PowerShellArsenal – PowerShell For Reverse Engineering

Outsmart Malicious Hackers


PowerShellArsenal is basically PowerShell for reverse engineering in a module format. The module can be used to disassemble managed and unmanaged code, perform .NET malware analysis, analyse/scrape memory, parse file formats and memory structures, obtain internal system information, etc.

PowerShellArsenal - PowerShell For Reverse Engineering

PowerShellArsenal is comprised of the following tools:

Disassembly – Disassemble native and managed code.
MalwareAnalysis – Useful tools when performing malware analysis.
MemoryTools – Inspect and analyze process memory.
Parsers – Parse file formats and in-memory structures.
WindowsInternals – Obtain and analyze low-level Windows OS information.
Misc – Miscellaneous helper functions.
Lib – Libraries required by some of the RE functions.


Usage

To install this module, drop the entire PowerShellArsenal folder into one of your module directories. The default PowerShell module paths are listed in the $Env:PSModulePath environment variable.

To use the module, type:

To see the commands imported, type:

For help on each individual command, Get-Help is your friend.

You can download PowerShellArsenal here:

PowerShellArsenal-master.zip

Or read more here.


Posted in: Forensics, Programming

, , , , , , , , ,

Recent in Forensics:
- Androguard – Reverse Engineering & Malware Analysis For Android
- Volatility Framework – Advanced Memory Forensics Framework
- CuckooDroid – Automated Android Malware Analysis

Related Posts:

Most Read in Forensics:
- NetworkMiner – Passive Sniffer & Packet Analysis Tool for Windows - 66,683 views
- raw2vmdk – Mount Raw Hard Disk (dd) Images As VMDK Virtual Disks - 34,993 views
- OpenDLP – Free & Open-Source Data Loss Prevention (DLP) Tool - 32,298 views


No comments yet.

Leave a Reply