./security/floss [FireEye Labs Obfuscated String Solver]
[+] Add this package to your ports tracker

[ CVSweb ] [ Homepage ] [ RSS feed ]

Version: 1.6.1, Package name: floss-1.6.1
Maintained by: Remi Pointel
Master sites:
Description
The FireEye Labs Obfuscated String Solver (FLOSS) uses advanced static analysis
techniques to automatically deobfuscate strings from malware binaries. You can
use it just like strings.exe to enhance basic static analysis of unknown
binaries.
Rather than heavily protecting backdoors with hardcore packers, many malware
authors evade heuristic detections by obfuscating only key portions of an
executable. Often, these portions are strings and resources used to configure
domains, files, and other artifacts of an infection. These key features will not
show up as plaintext in output of the strings.exe utility that is commonly used
during basic static analysis.


Filesize: 106.72 KB
Version History (View Complete History)
  • (2020-07-31) Updated to version: floss-1.6.1
  • (2018-03-30) Package added to openports.se, version floss-1.5.0 (created)
[show/hide] View available PLISTS (Can be a lot of data)

CVS Commit History:

   2020-07-30 23:19:31 by Remi Pointel | Files touched by this commit (3)
Log message:
update floss to 1.6.1.
   2019-07-12 14:49:09 by Stuart Henderson | Files touched by this commit (854)
Log message:
replace simple PERMIT_PACKAGE_CDROM=Yes with PERMIT_PACKAGE=Yes
   2019-05-15 06:04:43 by Kurt Mosiejczuk | Files touched by this commit (167)
Log message:
Add RUN_DEPENDS to TEST_DEPENDS automatically for ports using the
lang/python port module. I've not yet come up with a port that
would not need this and one can always set MODPY_TESTDEP to "no"
to prevent the module from touching TEST_DEPENDS.
Idea from afresh1 who pointed out the cpan module already does this.
aja "I support this move."
OK sthen@