Skip to content

CybercentreCanada/assemblyline-service-overpower

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

298 Commits

.vscode

.vscode

 
 

pipelines

pipelines

 
 

tests

tests

 
 

tools

tools

 
 

.dockerignore

.dockerignore

 
 

.gitignore

.gitignore

 
 

CONTRIBUTING.md

CONTRIBUTING.md

 
 

Dockerfile

Dockerfile

 
 

LICENCE.md

LICENCE.md

 
 

README.md

README.md

 
 

overpower.py

overpower.py

 
 

pkglist.txt

pkglist.txt

 
 

requirements.txt

requirements.txt

 
 

service_manifest.yml

service_manifest.yml

 
 

Repository files navigation

Overpower Service

Uses modified open-source tools to de-obfuscate and score PowerShell files, such as:

  • PSDecode: PowerShell script for de-obfuscating encoded PowerShell scripts
  • PowerShellProfiler: Palo Alto Networks Unit42 tool for statically analyzing PowerShell scripts by de-obfuscating and normalizing the content which is then profiled for behavioural indicators.

Submission Parameters

Generic parameters:

  • tool_timeout: The length of time we will allow tools to individually run for.
  • add_supplementary: If you want supplementary files to be added to the result, select this. PSDecode parameters:
  • fake_web_download: A flag that is used for indicating if a web request to download a file to disk should be faked.

About

Assemblyline 4 PowerShell emulation and static analysis tool

cybercentrecanada.github.io/assemblyline4_docs/

Topics

powershell malware-analysis assemblyline

Resources

Readme

License

MIT license
Activity
Custom properties

Stars

4 stars

Watchers

1 watching

Forks

1 fork
Report repository

Releases 181

v4.5.0.stable4 Latest
Apr 18, 2024
+ 180 releases

Packages

No packages published

Contributors 4

  •  
  •  
  •  
  •  

Languages