Flerken - Obfuscated Ascendency Detection Tool - Hi friends mederc, In the article that you read this time with the title Flerken - Obfuscated Ascendency Detection Tool, We have prepared this article well for you to read and retrieve information from it. hopefully fill the posts Article Blade, Article Blueteam, Article Command Line, Article Detection, Article Flerken, Article Linux, Article Malware, Article Malware Detection, Article Obfuscation, Article Obfuscation Detection, Article Python, Article Red-Team, Article Redteam, Article Whitelists, Article Windows, we write this you can understand. Alright, happy reading.

Title : Flerken - Obfuscated Ascendency Detection Tool
link : Flerken - Obfuscated Ascendency Detection Tool

Flerken - Obfuscated Ascendency Detection Tool

Command business obfuscation has been proved to endure a non-negligible cistron inwards fileless malware or malicious actors that are "living off the land". To bypass signature-based detection, dedicated obfuscation techniques are shown to endure used past times red-team penetrations as well as fifty-fifty APT activities. Meanwhile, numerous obfuscators (namely tools perform syntax transformation) are opened upwards sourced, hence making obfuscating given commands increasingly effortless.

However, the position out of suitable defenses remains to endure few. For Linux command line obfuscation, nosotros tin barely divulge whatever detection tools. Concerning defenses against Windows ascendance obfuscation, existing schemes plough out to either lack of toolization, or alone partially resolve the entire problem, sometimes fifty-fifty inaccurately.

To amend facilitate obfuscation detection, we accept proposed Flerken, a toolized platform that tin endure used to honor both Windows (CMD as well as Powershell) as well as Linux (Bash) commands. The advert of Flerken is inspired past times a cat-like nonetheless extremely powerful brute from Marvel world. Flerken is construct on the footing of carefully collection of black/white samples, as well as tin endure divided into 2 sub-schemes, namely Kindle (Windows obfuscation detector) as well as Octopus (Linux obfuscation detector). To aid optimize Flerken's classification performance, nosotros adopt techniques such equally machine learning, bi-directional characteristic filter ring, script sandboxing.

Documentation
For a detailed description of Flerken, delight review our specification document here.

Quickstart

• Installation
  
  Step 1: Ensure yous accept installed python 3.x on your server, yous tin purpose the next ascendance to cheque it.
  [root@server: $] python -V
  
  Step 2: Install the required components, all the prerequisite components accept been declared inwards requirement.txt.
  [root@server: $] pip install -r requirement.txt
  
  Step3: Custom your Flerken APP config equally yous want.
  Path: flerken/config/global_config.py
  
  Step4: Now yous tin move it!
  [root@server: $] python runApp.py
  
  Step 5(Optional): You tin construct your ain whitelists for reducing imitation positive rate.
  Path: flerken/config/whitelists/
• How to use
  
  It's really tardily to purpose equally shown inwards the next picture, as well as nosotros volition also loose API interfaces equally soon.

Getting Help
If yous accept whatever interrogation or feedbacks on Flerken. Please practise an termination as well as pick out a suitable label for it. We volition solve it equally presently equally possible.

Build-in third parties

• Flask
• Flask-WTF
• Flask-Limiter
• frankie-huang/pythonMySQL
• jQuery
• Swiper

Authors

• Yao Zhang
• Zhiyang Zeng

Download Flerken

Thus the article Flerken - Obfuscated Ascendency Detection Tool

That's all the article Flerken - Obfuscated Ascendency Detection Tool this time, hopefully can benefit you all. okay, see you in another article posting.

You are now reading the article Flerken - Obfuscated Ascendency Detection Tool with the link address https://mederc.blogspot.com/2019/09/flerken-obfuscated-ascendency-detection.html

Share this post