https://github.com/RythmStick/AMSITrigger

The Hunt for Malicious Strings
https://github.com/RythmStick/AMSITrigger

Last synced: 5 months ago
JSON representation

The Hunt for Malicious Strings

• Host: GitHub
• URL: https://github.com/RythmStick/AMSITrigger
• Owner: RythmStick
• License: gpl-3.0
• Created: 2020-05-27T09:17:19.000Z (over 5 years ago)
• Default Branch: master
• Last Pushed: 2022-08-21T22:37:23.000Z (over 3 years ago)
• Last Synced: 2024-08-05T17:24:20.301Z (over 1 year ago)
• Language: C#
• Size: 60.5 KB
• Stars: 1,025
• Watchers: 13
• Forks: 151
• Open Issues: 3
• Metadata Files:
  • Readme: README.md
  • License: LICENSE

Awesome Lists containing this project

• awesome-hacking-lists - RythmStick/AMSITrigger - The Hunt for Malicious Strings (C# #)

README

          
# AMSITrigger v3

## Hunting for Malicious Strings

### Usage:

    -i, -inputfile=VALUE       Powershell filename

    -u, -url=VALUE             URL eg. https://10.1.1.1/Invoke-NinjaCopy.ps1

    -f, -format=VALUE          Output Format:

                                  1 - Only show Triggers

                                  2 - Show Triggers with Line numbers

                                  3 - Show Triggers inline with code

                                  4 - Show AMSI calls (xmas tree mode)

    -d, -debug                 Show Debug Info

    -p, -pause=VALUE           Pause after displaying VALUE triggers  

    -m, -maxsiglength=VALUE    Maximum signature Length to cater for,

                                  default=2048

    -c, -chunksize=VALUE       Chunk size to send to AMSIScanBuffer,

                                  default=4096

    -h, -?, -help              Show Help

  

    

For details see https://www.rythmstick.net/posts/amsitrigger