# DESA - Dynamic Encoded Script Analysis

> Analyst-led autonomous investigation workspace for PowerShell threats.
> Deterministic deobfuscation. Autonomous investigation. Human approval at every critical step.

## Overview

DESA (Dynamic Encoded Script Analysis) is a comprehensive platform for analyzing PowerShell scripts for potential threats, malware indicators, and obfuscation techniques. It provides automated decoding of encoded content, IOC extraction, and threat scoring.

## Engine

- Version: 1.0.0
- Engine: Deterministic v1.0
- Ruleset: 2025.1
- Built-in Rules: 20 curated detection rules with MITRE ATT&CK mapping
- Analysis Pipeline: Ingest → Decode → Normalize → Detect → Enrich → Score → Summarize

## Website

https://desa.platphormnews.com

## API Base URL

https://desa.platphormnews.com/api/v1

## Core Capabilities

- **Script Analysis**: Analyze PowerShell scripts for threats and suspicious patterns
- **Decoding**: Automatic decoding of Base64, Hex, XOR, GZIP, and other encodings
- **IOC Extraction**: Extract IPs, URLs, domains, hashes, emails from scripts
- **Threat Scoring**: Score scripts 0-100 based on detected patterns
- **Pattern Matching**: 20 built-in detection rules with custom rule support
- **Deobfuscation**: Multi-step deobfuscation with timeline tracking
- **JA4+ Fingerprints**: Network fingerprint extraction
- **C2 Config Detection**: Command and control configuration extraction
- **Steganography Detection**: Hidden payload identification

## Key Endpoints

### POST /api/v1/analyze
Analyze a PowerShell script
- Input: { "content": "powershell content" }
- Returns: Threat score, decoded content, detected patterns, IOCs

### GET /api/v1/scripts
List analyzed scripts with pagination and filtering

### GET /api/v1/rules
List detection rules (20 built-in + custom rules)

### GET /api/v1/iocs
List extracted IOCs with pivot capabilities

### POST /api/v1/integrations/mcp
MCP protocol endpoint for AI tool integration

## MCP Tools Available

- desa_analyze_script: Analyze PowerShell scripts
- desa_decode_string: Decode encoded strings
- desa_extract_iocs: Extract IOCs from text
- desa_get_threat_intel: Lookup threat intelligence
- desa_list_detection_rules: List available rules

## Integrations

- JSON Tree: https://json.platphormnews.com
- ASCII Art: https://ascii.platphormnews.com  
- XML Tools: https://xml.platphormnews.com
- MCP Hub: https://mcp.platphormnews.com

## Documentation

- API Docs: https://desa.platphormnews.com/docs
- OpenAPI Spec: https://desa.platphormnews.com/api/docs
- Full LLM Context: https://desa.platphormnews.com/llms-full.txt
- Product Roadmap: https://desa.platphormnews.com/roadmap
- OpenAI Plugin: https://desa.platphormnews.com/.well-known/ai-plugin.json
- MCP Discovery: https://desa.platphormnews.com/.well-known/mcp

## Contact

Maintained by Platphorm News
https://platphormnews.com