Improve a bit the README file

author: Julien (jvoisin) Voisin 2016-08-30 15:44:55 +0200
committer: Julien (jvoisin) Voisin 2016-08-30 15:45:35 +0200
commit: e5560e053a754ba3ab189e01cbfa9c5a95437a6c (patch)
tree: 651b3fbd3c561a48b85ced0b592d8f61ec599f7d /README.md
parent: 12c72b5cd4d94bbb26caa7687f1f708e17cca68d (diff)
1 files changed, 7 insertions, 6 deletions
diff --git a/README.md b/README.md
index 3371ca7..5d6a4d9 100644
--- a/README.md
+++ b/README.md
@@ -26,16 +26,17 @@ The following list of encoders/obfuscators/webshells are also detected:
 * [Cipher Design]( http://cipherdesign.co.uk/service/php-obfuscator )
 * [Cyklodev]( http://sysadmin.cyklodev.com/online-php-obfuscator/ )
 * [Joes Web Tools Obfuscator]( http://www.joeswebtools.com/security/php-obfuscator/ )
+* [P.A.S]( http://profexer.name/pas/download.php )
+* [PHP Jiami]( http://www.phpjiami.com/ )
 * [Php Obfuscator Encode]( http://w3webtools.com/encode-php-online/ )
 * [SpinObf]( http://mohssen.org/SpinObf.php )
 * [Weevely3]( https://github.com/epinna/weevely3 )
 * [atomiku]( http://atomiku.com/online-php-code-obfuscator/ )
 * [cobra obfuscator]( http://obfuscator.uk/example/ )
 * [phpencode]( http://phpencode.org )
-* [webtoolsvn]( http://www.webtoolsvn.com/en-decode/ )
 * [tennc]( http://tennc.github.io/webshell/ )
 * [web-malware-collection]( https://github.com/nikicat/web-malware-collection )
-* [P.A.S]( http://profexer.name/pas/download.php )
+* [webtoolsvn]( http://www.webtoolsvn.com/en-decode/ )
 Of course it's **trivial** to bypass PMF,
@@ -43,7 +44,7 @@ but its goal is to catch kiddies and idiots,
 not people with a working brain.
 If you report a stupid tailored bypass for PMF, you likely belong to one (or
-both) category, and should re-read the previous sentence.
+both) category, and should re-read the previous statement.
 ## How does it work?
@@ -83,7 +84,7 @@ whitelist system, and greedy regexps. Please note that if you plan to build
 yara from sources, libssl-dev must be installed on your system in order to
 have support for hashes.
-Ho, and by the way, you can run the comprehensive testsuite with `make test`.
+Ho, and by the way, you can run the *comprehensive* testsuite with `make test`.
 ## Whitelisting
@@ -97,9 +98,9 @@ Because:
  https://github.com/Neo23x0/signature-base/blob/e264d66a8ea3be93db8482ab3d639a2ed3e9c949/yara/thor-webshells.yar
  ), since it only cares about finding malicious patterns, not specific webshells
 - Its whitelist system doesn't rely on filenames
- It doesn't rely on (slow) entropy calculation
+- It doesn't rely on (slow) [entropy computation]( https://en.wikipedia.org/wiki/Entropy_(information_theory) )
 - It uses a ghetto-style static analysis, instead of relying on file hashes
- Thanks to the aforementioned pseudo-static analysis, it works on obfuscated files too
+- Thanks to the aforementioned pseudo-static analysis, it works (especially) on obfuscated files too
 ## Licensing
author	Julien (jvoisin) Voisin	2016-08-30 15:44:55 +0200
committer	Julien (jvoisin) Voisin	2016-08-30 15:45:35 +0200
commit	e5560e053a754ba3ab189e01cbfa9c5a95437a6c (patch)
tree	651b3fbd3c561a48b85ced0b592d8f61ec599f7d /README.md
parent	12c72b5cd4d94bbb26caa7687f1f708e17cca68d (diff)