HTTPS SSH
Introduction
============

This is a simple tool to detect manipulated image files used in
web-injection attacks. A description can be found in the FireEye
report "Hot Knives Through Butter: Evading File-based Sandboxes".

One type (the one which can be detected by this tool) is just an image
file with html added after the end of image data.

Building
========

You need a C++ compiler installed. The following libraries are used:

 * libjpeg
 * libjsoncpp

Tools needed for the building process:

 * pkg-config

Just type make to build dewebjector.

Usage
=====

Type and the command line

     dewebjector <file1> ...

It will print in each line the file name and if the file is malicious
or benign.

TODO
====

Following features should be implemented:

 * Detect if file is really an image.
 * Provide better detection method for image files.
 * Analyse structure of an image file.
 * Needs more detection levels (unknown, suspicious, benign,
   malicious, error, etc.)

Links
=====

* https://bitbucket.org/rpkrawczyk/dewebjector
* http://www.fireeye.com/resources/pdfs/fireeye-hot-knives-through-butter.pdf