Python: module EntropyEncoding

EntropyEncoding (version 0.0.3)

This package implements an encoding to bypass entropy antivirus check. https://www.schellman.com/blog/cybersecurity/penetration-testing-methods-entropy https://vanmieghem.io/blueprint-for-evading-edr-in-2022/ https://pentest.blog/art-of-anti-detection-1-introduction-to-av-detection-techniques/ Information based on a blog (red teamer test a not named EDR): - antivirus detect potentially malicious entropy when the entropy score is greater than 7.2 ~# python3 EntropyEncoding.py Entropy for non-encoded secrets: 4.521591372417719 Entropy for non-encoded encrypted secrets: 7.945422222752084 Entropy for entropy-encoded encrypted secrets: 5.762166896848745 Entropy for entropy-encoded2 encrypted secrets: 5.748670434218312 Entropy for non-encoded exe: 5.22055339277441 Entropy for non-encoded encrypted exe: 7.923900258907012 Entropy for entropy-encoded encrypted exe: 5.756072685391074 Entropy for entropy-encoded2 encrypted exe: 5.799741821347019 ~#

Functions

entropy_decode(data: bytes, version: int = 1) -> bytes
This function decodes entropy-encoding to retrieve data from entropy-encoded data. version should be 1 or 2.

entropy_decode2(data: bytes) -> bytes
Call entropy_decode with version 2.

entropy_encode(data: bytes, version: int = 1) -> bytes
This function encodes data to bypass entropy checks. version should be 1 or 2.

entropy_encode2(data: bytes) -> bytes
Call entropy_encode with version 2.

shannon_entropy(data: bytes) -> float
This function returns the shannon entropy for bytes. Greater entropy = more randomness Max entropy: 8 Min entropy: 0

Data

__all__ = ['entropy_encode2', 'entropy_decode2', 'entropy_encode', 'entropy_decode', 'shannon_entropy']
__author_email__ = 'mauricelambert434@gmail.com'
__copyright__ = '\nEntropyEncoding Copyright (C) 2023 Maurice La...ome to redistribute it\nunder certain conditions.\n'
__description__ = '\nThis package implements an encoding to bypass entropy antivirus check.\n'
__license__ = 'GPL-3.0 License'
__maintainer__ = 'Maurice Lambert'
__maintainer_email__ = 'mauricelambert434@gmail.com'
__url__ = 'https://github.com/mauricelambert/EntropyEncoding'

Author

Maurice Lambert

Data
		__all__ = ['entropy_encode2', 'entropy_decode2', 'entropy_encode', 'entropy_decode', 'shannon_entropy'] __author_email__ = 'mauricelambert434@gmail.com' __copyright__ = '\nEntropyEncoding Copyright (C) 2023 Maurice La...ome to redistribute it\nunder certain conditions.\n' __description__ = '\nThis package implements an encoding to bypass entropy antivirus check.\n' __license__ = 'GPL-3.0 License' __maintainer__ = 'Maurice Lambert' __maintainer_email__ = 'mauricelambert434@gmail.com' __url__ = 'https://github.com/mauricelambert/EntropyEncoding'