Skip to content

Releases: mandiant/flare-floss

Spring Snake

08 May 08:33
@mr-tz mr-tz
v1.5.0
ab8f775
Compare
Choose a tag to compare
Spring Snake

Major changes:

  • filtering of false positive deobfuscated strings
  • new --no-filter option to disable filtering
  • improved heuristics to find stackstrings
  • enhanced stackstrings extraction
  • additional API hooks, improving emulation coverage

Please be aware that some of the APIs, e.g. decode_strings and extract_stackstrings, changed.

Assets 6
Loading

BHEU Bald Eagle

03 Nov 15:32
@mr-tz mr-tz
v1.4.0
625bfbe
Compare
Choose a tag to compare
BHEU Bald Eagle

Major changes:

  • analyze shellcode from raw binary files
  • 32bit and 64bit standalone nightly builds for Windows
  • support for x64dbg database file
  • display vivisect analysis meta information
  • new plugin to identify decoding routines based on suspicious mov instructions
  • additional API hooks, improving emulation coverage
  • fewer false positive decoded strings
Assets 6
Loading

#DFIRSummit Dragon

23 Jun 14:54
@williballenthin williballenthin
v1.3.0
aa164b9
Compare
Choose a tag to compare
#DFIRSummit Dragon

major changes:

  • drastically improve performance, esp. for complex binaries
  • improve command line argument handling
  • enable static strings output, simplify default output mode
  • add r2 scripting support
  • fix bug extracting static strings from non-PE binaries
  • add additional API hooks, improving emulation coverage
  • filter out even more non-sensical strings
Assets 5
Loading

Computer Science Fair Fox

13 May 20:14
@williballenthin williballenthin
v1.2.0
537eab1
Compare
Choose a tag to compare
Computer Science Fair Fox

major changes:

  • add testing framework
  • add tests for known decoding routines
  • improve formatting of tables (headers, column spacing, etc.)
  • enable nightly builds
  • support osx standalone binaries
  • improved detection of decoding routines
  • fix emulation of some specific assembly instructions
  • add additional api hooks for memory allocation and manipulation
  • prepare for use in tool frameworks
Assets 5
Loading

AtlSecCon Atlas

10 Apr 15:57
@williballenthin williballenthin
v1.1.0
d638337
Compare
Choose a tag to compare
AtlSecCon Atlas

Lots of new features, including:

  • static strings mode: for extracting cleartext strings like strings.exe.
  • quiet mode: for piping output to grep.
  • improved documentation everywhere (github & source code).
  • can use FLOSS as a Python library in other tools.
  • simplified code for long term maintenance.
Assets 4
Loading

v1.0.3

10 Mar 02:44
@williballenthin williballenthin
v1.0.3
df6197f
Compare
Choose a tag to compare
v1.0.3 
setup: bump to 1.0.3
Assets 4
Loading

v1.0.2

10 Mar 02:34
@williballenthin williballenthin
v1.0.2
a3aac83
Compare
Choose a tag to compare
v1.0.2 
setup.py: bump to 1.0.2
Assets 3
Loading

Tarheel Torpedo

04 Mar 22:48
@williballenthin williballenthin
v1.0.1
5264b6e
Compare
Choose a tag to compare
Tarheel Torpedo

Initial release. Differs from release "Initial Release" only in version number (1.0.1) to ensure we got the GitHub versioning process down correctly.

Assets 4
Loading

Initial Release

04 Mar 22:24
@williballenthin williballenthin
v1.0.0
d9feea4
Compare
Choose a tag to compare
Initial Release

Initial release.

Assets 4
Loading