Comment on page

Static Analysis

Windows Defender
You can use DefenderCheck to split in a binaries into pieces, identifying the parts that trigger a detection.
Another tool would be Find-AVSignature for this (gist):
. .\Find-AVSignature.ps1;Find-AVSignature -StartByte 0 -EndByte max -Interval 10000 -Path C:\Users\xct\payload.exe -OutPath C:\Users\xct\out -Verbose -Force

Obfuscation

Next - Red Team

Concepts & Research

Last modified 9mo ago