Summary
This is your comprehensive toolkit for analyzing suspicious binaries and scripts, from initial triage with pestudio and capa to writing production YARA rules. It walks through both static analysis (strings extraction, import enumeration, entropy checks) and dynamic behavior profiling in sandboxes with process monitoring and network capture. The anti-analysis detection section is especially practical, covering the real evasion techniques you'll encounter like sleep delays, VM checks, and timing attacks. If you're doing incident response or threat intelligence work, the C2 protocol analysis and fileless malware sections alone justify having this loaded. The unpacking guidance covers both automated tools and manual OEP dumping when dealing with custom packers.
Install to Claude Code
npx -y skills add hypnguyen1209/offensive-claude --skill malware-analysis --agent claude-codeInstalls into .claude/skills of the current project.
Agent, run crypto. Access onchain data & trade routes via 1inch.
Install now →
On Capafy, your Skill runs online 24/7 as an agent product, and you get paid every time someone uses it.
Start earning →
An agent that runs the SEO playbooks that move rankings and ships PRs you control.
Get founding access →
Connect Claude to +800M contacts, +150M companies. Find & Enrich leads in chat.
Try For Free →Files
SKILL.md
Select a file.
Featured
Agent, run crypto. Access onchain data & trade routes via 1inch.
Install now →On Capafy, your Skill runs online 24/7 as an agent product, and you get paid every time someone uses it.
Start earning →An agent that runs the SEO playbooks that move rankings and ships PRs you control.
Get founding access →Connect Claude to +800M contacts, +150M companies. Find & Enrich leads in chat.
Try For Free →
