Threat Level: green Handler on Duty: Brad Duncan

SANS ISC: InfoSec Handlers Diary Blog InfoSec Handlers Diary Blog


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

De-Obfuscation Submissions

Published: 2009-06-30
Last Updated: 2009-06-30 16:01:18 UTC
by Chris Carboni (Version: 3)
1 comment(s)

Here are a list of sites that readers have submitted as being particularly useful for de-obfuscation.

Although it should go without saying, I'll say it anyway ... these tools may or may not have been tested.  Use them at your own risk.

From Pat:

The DNSStuff site provides some free tools one of which allows you to de-obfuscate URLs. The tools are can be found at http://www.dnsstuff.com/tools/tools/.

 From Andrewj (and several others):

There are many tools, but these are two of the easiest to use:

wepawet: http://wepawet.iseclab.org/

malzilla: http://sourceforge.net/project/showfiles.php?group_id=203466

 From Kevin:

I generally use:
http://www.yellowpipe.com/yis/tools/encrypter/index.php
http://scriptasylum.com/tutorials/encdec/encode-decode.html

 Jeffery adds:

http://www.johngaughan.net/toys/urldecode.php
http://www.greymagic.com/security/tools/decoder/
http://ln.hixie.ch/?start=1073090889&count=1

Richard offers:

This is a site I found recently that has come in handy for me:
http://www.crypo.com/

 Danny writes:

One of my own sites offers a set of tools for three simple deobfuscation types: base64, URL-encoding, and HTML entities. Entry page at: http://spamwars.com/tools.html

  

Christopher Carboni - Handler On Duty

Keywords: DeObfuscation
1 comment(s)
Diary Archives