文章\n\n\n- 2016.05 [freebuf] [火眼实验室恶意软件开源分析工具Flare-floss](http://www.freebuf.com/sectool/105252.html)\n\n\n\n\n***\n\n\n## \u003ca id=\"816c07719bc43d5fbdb096c357fa52cd\"\u003e\u003c/a\u003edemovfuscator\n\n\n### \u003ca id=\"be0c014ea3736628b4f9278b5291ac41\"\u003e\u003c/a\u003e工具\n\n\n- [**516**星][12d] [C++] [kirschju/demovfuscator](https://github.com/kirschju/demovfuscator) 对抗控制流线性化的工具，反混淆器。\n\n\n\n\n***\n\n\n## \u003ca id=\"c9354b20e62e3781b0e194d7ac7b2b1a\"\u003e\u003c/a\u003ehexraysdeob\n\n\n### \u003ca id=\"25deb9c341c4f5d5b2c165f85bdc7cb8\"\u003e\u003c/a\u003e工具\n\n\n- [**318**星][9m] [C++] [rolfrolles/hexraysdeob](https://github.com/rolfrolles/hexraysdeob) 利用Hex-Rays microcode API破解编译器级别的混淆\n- [**40**星][4m] [C++] [carbonblack/hexraysdeob](https://github.com/carbonblack/hexraysdeob) Hex-Rays microcode API plugin for breaking an obfuscating compiler\n\n\n\n\n***\n\n\n## \u003ca id=\"a5243005269510c9270b86faaaa708f0\"\u003e\u003c/a\u003ecallobfuscator\n\n\n### \u003ca id=\"1aac846077f425c1c6d557d9b0e9e3b0\"\u003e\u003c/a\u003e工具\n\n\n- [**272**星][4m] [C++] [d35ha/callobfuscator](https://github.com/d35ha/callobfuscator) 使用不同的Windows API混淆指定的Windows API\n\n\n\n\n# \u003ca id=\"ac6cc2eb18f961bdbfb16151e1f9f686\"\u003e\u003c/a\u003e恶意代码\n\n\n***\n\n\n## \u003ca id=\"1006f3d956b3a62601532cccb9ef1f8d\"\u003e\u003c/a\u003e文章\n\n\n- 2020.05 [vmray] [Move Fast and Don’t Break Things (Part 2): Automated Malware De-obfuscation by Accurate API Monitoring](https://www.vmray.com/cyber-security-blog/automated-malware-de-obfuscation-by-accurate-api-monitoring-part-2/)\n- 2020.05 [talosintelligence] [Threat Spotlight: Astaroth — Maze of obfuscation and evasion reveals dark stealer](https://blog.talosintelligence.com/2020/05/astaroth-analysis.html)\n- 2020.04 [rootshell] [[SANS ISC] Malicious Excel With a Strong Obfuscation and Sandbox Evasion](https://blog.rootshell.be/2020/04/24/sans-isc-malicious-excel-with-a-strong-obfuscation-and-sandbox-evasion/)\n- 2020.03 [welivesecurity] [Stantinko’s new cryptominer features unique obfuscation techniques | WeLiveSecurity](https://www.welivesecurity.com/2020/03/19/stantinko-new-cryptominer-unique-obfuscation-techniques/)\n- 2020.02 [infosecinstitute] [What is Malware Obfuscation?](https://resources.infosecinstitute.com/category/certifications-training/malware-analysis-reverse-engineering/malware-obfuscation-encoding-encryption/malware-obfuscation/)\n- 2019.11 [trendmicro] [More than a Dozen Obfuscated APT33 Botnets Used for Extreme Narrow Targeting](https://blog.trendmicro.com/trendlabs-security-intelligence/more-than-a-dozen-obfuscated-apt33-botnets-used-for-extreme-narrow-targeting/)\n- 2019.11 [umbrella] [Obfuscation: The Abracadabra of Malware Authors](https://umbrella.cisco.com:443/blog/2019/11/01/obfuscation-the-abracadabra-of-malware-authors/)\n- 2019.10 [HackersOnBoard] [Black Hat USA 2016 Next Generation of Exploit Kit Detection By Building Simulated Obfuscators](https://www.youtube.com/watch?v=DBjN6EVizc8)\n- 2019.07 [freebuf] [教你使用Cutter和Radare2对APT32恶意程序流程图进行反混淆处理](https://www.freebuf.com/articles/network/208019.html)\n- 2019.07 [arxiv] [[1907.01445] Extended Report on the Obfuscated Integration of Software Protections](https://arxiv.org/abs/1907.01445)\n- 2019.06 [trendmicro] [CVE-2019-2725 Exploited and Certificate Files Used for Obfuscation to Deliver Monero Miner](https://blog.trendmicro.com/trendlabs-security-intelligence/cve-2019-2725-exploited-and-certificate-files-used-for-obfuscation-to-deliver-monero-miner/)\n- 2019.05 [360] [使用Cutter和Radare2对APT32恶意程序流程图进行反混淆处理](https://www.anquanke.com/post/id/178047/)\n- 2019.04 [trendmicro] [Phishing Attack Uses Browser Extension Tool SingleFile to Obfuscate Malicious Log-in Pages](https://blog.trendmicro.com/trendlabs-security-intelligence/phishing-attack-uses-browser-extension-tool-singlefile-to-obfuscate-malicious-log-in-pages/)\n- 2019.03 [sucuri] [Uncommon Radixes Used in Malware Obfuscation](https://blog.sucuri.net/2019/03/uncommon-radixes-used-in-malware-obfuscation.html)\n- 2019.02 [carbonblack] [Defeating Compiler-Level Obfuscations Used in APT10 Malware](https://www.carbonblack.com/2019/02/25/defeating-compiler-level-obfuscations-used-in-apt10-malware/)\n- 2019.02 [4hou] [见招拆招分析银行木马：揭开恶意LNK真面目+逐步拆解混淆后Dropper](http://www.4hou.com/technology/16214.html)\n- 2019.01 [4hou] [一种新型恶意软件混淆技术的逆向分析](http://www.4hou.com/reverse/15824.html)\n- 2019.01 [sans] [FLOSS Every Day - Automatically Extracting Obfuscated Strings from Malware](https://www.sans.org/cyber-security-summit/archives/file/summit_archive_1492113968.pdf)\n- 2018.10 [4hou] [GandCrab勒索软件的最新版本中开始引入加密和混淆功能](http://www.4hou.com/typ/14042.html)\n- 2018.10 [mcafee] [Rapidly Evolving Ransomware GandCrab Version 5 Partners With Crypter Service for Obfuscation](https://securingtomorrow.mcafee.com/other-blogs/mcafee-labs/rapidly-evolving-ransomware-gandcrab-version-5-partners-with-crypter-service-for-obfuscation/)\n- 2018.10 [mcafee] [Rapidly Evolving Ransomware GandCrab Version 5 Partners With Crypter Service for Obfuscation](https://www.mcafee.com/blogs/other-blogs/mcafee-labs/rapidly-evolving-ransomware-gandcrab-version-5-partners-with-crypter-service-for-obfuscation/)\n- 2018.10 [mcafee] [Rapidly Evolving Ransomware GandCrab Version 5 Partners With Crypter Service for Obfuscation](https://securingtomorrow.mcafee.com/mcafee-labs/rapidly-evolving-ransomware-gandcrab-version-5-partners-with-crypter-service-for-obfuscation/)\n- 2018.10 [NorthSec] [Thaís aka barbie Moreira Hamasaki - Logic against sneak obfuscated malware](https://www.youtube.com/watch?v=Zps-nz0f3qE)\n- 2018.10 [checkpoint] [Labeless Part 6: How to Resolve Obfuscated API Calls in the Ngioweb Proxy Malware - Check Point Research](https://research.checkpoint.com/labeless-part-6-how-to-resolve-obfuscated-api-calls-in-the-ngioweb-proxy-malware/)\n- 2018.09 [tencent] [MyKings僵尸网络最新变种突袭，攻击代码多次加密混淆，难以检测](https://s.tencent.com/research/report/531.html)\n- 2018.08 [4hou] [后门混淆和反检测技术](http://www.4hou.com/technology/12718.html)\n- 2018.08 [sans] [Dealing with numeric obfuscation in malicious scripts](https://isc.sans.edu/forums/diary/Dealing+with+numeric+obfuscation+in+malicious+scripts/23954/)\n- 2018.07 [MalwareAnalysisForHedgehogs] [Malware Analysis - DOSfuscation Deobfuscation](https://www.youtube.com/watch?v=EBVhX_1vaoE)\n- 2018.07 [aliyun] [后门混淆和反检测技术](https://xz.aliyun.com/t/2472)\n- 2018.07 [360] [后门混淆和逃避技术](https://www.anquanke.com/post/id/152244/)\n- 2018.07 [imperva] [The Trickster Hackers – Backdoor Obfuscation and Evasion Techniques](https://www.imperva.com/blog/2018/07/the-trickster-hackers-backdoor-obfuscation-and-evasion-techniques/)\n- 2018.07 [360] [Malwarebytes 对使用混淆 Coinhive 短链接进行浏览器挖矿的调查分析](https://www.anquanke.com/post/id/150636/)\n- 2018.07 [malwarebytes] [Obfuscated Coinhive shortlink reveals larger mining operation](https://blog.malwarebytes.com/threat-analysis/2018/07/obfuscated-coinhive-shortlink-reveals-larger-mining-operation/)\n- 2018.06 [freebuf] [技术讨论 | NjRAT通过base64编码加密混淆Code免杀绕过360杀毒实验](http://www.freebuf.com/articles/rookie/174776.html)\n- 2018.06 [serhack] [Deobfuscating and Understanding a Trojan JScript](https://serhack.me/articles/deobfuscate-understand-trojan-jscript-en)\n- 2018.04 [360] [深入分析恶意软件Formbook：混淆和进程注入（下）](https://www.anquanke.com/post/id/103429/)\n- 2018.04 [360] [深入分析恶意软件Formbook：混淆和进程注入（上）](https://www.anquanke.com/post/id/103403/)\n- 2018.01 [trendmicro] [以俄罗斯银行为目标的恶意 Android App FakeBank 使用新的混淆技巧](https://blog.trendmicro.com/trendlabs-security-intelligence/new-mobile-malware-uses-layered-obfuscation-targets-russian-banks/)\n- 2017.08 [360] [分析一款代码经过混淆处理的勒索软件下载器](https://www.anquanke.com/post/id/86707/)\n- 2017.08 [ringzerolabs] [分析多层混淆的 HTML 文档（Locky勒索软件的下载器）](https://www.ringzerolabs.com/2017/08/analyzing-several-layers-of-obfuscation.html)\n- 2017.08 [MalwareAnalysisForHedgehogs] [Malware Analysis - Deobfuscating Loyeetro Trojan-Spy](https://www.youtube.com/watch?v=YuWuE-qy2pg)\n- 2017.08 [netskope] [Adwind RAT employs new obfuscation techniques](https://www.netskope.com/blog/adwind-rat-employs-new-obfuscation-techniques/)\n- 2017.04 [ixiacom] [Deobfuscating Malicious Actor Intentions for Your Web Server](https://www.ixiacom.com/company/blog/deobfuscating-malicious-actor-intentions-your-web-server)\n- 2017.03 [itsjack] [Deobfuscating API Call Strings In A ‘Banker’](https://itsjack.cc/blog/2017/03/deobfuscating-api-call-strings-in-a-banker/)\n- 2017.03 [adelmas] [Analyzing and Deobfuscating FlokiBot Banking Trojan](http://adelmas.com/blog/flokibot.php)\n- 2017.02 [vkremez] [Trojan-Downloader:JS/Locky: Deobfuscate and Extract IOCs](https://www.vkremez.com/2017/02/trojan-downloaderjslocky-deobfuscate.html)\n- 2016.12 [rsa] [How to deobfuscate malicious browser scripts using a script debugger](https://community.rsa.com/community/products/netwitness/blog/2016/12/31/how-to-deobfuscate-malicious-browser-scripts-using-a-script-debugger)\n- 2016.11 [securityblog] [Automatically extract obfuscated strings from malware](http://securityblog.gr/3879/automatically-extract-obfuscated-strings-from-malware/)\n- 2016.10 [4hou] [恶意代码最新混淆技术分析](http://www.4hou.com/technology/1668.html)\n- 2016.10 [broadanalysis] [EiTest campaign drops flash gate for obfuscated script sending GootKit banking malware](http://www.broadanalysis.com/2016/10/03/eitest-campaign-drops-flash-gate-for-obfuscated-script-sending-gootkit-banking-malware/)\n- 2016.09 [quarkslab] [Arybo: cleaning obfuscation by playing with mixed boolean and arithmetic operations](https://blog.quarkslab.com/arybo-cleaning-obfuscation-by-playing-with-mixed-boolean-and-arithmetic-operations.html)\n- 2016.08 [8090] [代码战争：伪装和狙杀，从“壳”到“病毒混淆器](http://www.8090-sec.com/archives/3159)\n- 2016.08 [freebuf] [代码战争：伪装和狙杀，从“壳”到“病毒混淆器”](http://www.freebuf.com/articles/system/112631.html)\n- 2016.08 [mcafee] [Obfuscated Malware Discovered on Google Play](https://www.mcafee.com/blogs/other-blogs/mcafee-labs/obfuscated-malware-discovered-google-play/)\n- 2016.08 [mcafee] [Obfuscated Malware Discovered on Google Play](https://securingtomorrow.mcafee.com/mcafee-labs/obfuscated-malware-discovered-google-play/)\n- 2016.07 [ixiacom] [MALWARE DELIVERY SECRETS: RTF OBFUSCATION](https://www.ixiacom.com/company/blog/malware-delivery-secrets-rtf-obfuscation)\n- 2016.07 [malwarenailed] [Locky Ransomware - Obfuscated Weaponry](http://malwarenailed.blogspot.com/2016/07/locky-ransomware-obfuscated-weaponry.html)\n- 2016.06 [fireeye] [Automatically Extracting Obfuscated Strings from Malware using the\nFireEye Labs Obfuscated String Solver (FLOSS)](https://www.fireeye.com/blog/threat-research/2016/06/automatically-extracting-obfuscated-strings.html)\n- 2016.06 [fortinet] [Obfuscated Bitcoin Miner Propagates Through FTP Using Password Dictionary](https://www.fortinet.com/blog/threat-research/obfuscated-bitcoin-miner-propagates-through-ftp-using-password-dictionary.html)\n- 2016.05 [jeffsoh] [Heavy Obfuscation != Malicious](http://jeffsoh.blogspot.com/2016/05/heavy-obfuscation-malicious.html)\n- 2016.04 [freebuf] [恶意软件混淆检测算法分析](http://www.freebuf.com/articles/terminal/102984.html)\n- 2015.09 [freebuf] [一种在恶意软件中常见的字符串和Payload混淆技术](http://www.freebuf.com/articles/system/77244.html)\n- 2015.09 [securityintelligence] [An Example of Common String and Payload Obfuscation Techniques in Malware](https://securityintelligence.com/an-example-of-common-string-and-payload-obfuscation-techniques-in-malware/)\n- 2015.06 [malwarebytes] [Complex Method of Obfuscation Found in Dropper RealShell](https://blog.malwarebytes.com/cybercrime/2015/06/complex-method-of-obfuscation-found-in-dropper-realshell/)\n- 2015.02 [arxiv] [[1502.03245] FEEBO: An Empirical Evaluation Framework for Malware Behavior Obfuscation](https://arxiv.org/abs/1502.03245)\n- 2014.05 [mcafee] [Necurs, Zbot Droppers Use Obfuscated Windows XP Detection to Bypass Automated Analysis](https://www.mcafee.com/blogs/other-blogs/mcafee-labs/necurs-zbot-droppers-use-obfuscated-windows-xp-detection-bypass-automated-analysis/)\n- 2014.05 [mcafee] [Necurs, Zbot Droppers Use Obfuscated Windows XP Detection to Bypass Automated Analysis](https://securingtomorrow.mcafee.com/mcafee-labs/necurs-zbot-droppers-use-obfuscated-windows-xp-detection-bypass-automated-analysis/)\n- 2014.03 [k7computing] [Volume III: Who aM I? Confessions of an Obfuscated JS Worm](https://blog.k7computing.com/?p=2304)\n- 2014.03 [k7computing] [Volume III: Who aM I? Confessions of an Obfuscated JS Worm](http://blog.k7computing.com/2014/03/volume-iii-who-am-i-confessions-of-an-obfuscated-js-worm/)\n- 2014.03 [k7computing] [Volume II: Who aM I? Confessions of an Obfuscated JS Worm](https://blog.k7computing.com/?p=2242)\n- 2014.03 [k7computing] [Volume II: Who aM I? Confessions of an Obfuscated JS Worm](http://blog.k7computing.com/2014/03/volume-ii-who-am-i-confessions-of-an-obfuscated-js-worm/)\n- 2014.03 [k7computing] [Volume I: Who aM I? Confessions of an Obfuscated JS Worm](https://blog.k7computing.com/?p=2156)\n- 2014.03 [k7computing] [Volume I: Who aM I? Confessions of an Obfuscated JS Worm](http://blog.k7computing.com/2014/03/volume-i-who-am-i-confessions-of-an-obfuscated-js-worm/)\n- 2013.05 [sans] [Tools for Examining XOR Obfuscation for Malware Analysis](https://digital-forensics.sans.org/blog/2013/05/14/tools-for-examining-xor-obfuscation-for-malware-analysis)\n- 2013.03 [malwarebytes] [Obfuscation: Malware’s best friend](https://blog.malwarebytes.com/threat-analysis/2013/03/obfuscation-malwares-best-friend/)\n- 2013.01 [checkpoint] [Tales from the Crypter: Thwarting Malware Obfuscation with Threat Emulation | Check Point Software Blog](https://blog.checkpoint.com/2013/01/30/tales-crypter-thwarting-malware-obfuscation-threat-emulation/)\n- 2012.12 [forcepoint] [Sharing the Experience of Deobfuscating a Trojan](https://www.forcepoint.com/blog/security-labs/sharing-experience-deobfuscating-trojan)\n- 2012.06 [sans] [Decoding Common XOR Obfuscation in Malicious Code](https://isc.sans.edu/forums/diary/Decoding+Common+XOR+Obfuscation+in+Malicious+Code/13354/)\n- 2011.08 [webroot] [Trojans Employ Misdirection Instead of Obfuscation](https://www.webroot.com/blog/2011/08/25/trojans-employ-misdirection-instead-of-obfuscation/)\n- 2010.12 [yurichev] [7-Dec-2010: Making C compiler generate obfuscated code](https://yurichev.com/blog/58/)\n- 2010.03 [securelist] [New Brazilian banking Trojans recycle old URL obfuscation tricks](https://securelist.com/new-brazilian-banking-trojans-recycle-old-url-obfuscation-tricks/29558/)\n- 2008.04 [secshoggoth] [Obfuscating Malware for Fun and Prizes](http://secshoggoth.blogspot.com/2008/04/obfuscating-malware-for-fun-and-prizes.html)\n- 2006.12 [pediy] [[翻译]注入 动态生成及混淆的恶意代码的检测](https://bbs.pediy.com/thread-35766.htm)\n\n\n# \u003ca id=\"48905dbcdd16a4b3ca77dc0193723720\"\u003e\u003c/a\u003e新添加-混淆\n\n\n***\n\n\n## \u003ca id=\"40f09a7bfb3cb928c2f912aa6634c775\"\u003e\u003c/a\u003e工具\n\n\n- [**215**星][1y] [Java] [neo23x0/fnord](https://github.com/neo23x0/fnord) 一种用于混淆代码的模式提取器\n- [**185**星][3y] [PS] [cobbr/obfuscatedempire](https://github.com/cobbr/obfuscatedempire) Empire的Fork，集成了Invoke-Obfuscation\n- [**165**星][2m] [JS] [zsoltszabo/node-uglifier](https://github.com/zsoltszabo/node-uglifier) 完全自动合并和混淆(丑化)整个NodeJs项目到一个文件与外部文件选项\n- [**161**星][17d] [Py] [z0noxz/powerstager](https://github.com/z0noxz/powerstager) 创建可执行文件，用于下载PowerShell Payload，将其加载到内存，并使用混淆的EC方法运行\n- [**152**星][26d] [Go] [znly/strobfus](https://github.com/znly/strobfus) String obfuscation\n- [**142**星][2y] [Py] [gumblex/ptproxy](https://github.com/gumblex/ptproxy) Turn any pluggable transport for Tor into an obfuscating TCP tunnel.\n- [**132**星][8m] [C#] [nyan-x-cat/lime-crypter](https://github.com/nyan-x-cat/lime-crypter) Simple obfuscation tool\n- [**131**星][9m] [C] [changeofpace/overwatch-dump-fix](https://github.com/changeofpace/overwatch-dump-fix) x64dbg plugin which removes anti-dumping and obfuscation techniques from the popular FPS game Overwatch.\n- [**131**星][6m] [PHP] [propaganistas/laravel-fakeid](https://github.com/propaganistas/laravel-fakeid) Automatic model ID obfuscation in routes for Laravel 5\n- [**120**星][4m] [we5ter/flerken](https://github.com/we5ter/flerken) A Solution For Cross-Platform Obfuscated Commands Detection\n- [**114**星][4m] [Py] [ekultek/graffiti](https://github.com/ekultek/graffiti) A tool to generate obfuscated one liners to aid in penetration testing\n- [**106**星][16d] [C] [vmonaco/kloak](https://github.com/vmonaco/kloak) Keystroke-level online anonymization kernel: obfuscates typing behavior at the device level.\n- [**101**星][3y] [Py] [mr-un1k0d3r/sct-obfuscator](https://github.com/mr-un1k0d3r/sct-obfuscator) Cobalt Strike SCT payload obfuscator\n- [**100**星][2m] [C] [elfmaster/dsym_obfuscate](https://github.com/elfmaster/dsym_obfuscate) Obfuscates dynamic symbol table\n- [**93**星][4y] [C] [osandamalith/ipobfuscator](https://github.com/osandamalith/ipobfuscator) A simple tool to convert the IP to a DWORD IP\n- [**90**星][19d] [C++] [koemeet/rtti-obfuscator](https://github.com/koemeet/rtti-obfuscator) Obfuscates all RTTI (Run-time type information) inside a binary\n- [**88**星][2y] [C] [lloydlabs/windows-api-hashing](https://github.com/lloydlabs/windows-api-hashing) 通过哈希混淆API\n- [**76**星][11d] [Java] [radioegor146/native-obfuscator](https://github.com/radioegor146/native-obfuscator) Java .class to .cpp converter for use with JNI\n- [**73**星][2y] [C++] [nickcano/relocbonus](https://github.com/nickcano/relocbonus) An obfuscation tool for Windows which instruments the Windows Loader into acting as an unpacking engine.\n- [**71**星][4y] [Py] [kkar/vbs-obfuscator-in-python](https://github.com/kkar/vbs-obfuscator-in-python) VBScript混淆允许pentester绕过对策\n- [**71**星][24d] [TS] [javascript-obfuscator/react-native-obfuscating-transformer](https://github.com/javascript-obfuscator/react-native-obfuscating-transformer) Obfuscation for React Native bundles\n- [**66**星][2m] [Py] [nullhypothesis/scramblesuit](https://github.com/nullhypothesis/scramblesuit) The ScrambleSuit traffic obfuscation protocol.\n- [**59**星][3y] [Py] [amoulu/tinysmaliemulator](https://github.com/amoulu/tinysmaliemulator) A very minimalist smali emulator that could be used to \"decrypt\" obfuscated strings\n- [**58**星][12d] [JS] [coston/react-obfuscate](https://github.com/coston/react-obfuscate) An intelligent React component to obfuscate any contact link!\n- [**57**星][14d] [C++] [haidragon/study_obscure](https://github.com/haidragon/study_obscure) 混淆反混淆\n- [**55**星][2y] [PS] [mr-un1k0d3r/base64-obfuscator](https://github.com/mr-un1k0d3r/base64-obfuscator) Simple PowerShell Base64 encoder to avoid detection of your malicious payload\n- [**54**星][1m] [Py] [mushorg/oschameleon](https://github.com/mushorg/oschameleon) OS Fingerprint Obfuscation for modern Linux Kernels\n- [**47**星][23d] [C++] [thebabush/dumb-obfuscator](https://github.com/thebabush/dumb-obfuscator) Tutorial on how to write the dumbest obfuscator I could think of.\n- [**46**星][4m] [C++] [timelifeczy/sheller](https://github.com/timelifeczy/sheller) 一键加壳/脱壳，混淆，花指令，反调试等\n- [**45**星][4m] [Assembly] [martinvelez/w32evol](https://github.com/martinvelez/w32evol) An obfuscation engine which obfuscates Intel x86 32-bit binary code.\n- [**43**星][2y] [Py] [nikshepsvn/scatterfly](https://github.com/nikshepsvn/scatterfly) An attempt to improve user privacy by intelligent data obfuscation.\n- [**43**星][12d] [C] [tum-i22/obfuscation-benchmarks](https://github.com/tum-i22/obfuscation-benchmarks) A set of programs used for benchmarking the strength of obfuscation\n- [**42**星][4y] [Py] [cylance/markovobfuscate](https://github.com/cylance/MarkovObfuscate) Use Markov Chains to obfuscate data as other data\n- [**39**星][1m] [Shell] [dlshad/openvpn-shapeshifter](https://github.com/dlshad/openvpn-shapeshifter) This script will automatically guide you to install and configure your OpenVPN server with Shapeshifter Dispatcher (obfuscation) which will allow you to bypass the DPI blockage on OpenVPN. This setup will offer the users the freedom to choose between regular OpenVPN connection or obfuscated one, they actually can use both! OpenVPN is the VPN pro…\n- [**37**星][4m] [Shell] [hromie/obfs4proxy-openvpn](https://github.com/hromie/obfs4proxy-openvpn) Obfuscating OpenVPN traffic using obfs4proxy\n- [**36**星][4m] [Visual Basic] [doctorlai/vbscript_obfuscator](https://github.com/doctorlai/vbscript_obfuscator) The VBScript Obfuscator written in VBScript\n- [**33**星][1y] [C] [mmyydd/relative-pattern](https://github.com/mmyydd/relative-pattern) Recover control flow graph from obfuscated codes\n- [**33**星][1m] [C++] [hikariobfuscator/core](https://github.com/hikariobfuscator/core) Shared Obfuscation Core\n- [**31**星][1y] [C] [segnolin/vobfus](https://github.com/segnolin/vobfus) virtualization obfuscator inspired by juhajong/vm-obfuscator\n- [**29**星][5m] [Java] [rabrg/refactored-client](https://github.com/rabrg/refactored-client) Refactoring the obfuscated v317 of the RuneScape (RuneTek 3) client.\n- [**29**星][6m] [Java] [guardianproject/pluto](https://github.com/guardianprojec","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Falphaseclab%2Fobfuscation-stuff","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Falphaseclab%2Fobfuscation-stuff","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Falphaseclab%2Fobfuscation-stuff/lists"}