This is a compact reference for malware analysis CTF challenges, covering everything from deobfuscating PowerShell and JavaScript to extracting C2 configs from PE and .NET binaries. You get practical patterns for custom crypto protocols (RC4 WebSocket C2, ChaCha20 keystream extraction), anti-analysis techniques like API hashing and VM detection, and forensics tooling around Volatility, YARA, and shellcode emulation with Unicorn. The supporting files include real examples like trojanized plugin analysis with custom alphabet rotation and Telegram bot token recovery. Useful when you're past basic reversing and dealing with actual malicious behavior, encrypted comms, or sandbox evasion. If it's just a crackme or packed binary with no C2 activity, you're better off with ctf-reverse instead.
npx skills add https://github.com/ljagiello/ctf-skills --skill ctf-malware