AMSITrigger : The Hunt For Malicious Strings

AMSITrigger will identify all of the malicious strings in a powershell file, by repeatedly making calls to AMSI using AMSIScanBuffer .

Hunting For Malicious Strings

Usage

-i, –inputfile=VALUE Powershell filename
-u, –url=VALUE URL eg. https://10.1.1.1/Invoke-NinjaCopy.ps1
-f, –format=VALUE Output Format:
1 – Only show Triggers
2 – Show Triggers with Line numbers
3 – Show Triggers inline with code
4 – Show AMSI calls (xmas tree mode)
-d, –debug Show Debug Info
-m, –maxsiglength=VALUE Maximum signature Length to cater for,
default=2048
-c, –chunksize=VALUE Chunk size to send to AMSIScanBuffer,
default=4096
-h, -?, –help Show Help

R K

Recent Posts

Install Mono on Ubuntu 18.04: C# Compiler and Runtime Guide

Running programs built for Microsoft's framework on a Linux system is easier than you think. Mono is…

8 hours ago

Install OpenCV on Ubuntu 18.04: Step-by-Step Setup Guide

Computer vision technology powers many modern applications, from image editors to facial scanners. OpenCV (Open Source Computer…

8 hours ago

Install VNC on Ubuntu 18.04: Step-by-Step TigerVNC Setup

A remote desktop interface makes it easy to manage a remote computer. VNC (Virtual Network Computing) is…

9 hours ago

Install Gitea on Ubuntu 18.04: Self-Hosted Git Service Guide

Hosting your own code repositories is a great way to keep your projects private. Gitea is a…

9 hours ago

Install Java on Ubuntu 18.04: OpenJDK 11 and OpenJDK 8

Many modern programs require Java to run. From development tools like Eclipse to search systems…

9 hours ago

Configure a Static IP Address on Ubuntu 18.04: Netplan Guide

Setting a static IP address on your server is a smart move. It ensures your…

1 day ago