Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/cybercentrecanada/assemblyline-service-overpower

Assemblyline 4 PowerShell emulation and static analysis tool
https://github.com/cybercentrecanada/assemblyline-service-overpower

assemblyline malware-analysis powershell

Last synced: 3 months ago
JSON representation

Assemblyline 4 PowerShell emulation and static analysis tool

Host: GitHub
URL: https://github.com/cybercentrecanada/assemblyline-service-overpower
Owner: CybercentreCanada
License: mit
Created: 2021-09-07T14:00:22.000Z (over 3 years ago)
Default Branch: main
Last Pushed: 2024-08-16T17:45:32.000Z (5 months ago)
Last Synced: 2024-08-17T17:21:48.282Z (5 months ago)
Topics: assemblyline, malware-analysis, powershell
Language: Python
Homepage: https://cybercentrecanada.github.io/assemblyline4_docs/
Size: 619 KB
Stars: 5
Watchers: 1
Forks: 1
Open Issues: 0
Metadata Files:
- Readme: README.md
- Contributing: CONTRIBUTING.md

Awesome Lists containing this project

README

# Overpower Service
Uses *modified* open-source tools to de-obfuscate and score PowerShell files, such as:
* [PSDecode](https://github.com/R3MRUM/PSDecode): PowerShell script for de-obfuscating encoded PowerShell scripts
* [PowerShellProfiler](https://github.com/pan-unit42/public_tools/tree/master/powershellprofiler): Palo Alto Networks Unit42 tool for statically analyzing PowerShell scripts by de-obfuscating and normalizing the content which is then profiled for behavioural indicators.

## Submission Parameters
Generic parameters:
* `tool_timeout`: The length of time we will allow tools to individually run for.
* `add_supplementary`: If you want supplementary files to be added to the result, select this.
PSDecode parameters:
* `fake_web_download`: A flag that is used for indicating if a web request to download a file to disk should be faked.