Awesome

所有收集类项目

Obfuscate

• 源码混淆和二进制混淆，包括多种语言和多个平台。250+工具和600+文章
• English Version

目录

• C/C++
  • advobfuscator -> (1)工具 (1)文章
  • (5) 工具
• dotNet
  • de4dot -> (2)工具 (2)文章
  • obfuscar -> (1)工具
  • confuserex -> (3)工具 (6)文章
  • (7) 工具
  • (10) 文章
• PowerShell
  • invoke-obfuscation -> (1)工具 (7)文章
  • (9) 工具
  • (33) 文章
• JavaScript
  • javascript-obfuscator -> (7)工具
  • baffle -> (1)工具
  • jstillery -> (1)工具
  • (16) 工具
  • (64) 文章
• LLVM
  • obfuscator -> (7)工具
  • armariris -> (1)工具 (1)文章
  • tigress -> (1)工具
  • (10) 工具
  • (18) 文章
• Shellcode -> (6)工具 (7)文章
• Bash
  • bashfuscator -> (1)工具 (1)文章
  • (2) 工具
  • (3) 文章
• PHP
  • php-obfuscator -> (1)工具
  • yakpro-po -> (1)工具
  • optimus -> (2)工具
  • (11) 工具
  • (9) 文章
• Go
  • gobfuscate -> (1)工具
  • (1) 工具
• Office
  • macro_pack -> (1)工具 (4)文章
  • maliciousmacrogenerator -> (1)工具
  • (2) 工具
  • (16) 文章
• Python
  • pyminifier -> (1)工具
  • pyarmor -> (1)工具
  • neopi -> (1)工具 (2)文章
  • intensio-obfuscator -> (1)工具 (1)文章
  • (15) 工具
  • (10) 文章
• Android
  • simplify -> (1)工具
  • (14) 工具
  • (36) 文章
• Apple
  • stcobfuscator -> (1)工具
  • (13) 工具
  • (11) 文章
• Java
  • nullproguard -> (1)工具
  • (12) 工具
  • (11) 文章
• CMD
  • invoke-dosfuscation -> (1)工具 (2)文章
  • (1) 文章
• 其他
  • flare-floss -> (1)工具 (1)文章
  • demovfuscator -> (1)工具
  • hexraysdeob -> (2)工具
  • callobfuscator -> (1)工具
• 恶意代码 -> (83)文章
• 新添加-混淆 -> (78)工具 (262)文章
• 新添加-反混淆 -> (33)工具 (43)文章

<a id="a2c94541e733dc4166fe521723fd7c6c"></a>C/C++

<a id="fd70575410bcb9be603da4ba98a90d25"></a>advobfuscator

<a id="f1f170331704c576aae1e098f0536207"></a>工具

• [551星][13d] [C++] andrivet/advobfuscator Obfuscation library based on C++11/14 and metaprogramming

<a id="be4c569839c5a792ee8064cf719559f3"></a>文章

• 2019.10 [vkremez] Let's Learn: Dissecting Lazarus Windows x86 Loader Involved in Crypto Trading App Distribution: "snowman" & ADVObfuscator

<a id="1b245f51ff55d7555771f6f7fc898d9b"></a>工具

• [303星][4y] [C++] kgretzky/obfusion bfusion - C++ X86 Code Obfuscation Library
• [182星][12d] [C++] fritzone/obfy A tiny C++ obfuscation framework
• [130星][2y] [C++] urshadow/stringobfuscator Compile-time string obfuscation (C++14)
• [126星][6m] [C++] adamyaxley/obfuscate Guaranteed compile-time string literal obfuscation header-only library for C++14
• [39星][3y] [Assembly] macmade/obfuscate C/C++ machine code obfuscation.

<a id="84c03c34128be291e0eb12ad0077d463"></a>dotNet

<a id="c71a6f960ce8f44b0c57a702d37bc62e"></a>de4dot

<a id="bba0578aff98faeaa63a64270eeefd70"></a>工具

• [4114星][12d] [C#] 0xd4d/de4dot .NET 反混淆和脱壳
• [256星][18d] [C#] brianhama/de4dot .NET deobfuscator and unpacker.

<a id="b8e2b8b6b8de8b1efeaa73615af96da9"></a>文章

• 2018.01 [MalwareAnalysisForHedgehogs] Malware Analysis - When De4dot fails, Removing Anti Tamper from NullShield
• 2018.01 [MalwareAnalysisForHedgehogs] Malware Analysis - Deobfuscating .NET Assemblies with De4Dot

<a id="ea08f203ed7f87206ebad95ca3839c9a"></a>obfuscar

<a id="edf4e9a6332261c63567b43fb268170b"></a>工具

• [811星][12d] [C#] obfuscar/obfuscar Open source obfuscation tool for .NET assemblies

<a id="cc94a1b81d3a80ae7b14dc89bc0099a1"></a>confuserex

<a id="99d1eb9438dc7041f9f3c8c295e8697c"></a>工具

• [312星][13d] [C#] xenocoderce/neo-confuserex Updated ConfuserEX, an open-source, free obfuscator for .NET applications
• [207星][4m] [C#] bedthegod/confuserex-mod-by-bed Beds Protector | Best free obfuscation out right now
• [196星][4y] [C#] codeshark-dev/nofuserex Free deobfuscator for ConfuserEx.

<a id="872cfe60ef217b4f256f1a8cae75b76c"></a>文章

• 2019.08 [markmotig] I am loving ConfuserEx/Neo-ConfuserEx for C# obfuscation
• 2019.08 [markmotig] Neo-ConfuserEX the successor of ConfuserEX for obfuscation
• 2019.08 [markmotig] Quick Introduction to ConfuserEX
• 2017.12 [360] Recam终极版：如何一步步脱掉ConfuserEx保护壳（下）
• 2017.12 [360] Recam终极版：如何一步步脱掉ConfuserEx保护壳（上）
• 2017.12 [talosintelligence] 脱自定义 ConfuserEx 壳, 分析其 Payload

<a id="ddbbfd6185056c550c66b7ebb96ff1e3"></a>工具

• [131星][2y] [C#] xenocoderce/noisette-obfuscator An Obfuscator for .NET assembly
• [73星][16d] [C#] holly-hacker/dnspy.extension.holly A dnSpy extension to aid reversing of obfuscated assemblies
• [47星][5m] rustemsoft/skater-.net-obfuscator 一个用于.net代码保护的混淆工具
• [37星][2y] [C#] codeofdark/panda-obfuscator PandaObfuscator an simple Obfuscator, free, OpenSource for .Net Applications
• [24星][4y] [C#] tum-i22/vot4cs C#虚拟化混淆工具
• [19星][4m] [C#] dentrax/z00bfuscator Z00bfuscator is the simple, open-source, cross-platform obfuscator for .NET Assemblies built on .NET Core
• [None星]notprab/.net-deobfuscator Lists of .NET Deobfuscator and Unpacker (Open Source)

<a id="61b574ca3dfbaad3735d0439ee178369"></a>文章

• 2016.12 [securityblog] Open source .NET deobfuscator and unpacker
• 2013.11 [digitaloperatives] Programmatic String Deobfuscation in .NET Malware
• 2013.11 [digitaloperatives] Programmatic String Deobfuscation in .NET Malware
• 2013.10 [forcepoint] PHP.net compromised, serving up obfuscated content
• 2013.04 [pediy] [翻译].NET混淆器Dotfuscator的五大看点
• 2013.03 [pediy] [原创].Net 下的混淆器作用原理
• 2010.09 [pediy] [原创]DotNet混淆后程序的破解
• 2006.12 [pediy] 从reflector实现看.net的混淆与反混淆技术[原创]
• 2006.11 [pediy] [原创]数据结构在.net反流程混淆中的应用[看雪学院2006金秋读书季]
• 2004.10 [sans] Microsoft ASP.NET vulnerability, URL obfuscation, more MD5

<a id="30080561801b17f95ec33f3e9c55d207"></a>PowerShell

<a id="cdbcb10be06d54ebf90abd82ff0c09a2"></a>invoke-obfuscation

<a id="2da46403d168dd32c2e334a944ceab58"></a>工具

• [1450星][1y] [PS] danielbohannon/invoke-obfuscation PowerShell Obfuscator

<a id="0d49b3282f2af5712568ec4c3eb5267b"></a>文章

• 2018.08 [cqureacademy] Going Undercover With Invoke-Obfuscation
• 2017.12 [danielbohannon] The Invoke-Obfuscation Usage Guide :: Part 2
• 2017.12 [danielbohannon] Invoke-Obfuscation 使用指南(Part 1)
• 2017.11 [pcsxcetrasupport3] De-obfuscating a PowerShell Script Obfuscated by Invoke-Obfuscation
• 2017.01 [trustedsec] TrustedSec Security Podcast Ep: 2.5 – Mirai, Rudy Cyber head, ransomware, Invoke-Obfuscation and more!
• 2016.10 [danielbohannon] Invoke-Obfuscation v1.1 (coming Sunday, Oct 9)
• 2016.09 [danielbohannon] Invoke-Obfuscation :: Public Release

<a id="c3c5478b6d8cedce40ff35a282323b28"></a>工具

• [505星][2y] [PS] danielbohannon/invoke-cradlecrafter PowerShell Remote Download Cradle Generator & Obfuscator
• [451星][2y] [PS] danielbohannon/revoke-obfuscation PowerShell Obfuscation Detection Framework
• [204星][5m] [PS] r3mrum/psdecode PowerShell script for deobfuscating encoded PowerShell scripts
• [143星][4m] [Py] cbhue/pyfuscation Obfuscate powershell scripts by replacing Function names, Variables and Parameters.
• [89星][3y] [PS] danielbohannon/out-fincodedcommand POC Highlighting Obfuscation Techniques used by FIN threat actors based on cmd.exe's replace functionality and cmd.exe/powershell.exe's stdin command invocation capabilities
• [42星][11d] [Py] cwolff411/powerob An on-the-fly Powershell script obfuscator meant for red team engagements. Built out of necessity.
• [13星][6m] [PS] gh0x0st/invoke-psobfuscation A Red and Blue team introduction into PowerShell obfuscation
• [3星][1y] [Py] 3nc0d/powershell-obfuscator Powerful script for logical obfuscation of powershell scripts
• [1星][11m] [Py] secureyourself7/powershell_code_basic_obfuscation Simple PowerShell Script Code Obfuscator written in Python

<a id="8ff1250f3de2e32e3091204bccb98cb9"></a>文章

• 2019.11 [freebuf] 分析银行木马的恶意快捷方式及混淆的Powershell
• 2019.11 [4hou] Unit42发布powershell自动反混淆工具
• 2019.10 [HackersOnBoard] Black Hat USA 2017 Revoke Obfuscation PowerShell Obfuscation Detection And Evasion Using Science
• 2019.07 [PowerShellConferenceEU] Daniel Bohannon - PesterSec: Using Pester & ScriptAnalyzer to Detect Obfuscated PowerShell
• 2019.06 [beny] Weaponization: Howto Fully Undetectable Empire Powershell MS macro (VBA obfuscation & Stomping)
• 2019.04 [arxiv] [1904.10270] PowerDrive: Accurate De-Obfuscation and Analysis of PowerShell Malware
• 2019.03 [xednaps] WannaMine dropper – Powershell Obfuscation
• 2019.02 [4hou] Powershell混淆——使用安全字符串
• 2019.01 [sans] "Invoke Obfuscation: PowerShell obFUsk8tion Techniques & How To (Try To) D""e'Tec'T 'Th'+'em' "
• 2018.12 [4hou] 尝试根据字符频度检测Powershell混淆
• 2018.11 [yoroi] Dissecting the Mindscrew-Powershell Obfuscation
• 2018.11 [pediy] [翻译]Powershell 代码反混淆技术研究
• 2018.10 [aliyun] 反混淆powershell
• 2018.10 [endgame] Deobfuscating PowerShell: Putting the Toothpaste Back in the Tube
• 2018.08 [aliyun] 反混淆Emotet powershell payload
• 2018.08 [360] 解混淆Emotet powershell payload
• 2018.06 [PowerShellConferenceEU] Revoke-Obfuscation: PowerShell Obfuscation Detection (And Evasion) Using Science - Daniel Bohannon
• 2018.02 [dissectmalware] Obfuscated PowerShell Script 2 – Emotet
• 2017.12 [4hou] PSAmsi：四两拨千斤实现PowerShell代码混淆隐藏
• 2017.12 [4hou] 基于AST抽象语法树的PowerShell代码混淆技术
• 2017.11 [360] 基于抽象语法树的PowerShell混淆技术
• 2017.11 [cobbr] AbstractSyntaxTree-Based PowerShell Obfuscation
• 2017.09 [jaapbrasser] Decipher obfuscated URLs with PowerShell
• 2017.09 [softscheck] Deobfuscating VBA & PowerShell Scripts of an Emotet Trojan Downloader
• 2017.08 [360] 根据powershell语言的特性来混淆代码的方法与原理
• 2017.08 [n0where] PowerShell Obfuscation Detection Framework: Revoke-Obfuscation
• 2017.07 [fireeye] Revoke-Obfuscation: PowerShell Obfuscation Detection Using Science
• 2017.06 [] 无文件应用程序白名单绕过以及 Powershell 混淆
• 2017.06 [mikefrobbins] Simple Obfuscation with PowerShell using Base64 Encoding
• 2017.06 [freebuf] Powershell编码与混淆
• 2017.04 [cobbr] Trying to Detect PowerShell Obfuscation Through Character Frequency
• 2017.03 [danielbohannon] PowerShell执行参数混淆
• 2017.03 [cobbr] ObfuscatedEmpire - Use an obfuscated, in-memory PowerShell C2 channel to evade AV signatures

<a id="577bc949bc0fe3b90ecb3a9c0b1c1ed5"></a>JavaScript

<a id="ae1e799313605fde936a5df7fc840791"></a>javascript-obfuscator

<a id="aaf0bc80064e2b45b47ea105845170eb"></a>工具

• [4393星][12d] [TS] javascript-obfuscator/javascript-obfuscator 一个强大的JavaScript和Node.js模糊器，包含为源代码提供保护的各种特性
• [355星][9d] [TS] javascript-obfuscator/webpack-obfuscator javascript-obfuscator plugin for Webpack
• [107星][4m] [JS] javascript-obfuscator/javascript-obfuscator-ui A web UI to the JavaScript Obfuscator node.js package.
• [70星][1m] [JS] javascript-obfuscator/gulp-javascript-obfuscator Gulp plugin for javascript-obfuscator package.
• [40星][12d] [JS] javascript-obfuscator/obfuscator-loader A webpack loader for obfuscating single modules using javascript-obfuscator
• [33星][8m] [JS] tomasz-oponowicz/grunt-javascript-obfuscator Obfuscates JavaScript files using amazing javascript-obfuscator.
• [16星][4m] [JS] javascript-obfuscator/grunt-contrib-obfuscator Grunt plugin for the javascript-obfuscator package.

<a id="1c0dcabc5b79a2d8f4899a8e9ca2f36b"></a>baffle

<a id="d15b1412b27cdc2c1e8500ea4f1c4349"></a>工具

• [1665星][3y] [JS] camwiegert/baffle 一个用于混淆和显示DOM元素中的文本的小型javascript库。

<a id="cd762c212e2232c1fd546ee849389e4c"></a>jstillery

<a id="349caa785e37967df92949298672c895"></a>工具

• [530星][1y] [JS] mindedsecurity/jstillery Advanced JavaScript Deobfuscation via Partial Evaluation

<a id="2d5d6380eecf903466ebcaf5c05f19b8"></a>工具

• [314星][10m] [JS] hynekpetrak/malware-jail 半自动Javascript恶意软件分析的沙箱，去混淆和Payload提取
• [269星][12d] [JS] lelinhtinh/de4js JavaScript Deobfuscator and Unpacker
• [207星][30d] [JS] chichou/etacsufbo 基于 AST 变换的简易 Javascript 反混淆辅助工具
• [85星][29d] [JS] rapid7/jsobfu Obfuscate JavaScript (beyond repair) with Ruby
• [83星][4m] [JS] zswang/jfogs JavaScript Obfuscator
• [79星][5m] [HTML] szimeus/evalyzer Using WinDBG to tap into JavaScript and help with deobfuscation and browser exploit detection
• [73星][17d] [TS] geeksonsecurity/illuminatejs IlluminateJs is a static JavaScript deobfuscator
• [40星][14d] [JS] anseki/gnirts Obfuscate string literals in JavaScript code.
• [35星][7m] [PHP] propaganistas/email-obfuscator A text filter for automatic email obfuscation using the well-established Javascript and a CSS fallback:
• [26星][1y] [JS] alexhorn/defendjs A free and open source JavaScript and Node.js obfuscator.
• [26星][4m] [Py] aurore54f/jast Syntactic detection of malicious (obfuscated) JavaScript files
• [23星][1y] [JS] veggiedefender/marveloptics_malware Deobfuscated + reverse engineered javascript malware
• [10星][7y] [Py] lucianogiuseppe/js-auto-deobfuscator JSADO automatically deobfuscates javascript scripts which use eval or some other function
• [2星][8m] [Haskell] prate658/hajas JavaScript deobfuscator
• [2星][3m] [JS] filipemgs/poisonjs PoisonJS - De-obfuscate eval-based JavaScript obfuscation with monkey-patched eval(-like) functions.
• [1星][2y] [JS] enzou/javascript2img_decoder Decoder for JavaScript code which was obfuscated by JavaScript2img

<a id="7b882dac0338cd3b78b1d2863dd61f4b"></a>文章

• 2019.09 [antoinevastel] Benchmarking our JavaScript obfuscator
• 2019.09 [antoinevastel] Improving our homemade JavaScript obfuscator
• 2019.09 [antoinevastel] A simple homemade JavaScript obfuscator
• 2019.09 [bromium] Deobfuscating Ostap: TrickBot’s 34,000 Line JavaScript Downloader
• 2019.08 [SecurityWeekly] Deobfuscating JavaScript to Investigate Phishing Domains - PSW #617
• 2019.04 [freebuf] 如何使用JavaScript混淆来躲避AV
• 2019.04 [netsparker] Announcing the Deobfuscating JavaScript White Paper
• 2019.03 [360] 恶意代码使用JavaScript混淆规避反病毒程序
• 2019.03 [yoroi] Evading AV with JavaScript Obfuscation
• 2019.01 [fuzzysecurity] Angler EK JavaScript Deobfuscation: The Emperor Has No Clothes
• 2018.10 [sucuri] Obfuscated JavaScript Cryptominer
• 2018.04 [pediy] [翻译]通过Javascript中的CFI实现混淆阻止解密分析
• 2017.07 [freebuf] 从javascript脚本混淆说起
• 2017.06 [vkremez] "Amazon Order Cancelled": Weight Loss Spam Campaign via Obfuscated JavaScript
• 2017.05 [netskope] Obfuscated Javascript Malware using Cloud Services
• 2017.05 [intrinsec] Malware : désobfuscation d’un Javascript encodé
• 2017.04 [ColinHardy] Emotet JavaScript dropper deobfuscation and analysis
• 2017.03 [sans] Nicely Obfuscated JavaScript Sample
• 2017.02 [metabrik] Deobfuscate JavaScript from the command line made easy
• 2017.01 [CodeColoristX] 一例简易静态 Javascript 反混淆
• 2016.11 [netskope] Manually Deobfuscating Strings Obfuscated in Malicious JavaScript Code
• 2016.08 [sans] Spam with Obfuscated Javascript
• 2016.07 [doyler] JavaScript Deobfuscation (ABCTF2016 – JS Pls)
• 2016.06 [] Automatically deobfuscate eval packed javascript with node.js
• 2016.06 [mcafee] Locky Ransomware Hides Under Multiple Obfuscated Layers of JavaScript
• 2016.06 [mcafee] Locky Ransomware Hides Under Multiple Obfuscated Layers of JavaScript
• 2016.05 [jeffsoh] Excellent Manual Javascript Deobfuscation Walk through
• 2016.05 [theevilbit] JavaScript deobfuscation: criminal case against you.wsf
• 2016.03 [freebuf] 技术分享：几种常见的JavaScript混淆和反混淆工具分析实战
• 2016.02 [jeffsoh] JavaScript Deobfuscation Update
• 2016.02 [sans] Locky: JavaScript Deobfuscation
• 2016.02 [sans] More Malicious JavaScript Obfuscation
• 2016.01 [sans] JavaScript Deobfuscation Tool
• 2016.01 [360] Javascript Deobfuscator：JavaScript反混淆工具更新
• 2015.12 [] estools 辅助反混淆 Javascript
• 2015.09 [trustwave] Lessons in Spam JavaScript Obfuscation Layers
• 2015.08 [knownsec] 使用 estools 辅助反混淆 Javascript
• 2013.09 [pwndizzle] How not to Obfuscate your Javascript
• 2013.02 [jeffsoh] JavaScript Deobfuscation
• 2012.10 [defensecode] Diving into recent 0day Javascript obfuscations
• 2012.09 [techyzilla] Better Javascript Obfuscating Method To Protect Your Code
• 2012.07 [jeffsoh] JavaScript unescape obfuscated code
• 2012.06 [sans] Using JSDetox to Analyze and Deobfuscate Javascript
• 2012.04 [hiddenillusion] Deobfuscating JavaScript with Malzilla
• 2012.04 [sans] Blacole's obfuscated JavaScript
• 2012.03 [sans] Phishing with obfuscated javascript, shellcode and malware
• 2012.01 [sans] The tale of obfuscated JavaScript continues
• 2011.12 [sans] V8 as an Alternative to SpiderMonkey for JavaScript Deobfuscation
• 2011.07 [rapid7] Javascript Obfuscation in Metasploit
• 2011.03 [talosintelligence] Attack Obfuscation - Not Just For JavaScript
• 2010.12 [talosintelligence] Detecting Obfuscated Malicious JavaScript with Snort and Razorback
• 2010.09 [kkotowicz] Creating, obfuscating and analyzing malware JavaScript
• 2010.06 [trustedsec] Anti-Virus Evasion through JavaScript Obfuscation
• 2010.04 [forcepoint] Multi-layer Obfuscated JavaScript Using Twitter API
• 2010.04 [sans] JavaScript obfuscation in PDF: Sky is the limit
• 2009.05 [talosintelligence] Gumblar and More On Javascript Obfuscation
• 2009.04 [sans] Advanced JavaScript obfuscation (or why signature scanning is a failure)
• 2009.02 [talosintelligence] Detecting Silly Javascript Obfuscation Techniques
• 2008.07 [sans] Obfuscated JavaScript Redux
• 2008.04 [sans] Advanced obfuscated JavaScript analysis
• 2008.04 [sans] Mixed (VBScript and JavaScript) obfuscation
• 2007.10 [sans] Deobfuscating javascript
• 2007.08 [sans] Raising the bar: dynamic JavaScript obfuscation
• 2006.07 [sans] Browser does matter, not only for vulnerabilities - a story on JavaScript deobfuscation

<a id="d4d25fcc4b3c99e23d0057b7b16b9c31"></a>LLVM

<a id="85d98a2a3d190ff4a881fb9fee756981"></a>obfuscator

<a id="d7e2adf8a51047f3d3cfa9ba79917cd5"></a>工具

• [2113星][12d] obfuscator-llvm/obfuscator Obfuscator-LLVM
• [1182星][4m] hikariobfuscator/hikari LLVM Obfuscator
• [249星][12d] [Py] rpisec/llvm-deobfuscator Performs the inverse operation of the control flow flattening pass performed by LLVM-Obfuscator
• [71星][12d] [C++] qtfreet00/llvm-obfuscator ollvm based on llvm 5.0 release
• [39星][6m] [Shell] lawliet89/llvm-obfuscator LLVM Obfuscator
• [32星][4m] [C++] exorxw/kylin-llvm-obfuscator based on llvm 5.0.1 release with ollvm
• [28星][19d] [C++] tsarpaul/llvm-string-obfuscator LLVM String Obfuscator

<a id="245340b4b00837dba6574ffb7b30fbbd"></a>armariris

<a id="b2c0d5760dc0d1049ea3c9f19b8e421c"></a>工具

• [691星][12m] [C++] gossip-sjtu/armariris 由上海交通大学密码与计算机安全实验室维护的LLVM混淆框架

<a id="76c686c5eff38ffc4ac7cdc7de5a3e53"></a>文章

• 2019.06 [360] 使用unicorn engin还原Armariris字符串混淆

<a id="6b9473302b708b7d1d113da799f07caa"></a>tigress

<a id="7bef6a80765d31fd23f41c83b88fdfbe"></a>工具

• [475星][7m] [LLVM] jonathansalwan/tigress_protection Playing with the Tigress binary protection. Break some of its protections and solve some of its challenges. Automatic deobfuscation using symbolic execution, taint analysis and LLVM.

<a id="9769f77c9be1d1a84c70892ed86a1b69"></a>工具

• [199星][4y] [Py] f8left/decllvm IDA plugin for OLLVM analysis
• [178星][11d] [Py] amimo/ollvm-breaker 使用Binary Ninja去除ollvm流程平坦混淆
• [158星][6y] [C] fuzion24/androidobfuscation-ndk Example of obfuscating an Android NDK project using O-LLVM
• [101星][12d] amimo/goron Yet another llvm based obfuscator
• [52星][4m] [Py] sfwishes/ollvm_de_fla deobfuscation ollvm's fla
• [29星][15d] [C++] allocandinit/ollvm5.0.1 obfuscator 基于 llvm 5.0.1 版本
• [16星][1m] [Py] get1t/deollvm64 deobfuscator llvm arm64 script
• [14星][15d] [Shell] nickdiego/docker-ollvm Easily build and package Obfuscator-LLVM into Android NDK.
• [10星][2m] [Py] get1t/deollvm deollvm arm64 based unicorn
• [None星][Py] maiyao1988/deobf An arm32 ollvm like deofuscator,aim to remove obfuscation made by ollvm like compiler

<a id="f6d3af2c0d95023e3bb1136dc15f1760"></a>文章

• 2019.11 [aliyun] 使用IDA microcode去除ollvm混淆(下)
• 2019.11 [zimperium] SATURN Software deobfuscation framework based on LLVM
• 2019.11 [aliyun] 使用IDA microcode去除ollvm混淆(上)
• 2019.09 [quarkslab] Obfuscating Java bytecode with LLVM and Epona
• 2019.08 [mediacccde] LO! An LLVM Obfuscator - deutsche Übersetzung
• 2019.08 [mediacccde] LO! An LLVM Obfuscator
• 2019.08 [BornHack] BornHack 2019 - Klondike - LO! An LLVM Obfuscator
• 2019.05 [SecurityFest] Calle Svensson - Software Obfuscation with LLVM - SecurityFest 2019
• 2019.01 [pediy] [原创]ollvm字符混淆修复
• 2018.10 [pediy] [原创] obfuscator-llvm-3.6.1 的 VS2017 win32 修正编译
• 2018.04 [pediy] [原创]ollvm快速学习
• 2018.02 [pediy] [翻译]LLVM代码混淆分析及逻辑还原
• 2017.07 [360] 为OLLVM添加字符串混淆功能
• 2017.05 [pediy] [原创]ollvm的混淆反混淆和定制修改
• 2017.03 [freebuf] 反混淆：恢复被OLLVM保护的程序
• 2016.07 [pediy] 基于LLVM IR的源代码混淆的实现
• 2015.05 [yurichev] 16-May-2015: Tweaking LLVM Obfuscator + quick look into some of LLVM internals.
• 2014.12 [quarkslab] Deobfuscation: recovering an OLLVM-protected program

<a id="0328c02993be94615d01d76523e36181"></a>Shellcode

<a id="b5e505df69ad535815bc8de542a3de1d"></a>工具

• [506星][21d] [Py] zdresearch/owasp-zsc Shellcode/混淆代码生成器
• [195星][2y] [Py] mr-un1k0d3r/unibyav a simple obfuscator that take raw shellcode and generate executable that are Anti-Virus friendly.
• [148星][4y] [Py] kgretzky/python-x86-obfuscator This is a WIP tool that performs shellcode obfuscation in x86 instruction set.
• [45星][20d] [Py] eteissonniere/elidecode The tool to decode obfuscated shellcodes using the unicorn and capstone engine
• [44星][4m] [Py] offsecginger/pythonaesobfuscate Obfuscates a Python Script and the accompanying Shellcode.
• [13星][4m] [C++] hoodoer/enneos Evolutionary Neural Network Encoder of Shenanigans. Obfuscating shellcode with an encoder that uses genetic algorithms to evolve neural networks to contain and output the shellcode on demand.

<a id="51bac3d27fdaecd233193017ce3d4d63"></a>文章

• 2020.04 [morphisec] Lokibot with AutoIt Obfuscator + Frenchy Shellcode
• 2017.08 [zerosum0x0] 在线版 混淆字符串/Shellcode 生成器
• 2017.02 [csyssec] X86 Shellcode代码混淆(一)
• 2016.06 [breakdev] X86 Shellcode Obfuscation - Part 3
• 2016.05 [breakdev] X86 Shellcode Obfuscation - Part 2
• 2016.05 [breakdev] X86 Shellcode Obfuscation - Part 1
• 2014.03 [zairon] Obfuscated shellcode inside a malicious RTF document

<a id="c8158811d160a448a6e6a6882f0264de"></a>Bash

<a id="f389d3f7f415b93580a50575af01fc6e"></a>bashfuscator

<a id="206537811e24bd1f3cd8b6500a27fb6b"></a>工具

• [495星][8m] [Py] bashfuscator/bashfuscator 一个完全可配置和可扩展的Bash混淆框架。

<a id="7ee0b9cda87c045044c9dfa652d0ffb6"></a>文章

• 2018.12 [0x00sec] Yes, Bash Can Get Uglier: Introducing Bashfuscator, A Bash Obfuscation Framework

<a id="3e62e2c37b74248c36b27d9c4aec23b7"></a>工具

• [80星][9m] [PHP] rizer0/blind-bash Obfuscate your Bash Code
• [19星][2m] [JS] willshiao/node-bash-obfuscate A Node.js CLI tool and library to heavily obfuscate bash scripts.

<a id="cb790718e94e549a264a6fa6b5c4bfa6"></a>文章

• 2018.11 [ironcastle] Obfuscated bash script targeting QNap boxes, (Mon, Nov 26th)
• 2018.11 [sans] Obfuscated bash script targeting QNap boxes
• 2014.10 [f5] Shellshock: Malicious Bash, Obfuscated perlb0t, Echo Probes, and More

<a id="f9bf00d928effb18d2a237b5b2e3d5be"></a>PHP

<a id="c53e3f5adb0a0312666a2b0a75afc0a7"></a>php-obfuscator

<a id="7b9b1b71da2ba028093266e3a5e13f1d"></a>工具

• [417星][4m] [PHP] naneau/php-obfuscator A parsing PHP obfuscator

<a id="bd9e590d98dbbad1ba3e1578fb60ac17"></a>yakpro-po

<a id="74c2beb1b94aa72829a9eef190c0448b"></a>工具

• [551星][9d] [PHP] pk-fr/yakpro-po YAK Pro - Php Obfuscator

<a id="531f45736bfe4f930def4c40029af8d8"></a>optimus

<a id="5fa6b1a17d15dacdd357631f392762de"></a>工具

• [1001星][12d] [PHP] jenssegers/optimus 根据Knuth的整数散列将内部id转换为模糊整数。它类似于hashid，但将生成整数而不是随机字符串。它也非常快
• [100星][4m] [PHP] cybercog/laravel-optimus Transform your internal id's to obfuscated integers based on Knuth's integer hash. Laravel wrapper for the Optimus Library by Jens Segers with multiple connections support.

<a id="3b5533d8ba7e27c1cae2993919aca8a2"></a>工具

• [96星][4m] [PHP] ph-7/obfuscator-class Simple and effective Obfuscator PHP class (this is not a stupid base64 encoding script, but a real and effective obfuscation script)
• [72星][18d] [PHP] bediger4000/php-malware-analysis Deobfuscation and analysis of PHP malware captured by a WordPress honey pot
• [70星][3y] [Py] antelox/fopo-php-deobfuscator A simple script to deobfuscate PHP file obfuscated with FOPO Obfuscator -
• [49星][5m] [PHP] bediger4000/reverse-php-malware De-obfuscate and reverse engineer PHP malware
• [25星][1m] [Py] zigzag2050/mzphp2-deobfuscator A de-obfuscate tool for code generated by mzphp2. 用于解混淆mzphp2加密的php文件的工具。
• [22星][5m] coldev/coldevprolayer Protect your PHP code with obfuscation and encryption
• [18星][3m] [PHP] darsyn/obfuscator Obfuscate PHP source files with basic XOR encryption in userland code at runtime.
• [12星][1m] [PHP] ammarfaizi2/php-integral-obfuscator PHP Integral Obfuscator
• [10星][4y] [PHP] k0u5uk3/obfuscated-php-webshell-detector obfuscated-php-webshell-detector - Detect PHP Webshell in obfusucation
• [10星][12m] [PHP] th1k404/unishell A piece of php webshell which are using khmer unicode and yak obfuscator to be undetectable and silently.
• [9星][1m] [PHP] simon816/phpdeobfuscator Advanced PHP deobfuscator

<a id="b340e8a1c2de74fb198271d3a14e962f"></a>文章

• 2020.03 [aliyun] 开发简单的PHP混淆器与解混淆器
• 2019.08 [0x00sec] Reverse Obfuscated PHP Code
• 2019.05 [detectify] How-to Tutorial: PHP Webshell De-Obfuscation
• 2014.07 [coder] PHP script deobfuscation for dummies
• 2012.05 [freebuf] php的代码混淆工具-carbylamine
• 2012.01 [coder] PHP script deobfuscation for dummies
• 2010.11 [e] php code obfuscator
• 2010.04 [coder] PHP Obfuscator by dx
• 2009.06 [gamelinux] Obfuscating php code with base64

<a id="3ef488c941a5684f3336975b7df1d9b7"></a>Go

<a id="3ba2cf7fe57eaa3a81129e99e70fd77b"></a>gobfuscate

<a id="09d794248c8032a5baf2e26147bf78cf"></a>工具

• [404星][11d] [Go] unixpickle/gobfuscate Obfuscate Go binaries and packages

<a id="33c1998f141ab7b059ee273fec12f0f7"></a>工具

• [201星][13d] [Go] mvdan/garble Obfuscate Go builds

<a id="2c434d33f0dc3e0b8291a1173d4c863a"></a>Office

<a id="a675e8b1cf8bafb2abf40ffe1cda6130"></a>macro_pack

<a id="6695a309cb7dd5c8819776479c0a729f"></a>工具

• [817星][15d] [Py] sevagas/macro_pack 自动生成并混淆MS 文档, 用于渗透测试、演示、社会工程评估等

<a id="e132b5a30c0eaf8dad0103b5e17dbb54"></a>文章

• 2019.09 [freebuf] Macro_Pack中的宏代码混淆方法分析
• 2019.08 [4hou] Macro_Pack中的宏代码混淆方法分析
• 2018.05 [freebuf] Macro_Pack：一款用于自动化混淆和生成Office文档等文件格式的工具
• 2017.12 [n0where] Automatize Obfuscation and Generation of MS Office Documents: macro_pack

<a id="393c2d829a1a1edfb7c804373b8b27d6"></a>maliciousmacrogenerator

<a id="f9882cc1b17c8003597d7ea53306f505"></a>工具

• [524星][1y] [Visual Basic .NET] mr-un1k0d3r/maliciousmacrogenerator 生成混淆的宏，可进行AV /沙箱逃逸

<a id="57f22eded50566be7e5f37c260f42c58"></a>工具

• [355星][3y] [Py] pepitoh/vbad VBA Obfuscation Tools combined with an MS office document generator
• [29星][8d] [Py] bonnetn/vba-obfuscator 2018 School project - PoC of malware code obfuscation in Word macros

<a id="e03c9dba02b3d4e48678bc865877f3c1"></a>文章

• 2020.02 [rootshell] [SANS ISC] Simple but Efficient VBScript Obfuscation
• 2020.01 [freebuf] Office控件钓鱼：混淆拼接篇
• 2019.09 [dylankatz] Deobfuscating And Analyzing A Vbs Dropper
• 2018.11 [ironcastle] ViperMonkey: VBA maldoc deobfuscation, (Mon, Nov 26th)
• 2018.08 [cofense] Recent Geodo Malware Campaigns Feature Heavily Obfuscated Macros
• 2018.08 [ColinHardy] Analysing Obfuscated VBA - Extracting indicators from a Trickbot downloader
• 2017.12 [sans] Microsoft Office VBA Macro Obfuscation via Metadata
• 2017.07 [sans] A VBScript with Obfuscated Base64 Data
• 2017.05 [malwaretracker] 恶意 Office 文档使用基于EPS 的混淆技术，躲避检测
• 2016.10 [cysinfo] Cyber Security with Amit Malik – Episode 2 – Macro Code De-obfuscation using Vbscript Debugger
• 2016.04 [mcafee] Macro Malware Employs Advanced Obfuscation to Avoid Detection
• 2016.04 [mcafee] Macro Malware Employs Advanced Obfuscation to Avoid Detection
• 2016.02 [malwarebytes] De-obfuscating malicious Vbscripts
• 2014.08 [securelist] Obfuscated malicious office documents adopted by cybercriminals around the world
• 2013.09 [pwndizzle] How not to Obfuscate your VBScript
• 2007.09 [sans] Deobfuscating VBScript

<a id="c8be8cbc9e92418ec4eb91a15608969f"></a>Python

<a id="96c7873e76e7825abcea18eeafdc2afa"></a>pyminifier

<a id="6037ed842fe61659d01d8d32a1a9170b"></a>工具

• [912星][4m] [Py] liftoff/pyminifier Pyminifier is a Python code minifier, obfuscator, and compressor.

<a id="bab1b5a63fc4e3e2379fad4f45653ef4"></a>pyarmor

<a id="153179ac6f717a249d21dbba08571bba"></a>工具

• [449星][4m] [Py] dashingsoft/pyarmor A tool used to obfuscate python scripts, bind obfuscated scripts to fixed machine or expire obfuscated scripts.

<a id="710ad15004534cfe5f939655e055b3df"></a>neopi

<a id="fe2b5593a8909ffd901de8cb9861a149"></a>工具

• [348星][6y] [Py] neohapsis/neopi a Python script that uses a variety of statistical methods to detect obfuscated and encrypted content within text/script files

<a id="4a4963766e96524479d6da2fafc75602"></a>文章

• 2020.04 [oshpark] Neopixel Rotary Encoder
• 2017.05 [particle] Heads up – WS2812B NeoPixels are about to change!

<a id="00354d933f4c483d011b1a891e4765c6"></a>intensio-obfuscator

<a id="4db25e79c2c40899d30dbf80d1731c40"></a>工具

• [302星][4m] [Py] hnfull/intensio-obfuscator Obfuscate a python code 2.x and 3.x

<a id="22a022e9e7d4d4e2f1cee842b1ae8586"></a>文章

• 2019.06 [freebuf] Intensio-Obfuscator：一款专业Python代码混淆处理工具

<a id="b2d59d57c43592a88b115dfb8cc41eb4"></a>工具

• [340星][12d] [Py] astrand/pyobfuscate Python源码混淆: 使得Python源代码对于人类来说难以阅读，而对于Python解释器来说仍然是可执行的
• [123星][9d] [Py] felamos/weirdhta A python tool to create obfuscated HTA script.
• [82星][2m] [Java] enovella/jebscripts A set of JEB Python/Java scripts for reverse engineering Android obfuscated code
• [75星][7m] [Py] anvilventures/lookinsidethebox Breaks the encryption and obfuscation layers that Dropbox applies to their modified Python interpreter.
• [74星][4m] [Py] pyobfx/pyobfx Python Obfuscator & Packer
• [72星][22d] [Py] chris-rands/emojify Obfuscate your python script by converting it to emoji icons
• [68星][1m] [Py] plantdaddy/fuzzap A python script for obfuscating wireless networks
• [50星][1m] [Py] bwall/markovobfuscate Python library and tools to obfuscate data based on Markov models built off shared data
• [48星][3m] [YARA] decalage2/balbuzard Balbuzard is a package of malware analysis tools in python to extract patterns of interest from suspicious files (IP addresses, domain names, known file headers, interesting strings, etc). It can also crack malware obfuscation such as XOR, ROL, etc by bruteforcing and checking for those patterns.
• [42星][23d] [Py] extremecoders-re/bytecode_simplifier A generic deobfuscator for PjOrion obfuscated python scripts
• [39星][3y] [Py] extremecoders-re/pjorion-deobfuscator A deobfuscator for PjOrion, python cfg generator and more
• [38星][1m] [Py] lasq88/deobfuscate Python script to automatically deobfuscate malware code
• [31星][4m] [Py] alberties/ghostfuscator The Python Password-Protected Obfuscator
• [9星][4m] [PHP] chrissy-morgan/php-webshell-deobfuscator A Tool written in Python to help de-obfuscate the $GLOBALS type malware.
• [8星][7m] [Py] thngkaiyuan/mynaim Nymaim 家族样本反混淆插件

<a id="eab89cedf1706e7fa90dc6530899c968"></a>文章

• 2019.03 [thief] Python代码加密混淆
• 2018.02 [0x00sec] Plain Obfuscate Python script as malware
• 2016.07 [doyler] Deobfuscate Python (ABCTF2016 – Obfuscated 1)
• 2016.05 [freebuf] 用Python和Smali模拟器搞定一个加混淆、防篡改的APK逆向
• 2016.04 [evilsocket] How I Defeated an Obfuscated and Anti-Tamper APK With Some Python and a Home-Made Smali Emulator.
• 2016.04 [aassfxxx] Breaking Cerber strings obfuscation with Python and radare2
• 2016.04 [aassfxxx] Breaking Cerber strings obfuscation with Python and radare2
• 2014.05 [quarkslab] Building an obfuscated Python interpreter: we need more opcodes
• 2013.12 [HackersSecurity] DEFCON 18: Obfuscated Python
• 2012.06 [trustwave] 使用IDAPython对Flame的字符串进行反混淆

<a id="4169178cfbac7e4e03c182600d58d40e"></a>Android

<a id="263fb2577d8c578768f677ca34d517bd"></a>simplify

<a id="98a46d73a2511e58cf348049e1c33e5f"></a>工具

• [3296星][11d] [Java] calebfenton/simplify Android虚拟机和deobfuscator

<a id="5c67e3ac71ff94cd820ed382f96d359f"></a>工具

• [745星][5m] [YARA] rednaga/apkid Android应用程序标识符，用于包装器、保护器、混淆器和奇怪的东西
• [370星][12d] [Ruby] calebfenton/dex-oracle A pattern based Dalvik deobfuscator which uses limited execution to improve semantic analysis
• [314星][9m] [C] shadowsocks/simple-obfs-android 一个简单的Android混淆工具
• [258星][2m] [Java] godlikewangjun/dexknife-wj apk加固插件 带签名校验、dex加密、资源混淆
• [230星][4y] [Ruby] strazzere/apkfuscator A generic DEX file obfuscator and munger
• [196星][4m] [Py] claudiugeorgiu/obfuscapk A black-box obfuscation tool for Android apps
• [165星][3y] ysrc/androidobfusedictionary Android ProGuard变态混淆字典
• [119星][5m] [Java] stringcare/androidlibrary Android library to reveal or obfuscate strings and assets at runtime
• [94星][6m] [Py] thuxnder/dalvik-obfuscator a set of tools/scripts to obfuscate and manipulate dex files
• [90星][1m] [Py] necst/aamo Another Android Malware Obfuscator
• [61星][5y] [Py] hamiltoniancycle/classnamedeobfuscator Simple script to parse through the .smali files produced by apktool and extract the .source annotation lines.
• [25星][5y] [Py] burningcodes/dexconfuse 简易dex混淆器
• [17星][12d] [Py] omirzaei/androdet AndrODet: An Adaptive Android Obfuscation Detector
• [15星][12d] [Java] miwong/tiro TIRO - A hybrid iterative deobfuscation framework for Android applications

<a id="b8bd64107751a6e271414bd1db39dad1"></a>文章

• 2020.02 [freebuf] Obfuscapk：一款针对Android应用程序的黑盒混淆工具
• 2020.02 [hakin9] Obfuscapk - A black-box obfuscation tool for Android apps
• 2019.12 [hakin9] Quark Engine - An Obfuscation-Neglect Android Malware Scoring System
• 2019.10 [aliyun] apk混淆工具Obfuscapk原理探究
• 2019.05 [arxiv] [1905.09136] DaDiDroid: An Obfuscation Resilient Tool for Detecting Android Malware via Weighted Directed Call Graph Modelling
• 2019.03 [virusbulletin] VB2018 paper and video: Android app deobfuscation using static-dynamic cooperation
• 2018.10 [securitygossip] Tackling Runtime-based Obfuscation in Android With TIRO
• 2018.10 [sjtu] Tackling Runtime-based Obfuscation in Android With TIRO
• 2018.04 [360] 对混淆的Android应用进行渗透测试
• 2018.03 [guardsquare] Decompiling obfuscated Android applications
• 2018.03 [pediy] [原创]御安全浅析安卓开发代码混淆技术
• 2018.02 [tinyhack] Pentesting obfuscated Android App
• 2018.02 [pnfsoftware] A new APK Resources Decoder with de-Obfuscation Capabilities
• 2018.01 [arxiv] [1801.01633] Understanding Android Obfuscation Techniques: A Large-Scale Investigation in the Wild
• 2017.10 [360] 如何使用dex-oracle对抗混淆后的Android恶意软件
• 2017.10 [rednaga] Hacking with dex-oracle for Android Malware Deobfuscation
• 2017.04 [360] Android代码混淆技术总结（一）
• 2017.03 [360] Android 字符串及字典混淆开源实现
• 2017.01 [360] Android程序反混淆利器——Simplify工具
• 2016.12 [securitygossip] Statistical Deobfuscation of Android Applications
• 2016.12 [sjtu] Statistical Deobfuscation of Android Applications
• 2016.11 [arxiv] [1611.10231] Android Code Protection via Obfuscation Techniques: Past, Present and Future Directions
• 2016.11 [deepsec] DeepSec 2016 Talk: Obfuscated Financial Fraud Android Malware: Detection And Behavior Tracking – Inseung Yang
• 2016.04 [n0where] Generic Android Deobfuscator: Simplify
• 2016.03 [pnfsoftware] Deobfuscating Android Triada malware
• 2016.01 [freebuf] Oracle：安卓反混淆工具
• 2015.03 [Roland] 用ProGuard混淆Android代码
• 2015.02 [arxiv] [1502.01625] A Self-Compiling Android Data Obfuscation Tool
• 2014.12 [androidcracking] Simplify - Android Deobfuscator / Decryptor
• 2014.07 [virusbulletin] Paper: Obfuscation in Android malware, and how to fight back
• 2013.08 [pediy] [原创]Android分析之路（二）——代码混淆分析研究1
• 2013.06 [pediy] apkprotect（免费android代码混淆、加密保护工具）版本v0.3.8 2013.10.22更新
• 2013.04 [xyz] android应用安全——代码安全（android代码混淆）
• 2012.12 [pediy] [原创]一个简单的判断APK文件是否混淆的方法
• 2011.07 [pediy] [原创]APK反破解之一：Android Java混淆(ProGuard)
• 2008.10 [ysl] 請為你的 Android 程式加上 obfuscation 吧！

<a id="beb0e19614fb8044452ae90b74138f2d"></a>Apple

<a id="c9bdd398b84c5ddfede6e2b1a78492aa"></a>stcobfuscator

<a id="61ba58d5e151bbeabb078767f437dff5"></a>工具

• [663星][1y] [ObjC] chenxiancai/stcobfuscator iOS全局自动化 代码混淆 工具！支持cocoapod组件代码一并 混淆，完美避开hardcode方法、静态库方法和系统库方法！

<a id="5c8857ae3e654bd79d8257595e05e229"></a>工具

• [1500星][12d] [ObjC] polidea/ios-class-guard Simple Objective-C obfuscator for Mach-O executables.
• [1205星][11d] [Swift] rockbruno/swiftshield 为你的iOS项目的类型和方法(包括第三方库和故事板)生成不可逆加密名称的工具，以保护你的应用程序免受iOS逆向工程工具，如类转储和Cycript。
• [520星][4y] [ObjC] pjebs/obfuscator-ios Secure your app by obfuscating all the hard-coded security-sensitive strings.
• [500星][2m] [Ruby] kaich/codeobscure 方便强大的OC工程代码自动混淆工具
• [358星][2y] [C] codermjlee/mjcodeobfuscation 一个用于代码混淆和字符串加密的Mac小Demo
• [334星][2y] [C++] polidea/siriusobfuscator a tool for performing source-to-source obfuscation of Swift projects
• [265星][9m] [ObjC] preemptive/ppios-rename Symbol obfuscator for iOS apps
• [216星][5m] [Py] lennonchin/code-confuse-plugin iOS代码混淆插件
• [144星][22d] [Swift] danleechina/mixplaintext 可对 Xcode 项目工程所有的 objective-c 文件内包含的明文进行加密混淆，提高逆向分析难度。
• [44星][15d] [Swift] pabloroca/obfuscateapi Mac OSX, Command line Swift 4 Utility for obfuscate / defuscate strings (API endpoints) in AES128 format.
• [38星][6y] [C] x43x61x69/mach-o-prettifier A Mach-O Load Command deobfuscator.
• [27星][2m] [C++] cuitche/code-obfuscation 一款iOS代码混淆工具(A code obfuscation tool for iOS.)
• [3星][1m] [Java] maxpixelstudios/minecraftdecompiler A useful tool to decompile and deobfuscate Minecraft by CFR/FernFlower and Proguard/SRG/CSRG/TSRG mappings

<a id="e9ed9f70cf4150a9f8eb4c2983ea4f6d"></a>文章

• 2019.10 [freebuf] Swiftshield：SwiftOBJ-C 代码混淆工具
• 2019.06 [h2hconference] Android Game of Obfuscation - Jurriaan Bremer and Rodrigo Chiossi - H2HC 2013
• 2019.06 [hitbsecconf] #HITB2019AMS D1T1 - Deobfuscate UEFI/BIOS Malware And Virtualized Packers - Alexandre Borges
• 2018.11 [ironcastle] More obfuscated shell scripts: Fake MacOS Flash update, (Tue, Nov 27th)
• 2018.11 [sans] More obfuscated shell scripts: Fake MacOS Flash update
• 2018.09 [pediy] [原创]尝试解下fairplayd(苹果|ios)的混淆(块调度)
• 2018.09 [4hou] 用于保护iOS应用程序的开源代码混淆工具Sirius发布（二）
• 2018.09 [4hou] 用于保护iOS应用程序的开源代码混淆工具Sirius发布（一）
• 2017.11 [pnfsoftware] Having Fun with Obfuscated Mach-O Files
• 2015.04 [securityintelligence] CVE-2015-1097: Deobfuscating iOS Kernel Pointers With an IBM X-Force-Discovered Vulnerability
• 2012.02 [reverse] Anti-disassembly & obfuscation #1: Apple doesn’t follow their own Mach-O specifications?

<a id="8a996fdcd6ee02c19fd55b09fcd7f9c0"></a>Java

<a id="96942f90fddd05d4c70ce45a3b3cafb7"></a>nullproguard

<a id="23fb4af31b14c09156b20c85f7d05953"></a>工具

• [273星][4m] [Java] w296488320/nullproguard 空白混淆 源码

<a id="77ab5d96e4ca64cb5913c61540baa0a6"></a>工具

• [615星][13d] [Java] java-deobfuscator/deobfuscator Java 代码反混淆工具
• [172星][4m] [Java] superblaubeere27/obfuscator A java obfuscator (GUI)
• [165星][5m] [Java] itzsomebody/radon A crappy Java bytecode obfuscator (meaning: not for production use)
• [142星][12d] [Java] graxcode/threadtear Multifunctional java deobfuscation tool suite
• [92星][13d] [Java] yworks/yguard The open-source Java obfuscation tool working with Ant and Gradle by yWorks - the diagramming experts
• [82星][19d] [Java] ysrc/obfusesmalitext smali文件，jar包字符串混淆，支持gradle插件
• [65星][1m] [Java] calebwhiting/java-asm-obfuscator Obfuscates compiled java code to make it harder to reverse engineer.
• [56星][4m] [Java] johnjohndoe/proguard Java class file shrinker, optimizer, obfuscator, and preverifier
• [23星][19d] [Java] alpheratzteam/obfuscator Java Obfuscator
• [18星][25d] [Java] damianszczepanik/silencio Silencio is a Java library for transforming and converting XML, JSON, YAML, Properties and other formats. It is applicable for most operations such as obfuscation, encryption, minimisation (minifying), anonymous. Library is fully customizable and extensible.
• [14星][9m] [Java] graxcode/stringer-verification-bypass Patch java archives obfuscated and signed by stringer 3.x - 9.0 (
• [9星][4m] [Java] mjvl/uniobfuscator Java obfuscator that hides code in comment tags and Unicode garbage by making use of Java's Unicode escapes.

<a id="85a8cd8871da13161f05993c1029e867"></a>文章

• 2020.04 [hakin9] Threadtear - Multifunctional java deobfuscation tool suite
• 2018.09 [arxiv] [1809.11037] A Systematic Study on Static Control Flow Obfuscation Techniques in Java
• 2017.09 [360] 基于ASM的Java字符串混淆工具实现
• 2016.07 [MalwareAnalysisForHedgehogs] Malware Analysis - Java Malware Deobfuscation
• 2015.02 [contextis] Automating Removal of Java Obfuscation
• 2013.07 [netspi] Java Obfuscation Tutorial with Zelix Klassmaster
• 2013.02 [security] Deobfuscating Java 7u11 Exploit from Cool Exploit Kit (CVE-2013-0431)
• 2013.01 [quequero] Malicious Java Applet Deobfuscation
• 2012.11 [security] Java Exploit Code Obfuscation and Antivirus Bypass/Evasion (CVE-2012-4681)
• 2008.09 [arxiv] [0809.3503] JDATATRANS for Array Obfuscation in Java Source Code to Defeat Reverse Engineering from Decompiled Codes
• 2008.07 [arxiv] [0807.4309] Array Based Java Source Code Obfuscation Using Classes with Restructured Arrays

<a id="193bfef38cb82179a6115c52799286fa"></a>CMD

<a id="63a2b1b7b26fa06579654d2e39cc2f33"></a>invoke-dosfuscation

<a id="9d707b82be5392b16016bfee435f8bf6"></a>工具

• [416星][2y] [PS] danielbohannon/invoke-dosfuscation Cmd.exe Command Obfuscation Generator & Detection Test Harness

<a id="0b5910871dcca88d837fed60e2de27b1"></a>文章

• 2018.10 [NorthSec] Daniel Bohannon - Invoke-DOSfuscation: Techniques FOR %F IN (-style) DO (S-level CMD Obfuscation)
• 2018.07 [pcsxcetrasupport3] A look at a Word document macro using Invoke-DOSfuscation

<a id="0738123add9a88b1b717696ad5e3dee5"></a>文章

• 2018.03 [fireeye] DOSfuscation: Exploring the Depths of Cmd.exe Obfuscation and Detection Techniques

<a id="978ec8680ae0965ce50c6948e6c740fa"></a>其他

<a id="3df7c00560baca22e97aa3842646f208"></a>flare-floss

<a id="da84308c817371ee9a7168afd8c08879"></a>工具

• [1497星][12d] [Py] fireeye/flare-floss 自动从恶意代码中提取反混淆后的字符串
  • floss
  • IDA插件

<a id="524722c4a4090595c6aeb0e245793c2b"></a>文章

• 2016.05 [freebuf] 火眼实验室恶意软件开源分析工具Flare-floss

<a id="816c07719bc43d5fbdb096c357fa52cd"></a>demovfuscator

<a id="be0c014ea3736628b4f9278b5291ac41"></a>工具

• [516星][12d] [C++] kirschju/demovfuscator 对抗控制流线性化的工具，反混淆器。

<a id="c9354b20e62e3781b0e194d7ac7b2b1a"></a>hexraysdeob

<a id="25deb9c341c4f5d5b2c165f85bdc7cb8"></a>工具

• [318星][9m] [C++] rolfrolles/hexraysdeob 利用Hex-Rays microcode API破解编译器级别的混淆
• [40星][4m] [C++] carbonblack/hexraysdeob Hex-Rays microcode API plugin for breaking an obfuscating compiler

<a id="a5243005269510c9270b86faaaa708f0"></a>callobfuscator

<a id="1aac846077f425c1c6d557d9b0e9e3b0"></a>工具

• [272星][4m] [C++] d35ha/callobfuscator 使用不同的Windows API混淆指定的Windows API

<a id="ac6cc2eb18f961bdbfb16151e1f9f686"></a>恶意代码

<a id="1006f3d956b3a62601532cccb9ef1f8d"></a>文章

• 2020.05 [vmray] Move Fast and Don’t Break Things (Part 2): Automated Malware De-obfuscation by Accurate API Monitoring
• 2020.05 [talosintelligence] Threat Spotlight: Astaroth — Maze of obfuscation and evasion reveals dark stealer
• 2020.04 [rootshell] [SANS ISC] Malicious Excel With a Strong Obfuscation and Sandbox Evasion
• 2020.03 [welivesecurity] Stantinko’s new cryptominer features unique obfuscation techniques | WeLiveSecurity
• 2020.02 [infosecinstitute] What is Malware Obfuscation?
• 2019.11 [trendmicro] More than a Dozen Obfuscated APT33 Botnets Used for Extreme Narrow Targeting
• 2019.11 [umbrella] Obfuscation: The Abracadabra of Malware Authors
• 2019.10 [HackersOnBoard] Black Hat USA 2016 Next Generation of Exploit Kit Detection By Building Simulated Obfuscators
• 2019.07 [freebuf] 教你使用Cutter和Radare2对APT32恶意程序流程图进行反混淆处理
• 2019.07 [arxiv] [1907.01445] Extended Report on the Obfuscated Integration of Software Protections
• 2019.06 [trendmicro] CVE-2019-2725 Exploited and Certificate Files Used for Obfuscation to Deliver Monero Miner
• 2019.05 [360] 使用Cutter和Radare2对APT32恶意程序流程图进行反混淆处理
• 2019.04 [trendmicro] Phishing Attack Uses Browser Extension Tool SingleFile to Obfuscate Malicious Log-in Pages
• 2019.03 [sucuri] Uncommon Radixes Used in Malware Obfuscation
• 2019.02 [carbonblack] Defeating Compiler-Level Obfuscations Used in APT10 Malware
• 2019.02 [4hou] 见招拆招分析银行木马：揭开恶意LNK真面目+逐步拆解混淆后Dropper
• 2019.01 [4hou] 一种新型恶意软件混淆技术的逆向分析
• 2019.01 [sans] FLOSS Every Day - Automatically Extracting Obfuscated Strings from Malware
• 2018.10 [4hou] GandCrab勒索软件的最新版本中开始引入加密和混淆功能
• 2018.10 [mcafee] Rapidly Evolving Ransomware GandCrab Version 5 Partners With Crypter Service for Obfuscation
• 2018.10 [mcafee] Rapidly Evolving Ransomware GandCrab Version 5 Partners With Crypter Service for Obfuscation
• 2018.10 [mcafee] Rapidly Evolving Ransomware GandCrab Version 5 Partners With Crypter Service for Obfuscation
• 2018.10 [NorthSec] Thaís aka barbie Moreira Hamasaki - Logic against sneak obfuscated malware
• 2018.10 [checkpoint] Labeless Part 6: How to Resolve Obfuscated API Calls in the Ngioweb Proxy Malware - Check Point Research
• 2018.09 [tencent] MyKings僵尸网络最新变种突袭，攻击代码多次加密混淆，难以检测
• 2018.08 [4hou] 后门混淆和反检测技术
• 2018.08 [sans] Dealing with numeric obfuscation in malicious scripts
• 2018.07 [MalwareAnalysisForHedgehogs] Malware Analysis - DOSfuscation Deobfuscation
• 2018.07 [aliyun] 后门混淆和反检测技术
• 2018.07 [360] 后门混淆和逃避技术
• 2018.07 [imperva] The Trickster Hackers – Backdoor Obfuscation and Evasion Techniques
• 2018.07 [360] Malwarebytes 对使用混淆 Coinhive 短链接进行浏览器挖矿的调查分析
• 2018.07 [malwarebytes] Obfuscated Coinhive shortlink reveals larger mining operation
• 2018.06 [freebuf] 技术讨论 | NjRAT通过base64编码加密混淆Code免杀绕过360杀毒实验
• 2018.06 [serhack] Deobfuscating and Understanding a Trojan JScript
• 2018.04 [360] 深入分析恶意软件Formbook：混淆和进程注入（下）
• 2018.04 [360] 深入分析恶意软件Formbook：混淆和进程注入（上）
• 2018.01 [trendmicro] 以俄罗斯银行为目标的恶意 Android App FakeBank 使用新的混淆技巧
• 2017.08 [360] 分析一款代码经过混淆处理的勒索软件下载器
• 2017.08 [ringzerolabs] 分析多层混淆的 HTML 文档（Locky勒索软件的下载器）
• 2017.08 [MalwareAnalysisForHedgehogs] Malware Analysis - Deobfuscating Loyeetro Trojan-Spy
• 2017.08 [netskope] Adwind RAT employs new obfuscation techniques
• 2017.04 [ixiacom] Deobfuscating Malicious Actor Intentions for Your Web Server
• 2017.03 [itsjack] Deobfuscating API Call Strings In A ‘Banker’
• 2017.03 [adelmas] Analyzing and Deobfuscating FlokiBot Banking Trojan
• 2017.02 [vkremez] Trojan-Downloader:JS/Locky: Deobfuscate and Extract IOCs
• 2016.12 [rsa] How to deobfuscate malicious browser scripts using a script debugger
• 2016.11 [securityblog] Automatically extract obfuscated strings from malware
• 2016.10 [4hou] 恶意代码最新混淆技术分析
• 2016.10 [broadanalysis] EiTest campaign drops flash gate for obfuscated script sending GootKit banking malware
• 2016.09 [quarkslab] Arybo: cleaning obfuscation by playing with mixed boolean and arithmetic operations
• 2016.08 [8090] 代码战争：伪装和狙杀，从“壳”到“病毒混淆器
• 2016.08 [freebuf] 代码战争：伪装和狙杀，从“壳”到“病毒混淆器”
• 2016.08 [mcafee] Obfuscated Malware Discovered on Google Play
• 2016.08 [mcafee] Obfuscated Malware Discovered on Google Play
• 2016.07 [ixiacom] MALWARE DELIVERY SECRETS: RTF OBFUSCATION
• 2016.07 [malwarenailed] Locky Ransomware - Obfuscated Weaponry
• 2016.06 [fireeye] Automatically Extracting Obfuscated Strings from Malware using the FireEye Labs Obfuscated String Solver (FLOSS)
• 2016.06 [fortinet] Obfuscated Bitcoin Miner Propagates Through FTP Using Password Dictionary
• 2016.05 [jeffsoh] Heavy Obfuscation != Malicious
• 2016.04 [freebuf] 恶意软件混淆检测算法分析
• 2015.09 [freebuf] 一种在恶意软件中常见的字符串和Payload混淆技术
• 2015.09 [securityintelligence] An Example of Common String and Payload Obfuscation Techniques in Malware
• 2015.06 [malwarebytes] Complex Method of Obfuscation Found in Dropper RealShell
• 2015.02 [arxiv] [1502.03245] FEEBO: An Empirical Evaluation Framework for Malware Behavior Obfuscation
• 2014.05 [mcafee] Necurs, Zbot Droppers Use Obfuscated Windows XP Detection to Bypass Automated Analysis
• 2014.05 [mcafee] Necurs, Zbot Droppers Use Obfuscated Windows XP Detection to Bypass Automated Analysis
• 2014.03 [k7computing] Volume III: Who aM I? Confessions of an Obfuscated JS Worm
• 2014.03 [k7computing] Volume III: Who aM I? Confessions of an Obfuscated JS Worm
• 2014.03 [k7computing] Volume II: Who aM I? Confessions of an Obfuscated JS Worm
• 2014.03 [k7computing] Volume II: Who aM I? Confessions of an Obfuscated JS Worm
• 2014.03 [k7computing] Volume I: Who aM I? Confessions of an Obfuscated JS Worm
• 2014.03 [k7computing] Volume I: Who aM I? Confessions of an Obfuscated JS Worm
• 2013.05 [sans] Tools for Examining XOR Obfuscation for Malware Analysis
• 2013.03 [malwarebytes] Obfuscation: Malware’s best friend
• 2013.01 [checkpoint] Tales from the Crypter: Thwarting Malware Obfuscation with Threat Emulation | Check Point Software Blog
• 2012.12 [forcepoint] Sharing the Experience of Deobfuscating a Trojan
• 2012.06 [sans] Decoding Common XOR Obfuscation in Malicious Code
• 2011.08 [webroot] Trojans Employ Misdirection Instead of Obfuscation
• 2010.12 [yurichev] 7-Dec-2010: Making C compiler generate obfuscated code
• 2010.03 [securelist] New Brazilian banking Trojans recycle old URL obfuscation tricks
• 2008.04 [secshoggoth] Obfuscating Malware for Fun and Prizes
• 2006.12 [pediy] [翻译]注入 动态生成及混淆的恶意代码的检测

<a id="48905dbcdd16a4b3ca77dc0193723720"></a>新添加-混淆

<a id="40f09a7bfb3cb928c2f912aa6634c775"></a>工具

• [215星][1y] [Java] neo23x0/fnord 一种用于混淆代码的模式提取器
• [185星][3y] [PS] cobbr/obfuscatedempire Empire的Fork，集成了Invoke-Obfuscation
• [165星][2m] [JS] zsoltszabo/node-uglifier 完全自动合并和混淆(丑化)整个NodeJs项目到一个文件与外部文件选项
• [161星][17d] [Py] z0noxz/powerstager 创建可执行文件，用于下载PowerShell Payload，将其加载到内存，并使用混淆的EC方法运行
• [152星][26d] [Go] znly/strobfus String obfuscation
• [142星][2y] [Py] gumblex/ptproxy Turn any pluggable transport for Tor into an obfuscating TCP tunnel.
• [132星][8m] [C#] nyan-x-cat/lime-crypter Simple obfuscation tool
• [131星][9m] [C] changeofpace/overwatch-dump-fix x64dbg plugin which removes anti-dumping and obfuscation techniques from the popular FPS game Overwatch.
• [131星][6m] [PHP] propaganistas/laravel-fakeid Automatic model ID obfuscation in routes for Laravel 5
• [120星][4m] we5ter/flerken A Solution For Cross-Platform Obfuscated Commands Detection
• [114星][4m] [Py] ekultek/graffiti A tool to generate obfuscated one liners to aid in penetration testing
• [106星][16d] [C] vmonaco/kloak Keystroke-level online anonymization kernel: obfuscates typing behavior at the device level.
• [101星][3y] [Py] mr-un1k0d3r/sct-obfuscator Cobalt Strike SCT payload obfuscator
• [100星][2m] [C] elfmaster/dsym_obfuscate Obfuscates dynamic symbol table
• [93星][4y] [C] osandamalith/ipobfuscator A simple tool to convert the IP to a DWORD IP
• [90星][19d] [C++] koemeet/rtti-obfuscator Obfuscates all RTTI (Run-time type information) inside a binary
• [88星][2y] [C] lloydlabs/windows-api-hashing 通过哈希混淆API
• [76星][11d] [Java] radioegor146/native-obfuscator Java .class to .cpp converter for use with JNI
• [73星][2y] [C++] nickcano/relocbonus An obfuscation tool for Windows which instruments the Windows Loader into acting as an unpacking engine.
• [71星][4y] [Py] kkar/vbs-obfuscator-in-python VBScript混淆允许pentester绕过对策
• [71星][24d] [TS] javascript-obfuscator/react-native-obfuscating-transformer Obfuscation for React Native bundles
• [66星][2m] [Py] nullhypothesis/scramblesuit The ScrambleSuit traffic obfuscation protocol.
• [59星][3y] [Py] amoulu/tinysmaliemulator A very minimalist smali emulator that could be used to "decrypt" obfuscated strings
• [58星][12d] [JS] coston/react-obfuscate An intelligent React component to obfuscate any contact link!
• [57星][14d] [C++] haidragon/study_obscure 混淆反混淆
• [55星][2y] [PS] mr-un1k0d3r/base64-obfuscator Simple PowerShell Base64 encoder to avoid detection of your malicious payload
• [54星][1m] [Py] mushorg/oschameleon OS Fingerprint Obfuscation for modern Linux Kernels
• [47星][23d] [C++] thebabush/dumb-obfuscator Tutorial on how to write the dumbest obfuscator I could think of.
• [46星][4m] [C++] timelifeczy/sheller 一键加壳/脱壳，混淆，花指令，反调试等
• [45星][4m] [Assembly] martinvelez/w32evol An obfuscation engine which obfuscates Intel x86 32-bit binary code.
• [43星][2y] [Py] nikshepsvn/scatterfly An attempt to improve user privacy by intelligent data obfuscation.
• [43星][12d] [C] tum-i22/obfuscation-benchmarks A set of programs used for benchmarking the strength of obfuscation
• [42星][4y] [Py] cylance/markovobfuscate Use Markov Chains to obfuscate data as other data
• [39星][1m] [Shell] dlshad/openvpn-shapeshifter This script will automatically guide you to install and configure your OpenVPN server with Shapeshifter Dispatcher (obfuscation) which will allow you to bypass the DPI blockage on OpenVPN. This setup will offer the users the freedom to choose between regular OpenVPN connection or obfuscated one, they actually can use both! OpenVPN is the VPN pro…
• [37星][4m] [Shell] hromie/obfs4proxy-openvpn Obfuscating OpenVPN traffic using obfs4proxy
• [36星][4m] [Visual Basic] doctorlai/vbscript_obfuscator The VBScript Obfuscator written in VBScript
• [33星][1y] [C] mmyydd/relative-pattern Recover control flow graph from obfuscated codes
• [33星][1m] [C++] hikariobfuscator/core Shared Obfuscation Core
• [31星][1y] [C] segnolin/vobfus virtualization obfuscator inspired by juhajong/vm-obfuscator
• [29星][5m] [Java] rabrg/refactored-client Refactoring the obfuscated v317 of the RuneScape (RuneTek 3) client.
• [29星][6m] [Java] guardianproject/pluto Pluggable Library (for) Using Traffic Obfuscation: DEPRECATED - SEE LINK FOR NEW PROJECT
• [28星][2y] [Py] mgeeky/visualbasicobfuscator Visual Basic Code universal Obfuscator intended to be used during penetration testing assignments.
• [27星][9m] [PS] danmcinerney/invoke-cats Obfuscated Invoke-Mimikatz
• [27星][4m] [Go] getlantern/lampshade Obfuscated encrypted network protocol for Lantern
• [26星][8m] [PHP] krowinski/tinyid Shorten and obfuscate IDs
• [24星][12d] [C++] d35ha/xobf Simple x86/x86_64 instruction level obfuscator based on a basic SBI engine
• [21星][16d] [HTML] guillac/jsbatchobfuscator JSBatchobfuscator is a simple obfuscator for batch script
• [19星][11d] [Jupyter Notebook] antoinevastel/simplejsobfuscator Example of a simple JS obfuscator
• [19星][2m] maxfong/obfuscatorxcplugin 逻辑混淆XCode插件
• [18星][7m] [Py] transferwise/pg_ninja The ninja elephant obfuscation and replica tool
• [17星][10m] [Py] twisteroidambassador/udpack UDPack is an extensible generic UDP packet obfuscator.
• [16星][11m] [Haxe] markknol/hxobfuscator Shortens names for smaller output and better gzip compression in Haxe/JavaScript builds
• [16星][19d] [Py] c0cc/code_obfuscate python 字节码混淆工具
• [14星][6m] [PHP] networkteam/networkteam.neos.mailobfuscator Email address obfuscation for Neos CMS
• [14星][3m] [Go] potato-industries/gohide tunnel port to port traffic over an obfuscated channel with AES-GCM encryption.
• [13星][5m] [PHP] pelock/autoit-obfuscator AutoIt Obfuscator lets you protect AutoIt script source code against analysis, reverse engineering and decompilation using advanced obfuscation techniques and polymorphic encryption.
• [13星][1y] [Swift] mrigankgupta/mgobfuscator An easy encryptor / decryptor for iOS
• [10星][6m] [C#] kendtimothy/obfuscation Obfuscation / Integer Masking library to encrypt numeric id to short string, generating a similar result to YouTube video id.
• [9星][2y] [Py] d00rt/easy_way_nymaim IDA脚本, 用于去除恶意代码nymaim的混淆,创建干净的idb
• [9星][2m] [C] olbat/binsh Shell script obfuscation tool (compile, encrypt and passphrase-protect)
• [8星][4m] [C] mickdec/haremg0.b-cl Fully obfuscated trojan generator for windows.
• [7星][3y] [F#] enkomio/mealyobfuscator String obfuscator based on the Mealy automata
• [7星][1y] [PHP] mattiasgeniar/encoder Encoding, Decoding and Obfuscating strings.
• [6星][5m] [Java] itemic/rotacsufbo did u know the name of the repo is obfuscator backwards?
• [5星][2y] [C++] polidea/siriusobfuscator-symbolextractorandrenamer
• [4星][2y] [Py] jamcut/obfuscate_launcher Simple script for obfuscating payload launchers
• [4星][6m] [Py] pwnslinger/smc Self-modifying Code de-obfuscation
• [3星][2y] [Swift] polidea/siriusobfuscator-verificationsuite
• [3星][4m] [Java] tedstardev/mojang2tsrg A small tool that converts Mojang's ProGuard obfuscation map to TSRG format, for use by SpecialSource
• [2星][2y] [ObjC] jacksujunjie/safedemo Objective-C代码混淆(网络安全)
• [2星][1y] [Py] nlog2n/pyobfuscator Python code obfuscator
• [2星][2y] [Ruby] polidea/siriusobfuscator-fileextractor
• [1星][2y] [Jupyter Notebook] s-mohammad-hashemi/sst Stochastic Substitute Training: A Gray-box Approach to Craft Adversarial Examples Against Gradient Obfuscation Defenses
• [1星][2y] [C] ryanlederman/huhu.c My attempt at C obfuscation (and a running joke on IRC) - yes, it works!
• [0星][1y] [PS] irq8/obfpsh Preobfuscated Empire module source with Invoke-Obfuscation for easy cloning. /data/obfuscated_module_source
• [0星][4y] [Py] zonksec/dakotacon-ctf-extension-crusher quick and dirty script to decode and extract obfuscated files.
• [None星][C++] eaglx/vmprotect Obfuscation method using virtual machines.
• [None星][C++] meme/hellscape GIMPLE obfuscator for C, C++, Go, ... all supported GCC targets and front-ends that use GIMPLE.

<a id="d90fb43c51f97711585f6906a045de96"></a>文章

• 2020.04 [blackhillsinfosec] Getting Started With ROT Obfuscation
• 2020.04 [rootshell] [SANS ISC] Obfuscated with a Simple 0x0A
• 2020.03 [virusbulletin] VB2019 paper: Defeating APT10 compiler-level obfuscations
• 2020.01 [aliyun] X86指令混淆之函数分析和代码块粉碎
• 2019.12 [t00ls] CMD命令混淆浅析
• 2019.12 [trendmicro] Obfuscation Tools Found in the Capesand Exploit Kit Possibly Used in “KurdishCoder” Campaign
• 2019.11 [p0w3rsh3ll] Hunting for obfuscation
• 2019.11 [freebuf] 猫鼠游戏: 持续渗透中的高级命令混淆对抗 | CIS 2019议题前瞻
• 2019.11 [binarydefense] Revenge is a Dish Best Served... Obfuscated? - Binary Defense
• 2019.10 [Cooper] Defeating APT10 Compiler-level Obfuscations - Takahiro Haruyama
• 2019.10 [shaurya] Obfuscated/Polyglot XSS Payloads Simplified with references.
• 2019.09 [quarkslab] Epona and the Obfuscation Paradox: Transparent for Users, a Pain for Reversers
• 2019.08 [proofpoint] Phishing Actor Using XOR Obfuscation Graduates to Enterprise Cloud Storage on AWS
• 2019.08 [trendmicro] Latest Trickbot Campaign Delivered via Highly Obfuscated JS File
• 2019.08 [infosecinstitute] MITRE ATT&CK vulnerability spotlight: Obfuscated files or information
• 2019.07 [aliyun] 关于对antSword(蚁剑)进行流量混淆处理的解决方案
• 2019.06 [freebuf] Graffiti：一款专为渗透测试人员设计的混淆代码One Liner
• 2019.06 [trustedsec] On the possibility of obfuscating code using neural networks
• 2019.05 [compass] Reversing obfuscated passwords
• 2019.05 [arxiv] [1905.09778] Privacy-Preserving Obfuscation of Critical Infrastructure Networks
• 2019.05 [aliyun] 混淆IDA F5的一个小技巧-x86
• 2019.05 [aliyun] 混淆IDA F5的一个小技巧-x64
• 2019.05 [talosintelligence] Qakbot levels up with new obfuscation techniques
• 2019.04 [urlteam] 爬虫解决网站混淆JS跳转
• 2019.04 [arxiv] [1904.09516] EOP: An Encryption-Obfuscation Solution for Protecting PCBs Against Tampering and Reverse Engineering
• 2019.04 [arxiv] [1904.09429] Chaotic Compilation for Encrypted Computing: Obfuscation but Not in Name
• 2019.04 [nviso] Circumventing SSL Pinning in obfuscated apps with OkHttp
• 2019.04 [NDSSSymposium] NDSS 2019 OBFUSCURO: A Commodity Obfuscation Engine on Intel SGX
• 2019.03 [arxiv] [1904.00188] PILOT: Password and PIN Information Leakage from Obfuscated Typing Videos
• 2019.03 [freebuf] SharPyShell：用于C# Web应用程序的小型混淆版WebShell
• 2019.03 [sucuri] More on Dnsden[.]biz Swipers and Radix Obfuscation
• 2019.03 [arxiv] [1903.02601] Attack Graph Obfuscation
• 2019.03 [arxiv] [1903.00841] CodeTrolley: Hardware-Assisted Control Flow Obfuscation
• 2019.02 [aliyun] 使用机器学习检测混淆过的cmd命令
• 2019.02 [xplodwild] Reverse engineering of a mobile game, part 3: Now, it’s obfuscated
• 2019.02 [TechnicalMujeeb] Install and use Ip obfuscator tool in Termux | termux 2019
• 2019.02 [arxiv] [1902.06146] Compiled Obfuscation for Data Structures in Encrypted Computing
• 2019.02 [seowhistleblower] Cheat Engine Tutorial: How to Convert AA Scripts to Lua and Obfuscate Trainer Data! [Terraria]
• 2019.01 [klee] A Framework for Measuring Software Obfuscation Resilience Against Automated Attacks
• 2019.01 [klee] Control Flow Obfuscation using Neural Network to Fight Concolic Testing
• 2018.12 [freebuf] 新型诈骗花样多，使用多种混淆方法绕过安全检测
• 2018.12 [aliyun] 使用机器学习检测混淆的命令行
• 2018.11 [fireeye] Obfuscated Command Line Detection Using Machine Learning
• 2018.11 [arxiv] [1811.12365] (Un)Encrypted Computing and Indistinguishability Obfuscation
• 2018.11 [trustwave] 解析一个感恩节诈骗行动中使用的MS Office文件
• 2018.11 [ironcastle] Basic Obfuscation With Permissive Languages, (Fri, Nov 16th)
• 2018.11 [sans] Basic Obfuscation With Permissive Languages
• 2018.11 [pediy] [原创]Null混淆
• 2018.11 [malwarebytes] Browlock flies under the radar with complete obfuscation
• 2018.10 [arxiv] [1810.10031] Stochastic Substitute Training: A Gray-box Approach to Craft Adversarial Examples Against Gradient Obfuscation Defenses
• 2018.10 [pediy] [原创] 关于代码混淆以及垃圾代码的处理，第一篇(寄存器混淆)
• 2018.10 [pediy] [原创]代码混淆之我见（一）
• 2018.10 [arxiv] [1810.01571] Distributing and Obfuscating Firewalls via Oblivious Bloom Filter Evaluation
• 2018.09 [360] DDE混淆的3种新方法
• 2018.09 [aliyun] 三种新型的DDE混淆方法
• 2018.09 [arxiv] [1809.10743] SAIL: Machine Learning Guided Structural Analysis Attack on Hardware Obfuscation
• 2018.09 [infosecinstitute] Reverse Engineering Obfuscated Assemblies [Updated 2018]
• 2018.09 [reversinglabs] Three New DDE Obfuscation Methods
• 2018.09 [hexblog] Hex-Rays Microcode API vs. Obfuscating Compiler
• 2018.09 [arxiv] [1809.06207] Algorithmic Obfuscation over GF($2^m$)
• 2018.09 [arxiv] [1809.01562] Probabilistic Modeling and Inference for Obfuscated Cyber Attack Sequences
• 2018.08 [ironcastle] Identifying numeric obfuscation, (Sun, Aug 26th)
• 2018.08 [sans] Identifying numeric obfuscation
• 2018.08 [arxiv] [1808.07432] A Developer-Friendly Library for Smart Home IoT Privacy-Preserving Traffic Obfuscation
• 2018.08 [acolyer] Obfuscated gradients give a false sense of security: circumventing defenses to adversarial examples
• 2018.08 [sans] Numeric obfuscation: another example
• 2018.08 [dist67] Dealing With Numeric Obfuscation
• 2018.07 [arxiv] [1807.09464] Specification-Based Protocol Obfuscation
• 2018.07 [arxiv] [1807.08456] On the Anonymization of Differentially Private Location Obfuscation
• 2018.07 [arxiv] [1807.01860] Privacy-preserving Machine Learning through Data Obfuscation
• 2018.06 [arxiv] [1806.10313] DeepObfuscation: Securing the Structure of Convolutional Neural Networks via Knowledge Distillation
• 2018.06 [HackerSploit] AV/IDS Evasion With Msfvenom - Payload Encoding Through Obfuscation
• 2018.06 [arxiv] [1806.02011] DMOS-PUF: Dynamic Multi-key-selection Obfuscation for Strong PUFs against Machine Learning Attacks
• 2018.06 [arxiv] [1806.02432] Obfuscation Resilient Search through Executable Classification
• 2018.06 [arxiv] [1806.01393] REORDER: Securing Dynamic-Priority Real-Time Systems Using Schedule Obfuscation
• 2018.05 [arxiv] [1805.08866] Author Obfuscation Using Generalised Differential Privacy
• 2018.05 [graxcoding] Taking a closer look at Zelix KlassMaster’s Flow Obfuscation
• 2018.05 [arxiv] [1805.02684] Improving Network Intrusion Detection Classifiers by Non-payload-Based Exploit-Independent Obfuscations: An Adversarial Approach
• 2018.04 [arxiv] [1804.11275] LUT-Lock: A Novel LUT-based Logic Obfuscation for FPGA-Bitstream and ASIC-Hardware Protection
• 2018.04 [arxiv] [1805.00054] Benchmarking the Capabilities and Limitations of SAT Solvers in Defeating Obfuscation Schemes
• 2018.04 [arxiv] [1804.04779] A Hybrid Model for Identity Obfuscation by Face Replacement
• 2018.04 [sucuri] Obfuscation Through Legitimate Appearances
• 2018.03 [arxiv] [1803.10133] You are your Metadata: Identification and Obfuscation of Social Media Users using Metadata Information
• 2018.03 [360] Cobalt Strike：使用混淆技术绕过Windows Defender
• 2018.03 [offensiveops] Empire, Kaspersky & Obfuscation oh my!
• 2018.03 [aliyun] Cobalt Strike——利用混淆处理绕过Windows Defender
• 2018.03 [offensiveops] 使用混淆绕过Windows Defender
• 2018.03 [aliyun] 深入探索数据库攻击技术 Part 1：SQL混淆
• 2018.03 [arxiv] [1803.03332] Deep RNN-Oriented Paradigm Shift through BOCANet: Broken Obfuscated Circuit Attack
• 2018.03 [pediy] [原创]使用Unicorn Engine绕过混淆完成算法的调用
• 2018.03 [pediy] [翻译]手把手静态分析FinSpy VM：第一部分，x86去混淆
• 2018.02 [360] 一类混淆变形的Webshell分析
• 2018.02 [imperva] A Deep Dive into Database Attacks [Part I]: SQL Obfuscation
• 2018.02 [arxiv] [1802.04259] Sphinx: A Secure Architecture Based on Binary Code Diversification and Execution Obfuscation
• 2018.02 [freebuf] 任意用户密码重置（三）：用户混淆
• 2018.02 [arxiv] [1802.02789] Exploiting Spin-Orbit Torque Devices as Reconfigurable Logic for Circuit Obfuscation
• 2018.02 [arxiv] [1802.00420] Obfuscated Gradients Give a False Sense of Security: Circumventing Defenses to Adversarial Examples
• 2018.01 [pediy] [原创]汇编指令级混淆器的实现
• 2018.01 [f5] What is HTML Field Obfuscation?
• 2018.01 [arxiv] [1801.02742] A Large Scale Investigation of Obfuscation Use in Google Play
• 2017.12 [dist67] Dealing with obfuscated rtf files
• 2017.12 [sans] Dealing with obfuscated RTF files
• 2017.12 [360] 深入分析PE可执行文件是如何进行加壳和数据混淆的
• 2017.12 [arxiv] [1712.04130] Topology of Privacy: Lattice Structures and Information Bubbles for Inference and Obfuscation
• 2017.12 [antoinevastel] What is obfuscation?
• 2017.11 [arxiv] [1711.09001] Natural and Effective Obfuscation by Head Inpainting
• 2017.11 [cobbr] PSAmsi - Minimizing Obfuscation to Maximize Stealth
• 2017.11 [arxiv] [1711.05284] Obfuscating the Interconnects: Low-Cost and Resilient Full-Chip Layout Camouflaging
• 2017.11 [360] MSWord：如何混淆域代码绕过基于Yara规则的DDEAUTO检测
• 2017.11 [darkoperator] 测试 Windows Defender Exploit Guard 使用 Attack Surface Reduction（ASR） 规则检测/阻止特定行为的能力. 检测和阻止混淆后的脚本执行。结果显示 ASR 规则并不给力，使用 Invoke-Obfuscation 混淆的脚本成功执行
• 2017.11 [pediy] [翻译]MSWord-用字段代码混淆
• 2017.11 [sans] Simple Analysis of an Obfuscated JAR File
• 2017.10 [pluginvulnerabilities] Base64 Obfuscation Used in WordPress Plugin’s Code That Emails Details of Website to Developer
• 2017.10 [staaldraad] MSWord - Obfuscation with Field Codes
• 2017.10 [arxiv] [1710.01139] On Secure and Usable Program Obfuscation: A Survey
• 2017.09 [arxiv] [1710.00197] Matching Anonymized and Obfuscated Time Series to Users' Profiles
• 2017.09 [arxiv] [1709.10412] CAOS: Concurrent-Access Obfuscated Store
• 2017.09 [pluginvulnerabilities] WordPress Plugin Directory Allowing Plugins to Obfuscate Addresses of Websites That the Plugin Connect To
• 2017.09 [antonioparata] 使用 Mealy 元数据混淆字符串
• 2017.08 [f5] URL Obfuscation—Still a Phisher's Phriend
• 2017.08 [arxiv] [1708.07150] Threshold-based Obfuscated Keys with Quantifiable Security against Invasive Readout
• 2017.08 [secist] 代码混淆之道——控制流扁平与不透明谓词理论篇
• 2017.08 [forcepoint] Part one - security, performance, obfuscation, and compression
• 2017.08 [arxiv] [1708.02629] Protecting Genomic Privacy by a Sequence-Similarity Based Obfuscation Method
• 2017.07 [pat] Misconceptions in Client-Side Security: Reverse Engineering Obfuscation & Disguised Endpoints
• 2017.07 [freebuf] FireEye发布调查报告，混淆技术成为了2017年攻击者最喜欢用的技术之一
• 2017.06 [fireeye] Obfuscation in the Wild: Targeted Attackers Lead the Way in Evasion Techniques
• 2017.06 [pentestpartners] Obfuscating consumer IoT hardware. Is it worth it?
• 2017.06 [arxiv] [1706.08003] OS Fingerprinting: New Techniques and a Study of Information Gain and Obfuscation
• 2017.06 [sans] Obfuscating without XOR
• 2017.06 [cobbr] ObfuscatedEmpire - Updates and Pull Request!
• 2017.06 [arxiv] [1706.06232] Modeling Attack Resilient Reconfigurable Latent Obfuscation Technique for PUF based Lightweight Authentication
• 2017.06 [arxiv] [1706.05432] Obfuscation in Bitcoin: Techniques and Politics
• 2017.06 [quarkslab] PhD defense of Ninon Eyrolles: Obfuscation with Mixed Boolean-Arithmetic Expressions: Reconstruction, Analysis and Simplification Tools
• 2017.06 [arxiv] [1706.02693] A Mean-Field Stackelberg Game Approach for Obfuscation Adoption in Empirical Risk Minimization
• 2017.06 [4hou] 看我如何使用数据格式混淆来绕过WAF进行攻击?
• 2017.05 [d0znpp] Bypassing NGFW/WAFs using data format obfuscations
• 2017.05 [paloaltonetworks] Practice Makes Perfect: Nemucod Evolves Delivery and Obfuscation Techniques to Harvest Cr
• 2017.05 [securestate] Obfuscating Launchers to Limit Detection
• 2017.05 [securestate] Obfuscating Launchers to Limit Detection
• 2017.04 [sans] Another Day, Another Obfuscation Technique
• 2017.04 [NDSSSymposium] NDSS 2017: HOP: Hardware makes Obfuscation Practical
• 2017.04 [NDSSSymposium] NDSS 2017: Obfuscation-Resilient Privacy Leak Detection for Mobile Apps Through Differential...
• 2017.04 [sans] Analysis of a Maldoc with Multiple Layers of Obfuscation
• 2017.04 [arxiv] [1704.02307] Assessment of Source Code Obfuscation Techniques
• 2017.03 [arxiv] [1703.07427] Intrinsically Reliable and Lightweight Physical Obfuscated Keys
• 2017.03 [nviso] Analyzing obfuscated scripts using nothing but a text editor
• 2017.03 [sans] Another example of maldoc string obfuscation, with extra bonus: UAC bypass
• 2017.03 [arxiv] [1703.00475] Design Automation for Obfuscated Circuits with Multiple Viable Functions
• 2017.02 [endgame] Lessons from the Trenches: Obfuscation and Pattern Recognition
• 2017.02 [secist] 三个混淆过狗一句话分析
• 2017.01 [tetrane] Unfolding obfuscated code with Reven (part 2)
• 2016.12 [arxiv] [1612.05675] Targeting Infeasibility Questions on Obfuscated Codes
• 2016.12 [360] 如何分析经过混淆的SWF
• 2016.12 [arxiv] [1612.03345] Obfuscation using Encryption
• 2016.11 [tetrane] Unfolding obfuscated code with Reven (part 1, full write-up)
• 2016.11 [vkremez] IDA Pro Tutorial: Unpacking Obfuscated Binary Using IDA Pro Debugger
• 2016.10 [tetrane] Unfolding obfuscated code (part 1)
• 2016.10 [arxiv] [1610.06694] ODIN: Obfuscation-based privacy preserving consensus algorithm for Decentralized Information fusion in smart device Networks
• 2016.10 [jm33] Using Obfs4proxy to obfuscate your non-TOR proxy / 为Shadowsocks路由器增加Obfs4混淆
• 2016.10 [rsaconference] Obfuscation: A User's Guide for Privacy and Protest
• 2016.10 [endgame] Defeating the Latest Advances in Script Obfuscation
• 2016.09 [arxiv] [1609.07612] Obfuscating Keystroke Time Intervals to Avoid Identification and Impersonation
• 2016.09 [mrpapercut] Non-Alphanumeric JS obfuscator
• 2016.09 [arxiv] [1609.00408] Defeating Image Obfuscation with Deep Learning
• 2016.08 [cryptologie] Whibox part 1: Indistinguishability Obfuscation
• 2016.08 [arxiv] [1608.02546] A Stackelberg Game Perspective on the Conflict Between Machine Learning and Data Obfuscation
• 2016.08 [trustwave] To Obfuscate, or not to Obfuscate
• 2016.08 [contextis] Obfuscation, Encryption & Unicorns… Reversing the string encryption in the Pangu 9.3 jailbreak
• 2016.07 [0x00sec] Packers - Executable Compression and Data Obfuscation
• 2016.07 [breakdev] Obfusion - C++ X86 Code Obfuscation Library
• 2016.07 [pcsxcetrasupport3] De-obfuscating Cerber Malspam file
• 2016.07 [p] NDH2K16 - lol so obfuscated
• 2016.06 [securitygossip] ViewDroid: Towards Obfuscation-Resilient Mobile Application Repackaging Detection
• 2016.06 [sjtu] ViewDroid: Towards Obfuscation-Resilient Mobile Application Repackaging Detection
• 2016.06 [arxiv] [1606.06771] A Stackelberg Game Perspective on the Conflict Between Machine Learning and Data Obfuscation
• 2016.05 [mcafee] Seeing Through Darkleech Obfuscation: a Quick Hack to Iframes
• 2016.05 [mcafee] Seeing Through Darkleech Obfuscation: a Quick Hack to Iframes
• 2016.05 [jpcert] Decoding Obfuscated Strings in Adwind
• 2016.05 [arxiv] [1605.04044] Network Traffic Obfuscation and Automated Internet Censorship
• 2016.05 [osandamalith] IP Obfuscator
• 2016.04 [360] 漫谈混淆技术----从Citadel混淆壳说起
• 2016.04 [freebuf] 漫谈混淆技术：从Citadel混淆壳说起
• 2016.04 [n0where] Obfuscated String Solver: Floss
• 2016.04 [advancedpersistentjest] Writeup – Obfuscation (sCTF)
• 2016.04 [jm33] 使用Obfsproxy (Scramblesuit) 混淆sh4d0ws0cks流量
• 2016.04 [layerone] DeObf 2016: I Wanna Be (De)Obfuscated!
• 2016.03 [fortinet] Unseen Dangers—Obfuscation Tools & Cybercrime
• 2016.03 [arxiv] [1603.06597] Evaluating the Security of a DNS Query Obfuscation Scheme for Private Web Surfing
• 2016.02 [buffered] TLV Traffic Obfuscation
• 2016.02 [arxiv] [1602.01771] On Quantum Obfuscation
• 2016.01 [arxiv] [1601.06371] Your Interests According to Google - A Profile-Centered Analysis for Obfuscation of Online Tracking Profiles
• 2016.01 [sans] Obfuscated MIME Files
• 2016.01 [DarrenKitchen] Mail Obfuscation and Pickup Procrastination
• 2016.01 [arxiv] [1601.00763] Translingual Obfuscation
• 2016.01 [freebuf] FLARE脚本系列：自动解码混淆字符串
• 2015.12 [360] ​FLARE脚本系列：自动解码混淆字符串
• 2015.12 [pediy] [原创]记一次混淆算法逆向分析
• 2015.11 [securitygossip] LOOP: Logic-Oriented Opaque Predicate Detection in Obfuscated Binary Code
• 2015.11 [sjtu] LOOP: Logic-Oriented Opaque Predicate Detection in Obfuscated Binary Code
• 2015.11 [benthamsgaze] Program obfuscation
• 2015.11 [trustwave] BOM Obfuscation in Spam
• 2015.09 [malwarebytes] Obfuscated URLs, where is that link taking you?
• 2015.09 [cert] A funny little obfuscation technique
• 2015.08 [pediy] [原创]过腾讯的资源混淆,附工具
• 2015.06 [arxiv] [1506.03032] N-Version Obfuscation: Impeding Software Tampering Replication with Program Diversity
• 2015.06 [talosintelligence] Angler EK: More Obfuscation, Fake Extensions, and Other Nonsense
• 2015.03 [layerone] The (De)Obfuscated: De-obfuscation contest returns!
• 2015.03 [sans] An Example of Evolving Obfuscation
• 2015.02 [websec] Presentation on Optimization and Obfuscation Techniques for SQL Injections
• 2015.01 [arxiv] [1501.02885] Benchmarking Obfuscators of Functionality
• 2014.11 [trendmicro] Obfuscated Flash Files Make Their Mark in Exploit Kits
• 2014.09 [lastline] Rogue Online Pharmacies Use Fake Security Seals and Content Obfuscation to Deceive Humans and Programs
• 2014.09 [pediy] [原创]多态混淆器 [开源]
• 2014.06 [mrg] How deep is the rabbit hole? A tale about exploit kits and layers of obfuscation
• 2014.05 [Proteas] 反-反汇编 & 混淆 #1： 苹果没有遵循自己制定的Mach-O规范？
• 2014.05 [arxiv] [1405.5410] A Codon Frequency Obfuscation Heuristic for Raw Genomic Data Privacy
• 2014.05 [trustwave] Exploit Kit Roundup: Best of Obfuscation Techniques
• 2014.04 [brendangregg] Compilers: Let Me Obfuscate That For You
• 2014.03 [trendmicro] Careto and OS X Obfuscation
• 2014.02 [cryptographyengineering] Cryptographic obfuscation and ‘unhackable’ software
• 2014.02 [arxiv] [1402.3426] Privacy Games: Optimal User-Centric Data Obfuscation
• 2014.01 [arxiv] [1401.0348] The impossibility of obfuscation with auxiliary input or a universal simulator
• 2013.11 [palshack] Hardcore SQL Injections, optimizations and obfuscation
• 2013.10 [arxiv] [1311.0044] Thread-Based Obfuscation through Control-Flow Mangling
• 2013.09 [doar] Breaking Kryptonite's Obfuscation: A Static Analysis Approach Relying on Symbolic Execution
• 2013.08 [welivesecurity] Nymaim - obfuscation chronicles
• 2013.08 [doar] Regular Expressions Obfuscation Under the Microscope
• 2013.07 [pediy] [原创]实时混淆生成的crackme
• 2013.05 [malwarebytes] Nowhere to Hide: Three methods of XOR obfuscation
• 2013.01 [mcafee] IPS Countermeasures Fight Obfuscation, Evasion
• 2013.01 [talosintelligence] The 0-day That Wasn't: Dissecting A Highly Obfuscated PDF Attack
• 2012.12 [arxiv] [1212.6458] Partial-indistinguishability obfuscation using braids
• 2012.11 [compass] ASFWS – Obfuscator, ou comment durcir un code source ou un binaire contre le reverse-engineering
• 2012.09 [sysforensics] Obfuscated iframe leads to Blackhole Exploit Kit 2.0
• 2012.09 [toolswatch] NOVA the Network Obfuscation and Virtualized Anti-Reconnaissance v12.6 available
• 2012.05 [arxiv] [1205.4813] Securing SQLJ Source Codes from Business Logic Disclosure by Data Hiding Obfuscation
• 2012.02 [reverse] Obfuscation #2: Playing entrypoint hide & seek game with dyld
• 2011.02 [securityinnovation] How Much Security Does Obfuscation Get You?
• 2010.11 [androidcracking] string obfuscation
• 2010.08 [forcepoint] Phoenix Exploit Kit's Random Access Obfuscation
• 2010.08 [websec] Attacking Linksys WRT160N router using the "URL Obfuscation in Frames" bug
• 2010.08 [sans] Obfuscated SQL Injection attacks
• 2010.04 [arxiv] [1004.4940] FauxCrypt - A Method of Text Obfuscation
• 2010.04 [forcepoint] De-obfuscating the obfuscated binaries with visualization
• 2009.08 [rapid7] Binary Obfuscation from the Top Down
• 2009.08 [msreverseengineering] Unpacking Virtualization Obfuscators
• 2009.02 [sans] We want your logs, obfuscated even.
• 2009.02 [gamelinux] Status Bar Obfuscation / Clickjacking in Firefox
• 2008.12 [addxorrol] Sometimes, diffing can remove obfuscation (albeit rarely)
• 2008.10 [imperialviolet] Obfuscated TCP
• 2008.08 [kobyk] Unexporting a function from a DLL at runtime by name obfuscation
• 2008.05 [arxiv] [0805.4648] On White-box Cryptography and Obfuscation
• 2008.03 [imperialviolet] OTCP - Obfuscated TCP
• 2007.05 [sans] Analyzing an obfuscated ANI exploit
• 2007.03 [pediy] [分享]ACProtect之补区段法(OEP Obfuscation, API redirection)
• 2007.02 [em386] Obfuscated ELF Objects
• 2007.01 [trendmicro] Just another obfuscated script… and browser exploits galore!
• 2007.01 [slightlyrandombrokenthoughts] Obfuscating by overloading method and field names
• 2006.09 [trendmicro] Obfuscation: Creating something new but not really…
• 2006.05 [sans] Phishers use urlencoding to obfuscate hostnames
• 2006.01 [pediy] 我对混淆代码的粗浅认识

<a id="b3551c683c83f36d15d84d207f2b1c9b"></a>新添加-反混淆

<a id="ac795f859fb0f410e2fbda2ef60f407f"></a>工具

• [233星][15d] [Py] rub-syssec/syntia Syntia:综合模糊代码的语义
• [212星][13d] [Py] eth-sri/debin Machine Learning to Deobfuscate Binaries
• [204星][3m] [Jupyter Notebook] malrev/abd Course materials for Advanced Binary Deobfuscation by NTT Secure Platform Laboratories
• [154星][12d] [Py] cq674350529/deflat use angr to deobfuscation
• [103星][2y] [C#] holly-hacker/eazfixer A deobfuscation tool for Eazfuscator.
• [62星][2y] [Java] java-deobfuscator/deobfuscator-gui deobfuscator的GUI
• [44星][1m] [Py] dissectmalware/batch_deobfuscator Deobfuscate batch scripts obfuscated using string substitution and escape character techniques.
• [40星][3y] [C++] x64dbg/interobfu Intermediate x86 instruction representation for use in obfuscation/deobfuscation.
• [37星][21d] [JS] michenriksen/hackpad A web application hacker's toolbox. Base64 encoding/decoding, URL encoding/decoding, MD5/SHA1/SHA256/HMAC hashing, code deobfuscation, formatting, highlighting and much more.
• [35星][19d] [Java] graxcode/zelixkiller Deobfuscate ZKM up to version 11
• [31星][4y] [Pascal] pigrecos/codedeobfuscator Code Deobfuscator
• [21星][1m] [Py] cylance/winapi-deobfuscation Towards Generic Deobfuscation of Windows API Calls
• [20星][2m] [C++] jacob-baines/jit_obfuscation_poc Using GNU lightning to generate xor deobfuscation at runtime
• [20星][9m] [Py] jnraber/virtualdeobfuscator Reverse engineering tool for virtualization wrappers
• [16星][8m] [C] gdbinit/unicorn_string_deobfuscator A Unicorn based emulator to deobfuscate Equation Group string XOR obfuscation
• [16星][25d] [Kotlin] heartpattern/mc-remapper Deobfuscator for Minecraft by mapping json
• [16星][25d] [Kotlin] heartpattern/mc-remapper Deobfuscator for Minecraft by mapping json
• [15星][24d] [Java] lxgaming/reconstruct ProGuard Deobfuscator
• [11星][2m] calware/deobfuscation Binary Deobfuscation Series
• [10星][4m] [Java] soxs/osrsupdater A simple (and outdated) Old-School RuneScape decompiler/deobfuscator. Performs field and method analysis which uses ASM and bytecode patterns for identification. Identified fields could be used for creating bot clients or QoL clients. For educational use only.
• [9星][3m] [C] valdikss/sophos-deobfuscation-tool Sophos Deobfuscation Tool. Deobfuscates passwords obfuscated with Sophos Obfuscation Tool.
• [6星][14d] [C++] teapotd/xdeobf A deobfuscation plugin for IDA
• [4星][12m] [Rust] xermicus/r2deob deobfuscation PoC with r2 + ESIL
• [4星][3m] [Py] randomrhythm/web_log_deobfuscate Deobfuscate various encodings that can be found in web logs.
• [4星][6m] [JS] skyrising/mc-deobfuscator Automatic deobfuscator for Minecraft
• [4星][8m] [JS] bobbystacksmash/cmd-deobfuscator A Node.js module for deobfuscating and expanding DOS/BATCH commands.
• [3星][1y] [Java] aperrad/gwtclientlogdeobfuscator GWT Client Stacktrace Deobfuscator
• [2星][2y] [Groovy] nao20010128nao/kliket A php code deobfuscator (re)written in Groovy
• [1星][3y] [Java] jasjisdo/enigma A deobfuscator tool for JavaSE bytecode
• [1星][4m] [Py] 0h2o/py2_deobf_tool Python2.7 pyc deobfuscator
• [0星][2y] [JS] notathrowaway/deobfuscated-payloads_tiempo-en-colombia-en-vivo Deobfuscated payload scripts of the extension "Tiempo en colombia en vivo". Sorry for the long name.
• [0星][5m] [Py] uintdev/cssed Cloudflare ScrapeShield Email Deobfuscator
• [None星][Py] dissectmalware/xlmmacrodeobfuscator Extract and Deobfuscate XLM macros (a.k.a Excel 4.0 Macros)

<a id="6b28f0c3d5bfab275e21b6e943063a17"></a>文章

• 2020.02 [quarkslab] PhD Defense of Jonathan Salwan: Use of Symbolic Execution for Binary Deobfuscation
• 2019.07 [freebuf] 反混淆神器！CyberChef助你秒解混淆脚本
• 2019.04 [msreverseengineering] An Abstract Interpretation-Based Deobfuscation Plugin for Ghidra
• 2019.02 [arxiv] [1902.05357] Estimating the Circuit Deobfuscating Runtime based on Graph Deep Learning
• 2019.01 [pediy] [原创]c/c++反混淆方法
• 2019.01 [Swarlemagne] F'ing around with Binary Ninja, Episode 6: Automating Deobfuscation!
• 2019.01 [Swarlemagne] F'ing around with Binary Ninja, Episode 5: Automated Deobfuscation!
• 2019.01 [aliyun] Automatic string formatting deobfuscation
• 2019.01 [Swarlemagne] F'ing Around with Binary Ninja, Episode 4: Emulator, and Deobfuscation!
• 2019.01 [klee] Effectiveness of Synthesis in Concolic Deobfuscation
• 2018.11 [malwarebytes] TrickBot主模块使用新的混淆技术
• 2018.07 [sans] Windows Batch File Deobfuscation
• 2018.07 [360] 符号反混淆：从虚拟代码中恢复源码(DIMVA 2018)
• 2018.07 [quarkslab] Symbolic Deobfuscation: From Virtualized Code Back to the Original (DIMVA 2018)
• 2018.05 [pediy] [原创]JEB2反混淆神器
• 2018.05 [hexblog] Deobfuscating xor’ed strings
• 2018.03 [hasherezade] Deobfuscating TrickBot's strings with libPeConv
• 2018.03 [pediy] [翻译]手把手静态分析FinSpy VM：第三部分第一阶段，反混淆FINSPY VM字节码程序
• 2018.02 [msreverseengineering] FinSpy VM Unpacking Tutorial Part 3: Devirtualization. Phase #1: Deobfuscating FinSpy VM Bytecode Programs
• 2018.02 [dustri] Paper notes: Towards generic deobfuscation of Windows API calls
• 2018.02 [venus] JStillery：Advanced JS Deobfuscation via Partial Evaluation
• 2018.01 [msreverseengineering] 恶意软件 Finspy VM 脱壳教程 - X86 反混淆
• 2017.10 [Cooper] Hack.lu 2017 SMT Solvers in the IT Security - deobfuscating binary code with logic by Thaís Hamasaki
• 2017.10 [0x00sec] Deobfuscating js code
• 2017.07 [] Deobfuscating PjOrion using bytecode simplifier
• 2017.03 [pediy] [翻译]AutoIt脚本反混淆
• 2017.03 [dist67] Maldoc Deobfuscation: Plugin sub-str
• 2017.03 [dist67] Maldoc Deobfuscation: Character Removal
• 2016.07 [hackerlists] 13 Awesome Deobfuscation Tools For Reverse Engineers
• 2016.05 [] PjOrion Deobfuscator Open Sourced
• 2016.04 [sjtu] Deobfuscation Reverse Engineering Obfuscated Code
• 2016.03 [360] MIME类型文件反混淆工具
• 2015.10 [mindedsecurity] Advanced JS Deobfuscation Via AST and Partial Evaluation (Google Talk WrapUp)
• 2015.10 [ixiacom] Angler Exploit Kit Deobfuscation and Analysis
• 2015.06 [msreverseengineering] Transparent Deobfuscation with IDA Processor Module Extensions
• 2015.05 [securitygossip] Deobfuscation of Virtualization-Obfuscated Software: A Semantics-Based Approach
• 2015.05 [sjtu] Deobfuscation of Virtualization-Obfuscated Software: A Semantics-Based Approach
• 2014.12 [ZeroNights] Dmitry Schelkunov, Vasily Bukasov - «Deobfuscation and beyond»
• 2014.06 [nvisium] Deobfuscate Client Side Cookies
• 2013.04 [malforsec] Blackhole Exploit Kit - deobfuscating the CVE-2010-0188 PDF
• 2012.11 [quequero] Deobfuscating generic BlackHole 2 with JsADO
• 2011.07 [msreverseengineering] Control Flow Deobfuscation via Abstract Interpretation
• 2011.02 [sogeti] Training at CanSecWest 2011: Advanced binary deobfuscation

贡献

内容为系统自动导出, 有任何问题请提issue