AMSITrigger - The Hunt For Malicious Strings
Usage:
AMSI calls (xmas tree mode) -d, --debug Show Debug Info -m, --maxsiglength=VALUE Maximum signature Length to cater for, default=2048 -c, --chunksize=VALUE Chunk size to send to AMSIScanBuffer, default=4096 -h, -?, --help Show Help ">
-i, --inputfile=VALUE Powershell filename
-u, --url=VALUE URL eg. https://10.1.1.1/Invoke-NinjaCopy.ps1
-f, --format=VALUE Output Format:
1 - Only show Triggers
2 - Show Triggers with Line numbers
3 - Show Triggers inline with code
4 - Show AMSI calls (xmas tree mode)
-d, --debug Show Debug Info
-m, --maxsiglength=VALUE Maximum signature Length to cater for,
default=2048
-c, --chunksize=VALUE Chunk size to send to AMSIScanBuffer,
default=4096
-h, -?, --help Show Help
For details see https://www.rythmstick.net/posts/amsitrigger
AMSITrigger - The Hunt For Malicious Strings
Reviewed by Zion3R
on
5:30 PM
Rating:
![AMSITrigger - The Hunt For Malicious Strings](https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhf-VdmutqDEJa6Ws5No7QQgP9IdeBPifA2QxZ53EYRqy6XuQeb4wg8-R2feeMHrAS8edDM_ccB2b0HIH8GfMXCr8sbXKO0HHhzK0fw2LeEfTHAb_b5gXXvngRnGlRyrxDZ9kWQYuFxoj-O/s72-w640-c-h270/amsitrigger.gif)