[remi.pointel@xiri.fr: Fwd: [NEW] security/floss]

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
1 message Options
Reply | Threaded
Open this post in threaded view
|

[remi.pointel@xiri.fr: Fwd: [NEW] security/floss]

Stuart Henderson
Forwarding because rpointel's mail didn't make it to the list for some
reason ...

Hi,

I just send you this mail to know if you correcly receive it.
I sent it 2 times to ports@, and I never receive it (and I don't see
them on public mirror mailing list).

Cheers,

Remi.

-------- Courriel original --------
Objet: [NEW] security/floss
Date: 10-03-2018 08:52
De: Remi Pointel <[hidden email]>
À: The OpenBSD ports mailing-list <[hidden email]>

Hi,

attached is the port of floss: FireEye Labs Obfuscated String Solver.

---------------------------------
$ pkg_info floss
Information for inst:floss-1.5.0

Comment:
FireEye Labs Obfuscated String Solver

Description:
The FireEye Labs Obfuscated String Solver (FLOSS) uses advanced static
analysis
techniques to automatically deobfuscate strings from malware binaries.
You can
use it just like strings.exe to enhance basic static analysis of unknown
binaries.
Rather than heavily protecting backdoors with hardcore packers, many
malware
authors evade heuristic detections by obfuscating only key portions of
an
executable. Often, these portions are strings and resources used to
configure
domains, files, and other artifacts of an infection. These key features
will not
show up as plaintext in output of the strings.exe utility that is
commonly used
during basic static analysis.

Maintainer: Remi Pointel <[hidden email]>

WWW: https://github.com/fireeye/flare-floss
---------------------------------

Ok?

Cheers,

Remi.

floss-1.5.0.tar.gz (2K) Download Attachment