Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/eastmountyxz/PowershellDetect
该资源详细介绍Powershell脚本混淆、解混淆、抽象语法树提取、token提取、恶意性检测等内容,希望对您有所帮助!
https://github.com/eastmountyxz/PowershellDetect
Last synced: about 2 months ago
JSON representation
该资源详细介绍Powershell脚本混淆、解混淆、抽象语法树提取、token提取、恶意性检测等内容,希望对您有所帮助!
- Host: GitHub
- URL: https://github.com/eastmountyxz/PowershellDetect
- Owner: eastmountyxz
- Created: 2022-03-20T10:00:11.000Z (almost 3 years ago)
- Default Branch: main
- Last Pushed: 2022-05-04T14:54:14.000Z (over 2 years ago)
- Last Synced: 2024-11-16T22:33:17.935Z (about 2 months ago)
- Language: PowerShell
- Size: 32.2 KB
- Stars: 20
- Watchers: 2
- Forks: 2
- Open Issues: 0
-
Metadata Files:
- Readme: README.md
Awesome Lists containing this project
- awesome-hacking-lists - eastmountyxz/PowershellDetect - 该资源详细介绍Powershell脚本混淆、解混淆、抽象语法树提取、token提取、恶意性检测等内容,希望对您有所帮助! (PowerShell)
README
# PowershellDetect
该资源详细介绍Powershell脚本混淆、解混淆、抽象语法树提取、token提取、恶意性检测等内容,希望对您有所帮助!LotL离地攻击:
- https://github.com/LOLBAS-Project/LOLBAS作者博客:
- Powershell恶意代码检测 (1)论文总结及抽象语法树(AST)提取
- Powershell恶意代码检测 (2)抽象语法树自动提取万字详解
- Powershell恶意代码检测 (3)Token关键词自动提取
- Powershell恶意代码检测 (4)混淆和反混淆
- Powershell恶意代码检测 (5)APT中的Powershell、常用数据集及数据标注实验## 一.学术论文
(1) Zhenyuan Li, et al. **Effective and Light-Weight Deobfuscation and Semantic-Aware Attack Detection for PowerShell Scripts**. CCS, 2019: 1831-1847.
- https://dl.acm.org/doi/pdf/10.1145/3319535.3363187
- 浙江大学,最经典的一篇Powershell论文,详细介绍解混淆工作
- https://www.bilibili.com/video/av800038481/(2) Danny Hendler, et al. **Detecting Malicious PowerShell Commands using Deep Neural Networks**. AsiaCCS, 2018: 187-197.
- BGU、微软
- https://dl.acm.org/doi/pdf/10.1145/3196494.3196511(3) Danny Hendler, et al. **AMSI-Based Detection of Malicious PowerShell Code Using Contextual Embeddings**. AsiaCCS, 2020: 679-693
- BGU、微软
- https://dl.acm.org/doi/pdf/10.1145/3320269.3384742(4) 刘岳, 刘宝旭, 等. 基于特征组合的Powershell恶意代码检测方法[J]. 信息安全学报, 2021, 6(1): 40-53.
- 中科院信工所(5) Yong Fang, Xiangyu Zhou, Cheng Huang. Effective method for detecting malicious PowerShell scripts based on hybrid features. Neurocomputing, 448: 30-39 (2021).
- 四川大学
- https://www.sciencedirect.com/science/article/pii/S0925231221005099(6) 彭国军, 等. 基于深度学习的PowerShell恶意代码家族分类研究[J]. 武汉大学学报(理学版), 2022(1)
- 武汉大学国家网络安全学院(7) Gili Rusak, et al. AST-Based Deep Learning for Detecting Malicious PowerShell. CCS, 2018: 2276-2278.
- CSAIL, MIT, USA
- https://dl.acm.org/doi/10.1145/3243734.3278496(8) Chao Liu, et al. PSDEM: A Feasible De-Obfuscation Method for Malicious PowerShell Detection. ISCC, 2018: 825-831.
- 中科院信工所
- https://ieeexplore.ieee.org/document/8538691(9) Denis Ugarte, et al. PowerDrive: Accurate De-obfuscation and Analysis of PowerShell Malware. DIMVA,2019: 240-259.
- University of Cagliari
- https://link.springer.com/chapter/10.1007/978-3-030-22038-9_12(10) Jian Zhang, et al. **A Novel Neural Source Code Representation Based on Abstract Syntax Tree**. 2019 IEEE/ACM 41st International Conference on Software Engineering (ICSE), 2019.
- C语言抽象语法树
- https://ieeexplore.ieee.org/document/8812062(11) G. M. Malandrone, G. Virdis, G. Giacinto , D. Maiorca. **PowerDecode: a PowerShell Script Decoder Dedicated to Malware Analysis**. 5th Italian Conference on CyberSecurity (ITASEC), 2021.
- 解混淆工具
- https://github.com/Malandrone/PowerDecode(12) C. Xiong, Z. Li, et al. **Generic, efficient, and effective deobfuscation and semantic-aware attack detection for PowerShell scripts**. Frontiers of Information Technology & Electronic Engineering, vol.23, no.3, 2022, pp. 361-381.
- 浙大团队
- https://link.springer.com/article/10.1631/FITEE.2000436(13) A. Alahmadi, N. Alkhraan, et al. **MPSAutodetect: A Malicious Powershell Script Detection Model Based on Stacked Denoising Auto-Encoder**. Computers & Security, vol.116, 2022, p. 102658.
- https://www.sciencedirect.com/science/article/pii/S0167404822000578---
## 二.开源工具
**(1) github**
- https://github.com/danielbohannon/Invoke-Obfuscation
- https://github.com/Malandrone/PowerDecode
- https://github.com/zhangj111/astnn
- https://github.com/lzybkr/ShowPSAst
- https://github.com/thewhiteninja/deobshell**(2) 其他**
- https://powershell.one/powershell-internals/parsing-and-tokenization/abstract-syntax-tree
- https://powershell.one/powershell-internals/parsing-and-tokenization/simple-tokenizer
- https://docs.microsoft.com/en-us/dotnet/api/system.management.automation.psparser.tokenize?view=powershellsdk-7.0.0---
## 三.混淆及反混淆
----
## 四.抽象语法树
----
## 五.恶意性检测
---
By:Eastmount CSDN 2022-03-20