AMSITrigger : The Hunt For Malicious Strings

AMSITrigger will identify all of the malicious strings in a powershell file, by repeatedly making calls to AMSI using AMSIScanBuffer .

Hunting For Malicious Strings

Usage

-i, –inputfile=VALUE Powershell filename
-u, –url=VALUE URL eg. https://10.1.1.1/Invoke-NinjaCopy.ps1
-f, –format=VALUE Output Format:
1 – Only show Triggers
2 – Show Triggers with Line numbers
3 – Show Triggers inline with code
4 – Show AMSI calls (xmas tree mode)
-d, –debug Show Debug Info
-m, –maxsiglength=VALUE Maximum signature Length to cater for,
default=2048
-c, –chunksize=VALUE Chunk size to send to AMSIScanBuffer,
default=4096
-h, -?, –help Show Help

Download
R K

Share
Published by
R K
Tags: AMSITriggerMalicious Strings
3 years ago

Recent Posts

Shadow-rs : Harnessing Rust’s Power For Kernel-Level Security Research

shadow-rs is a Windows kernel rootkit written in Rust, demonstrating advanced techniques for kernel manipulation…

1 week ago

ExecutePeFromPngViaLNK – Advanced Execution Of Embedded PE Files via PNG And LNK

Extract and execute a PE embedded within a PNG file using an LNK file. The…

2 weeks ago

Red Team Certification – A Comprehensive Guide To Advancing In Cybersecurity Operations

Embark on the journey of becoming a certified Red Team professional with our definitive guide.…

3 weeks ago

CVE-2024-5836 / CVE-2024-6778 : Chromium Sandbox Escape via Extension Exploits

This repository contains proof of concept exploits for CVE-2024-5836 and CVE-2024-6778, which are vulnerabilities within…

3 weeks ago

Rust BOFs – Unlocking New Potentials In Cobalt Strike

This took me like 4 days (+2 days for an update), but I got it…

3 weeks ago

MaLDAPtive – Pioneering LDAP SearchFilter Parsing And Security Framework

MaLDAPtive is a framework for LDAP SearchFilter parsing, obfuscation, deobfuscation and detection. Its foundation is…

3 weeks ago