Skip to content

Commit

Permalink
tweak readme
Browse files Browse the repository at this point in the history
  • Loading branch information
@natesubra
natesubra committed Apr 12, 2023
1 parent 5ece4d8 commit 424341d
Showing 1 changed file with 19 additions and 11 deletions.
30 changes: 19 additions & 11 deletions README.md
View file
Original file line number Diff line number Diff line change
@@ -1,20 +1,28 @@
# ThreatCheck(er)

A updated/modified version of ThreatCheck/DefenderCheck
A updated/modified version of ThreatCheck/DefenderCheck. Full credit to [Matterpreter](https://github.com/matterpreter/DefenderCheck)/[Rastamouse](https://github.com/rasta-mouse/ThreatCheck) for the initial implementation(s) and ideas.

Changes:
---

- Refactored output: Now attempts to identify the range of suspect bytes
- Re-enabled debug output, for when
- Refactored some things that were getting flagged by AV (this probably won't last long, class names IIRC)
- Added GitHub CI/CD Release
- Updated dependencies etc
## Credits
Takes a binary as input (either from a file on disk or a URL), splits it until it pinpoints that exact bytes that the target engine will flag on and prints them to the screen. This can be helpful when trying to identify the specific bad pieces of code in your tool/payload.

- Modified version of [RastaMouse's](https://rastamouse.me/) [ThreatCheck](https://github.com/rasta-mouse/ThreatCheck)
- Which in turn is a modified version of [Matterpreter's](https://twitter.com/matterpreter) [DefenderCheck](https://github.com/matterpreter/DefenderCheck).
Changes:

Takes a binary as input (either from a file on disk or a URL), splits it until it pinpoints that exact bytes that the target engine will flag on and prints them to the screen. This can be helpful when trying to identify the specific bad pieces of code in your tool/payload.
- Refactored output: Now attempts to identify and print the range of suspect bytes
- New HexDump function
- Added GitHub CI/CD Release
- Added an arg to enable debug output, for when you want to watch text scroll fast
- Refactored some things that were getting flagged by AV in the OG ThreatCheck
- Dependencies:
- added new deps required for hexdump
- added [Costura.Fodya] to allow the exe to be self contained (embedded assemblies)
- updated deps to latest stable

Todo:

- Fix the debug display showing the full byte range AROUND the suspect bytes
- Implement additional logic for corner cases
- ??? (Pull requests accepted)

```text
C:\>ThreatChecker.exe --help
Expand Down

0 comments on commit 424341d

Please sign in to comment.