irt/docker_file_analysis
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Add markdown wiki with 473 pages and zk browser

Browse Source 
Generate interlinked wiki from master inventory: 397 tool pages,
15 workflow pages, 27 recipe pages, 33 category pages, plus index.
All pages use [[wiki-links]] for cross-navigation between tools,
workflows, recipes, and categories (1782 links total).

Install zk for interactive browsing with fzf search, tag filtering,
and backlink discovery. Add 'fhelp wiki' command and Makefile target.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
This commit is contained in:
tobias
2026-03-28 19:50:36 +01:00
parent b13db23a5e
commit e62a14dafc
478 changed files with 7683 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files
data/generated/wiki/recipes/rtf-shellcode-extraction.md
+19
View File
@@ -0,0 +1,19 @@
# Extract Shellcode from RTF Document
> Find and extract embedded shellcode from a malicious RTF file
**Tools:** [[tools/rtfdump-py|rtfdump-py]], [[tools/xorsearch|xorsearch]], [[tools/scdbgc|scdbgc]]
**FOR610 Lab:** 3.5
## Commands
```bash
# Scan RTF structure — look for groups with lots of hex data
rtfdump.py <document.rtf>
# Extract the hex-heavy group as binary
rtfdump.py <document.rtf> -s <group_num> -H -d > extracted.bin
# Scan for shellcode patterns (even XOR-encoded)
XORSearch -W -d 3 extracted.bin
# Emulate shellcode at found offset
scdbgc /f extracted.bin /foff <offset> /s -1
```
#recipe #rtfdump-py #xorsearch #scdbgc