irt/docker_file_analysis
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Add markdown wiki with 473 pages and zk browser

Browse Source 
Generate interlinked wiki from master inventory: 397 tool pages,
15 workflow pages, 27 recipe pages, 33 category pages, plus index.
All pages use [[wiki-links]] for cross-navigation between tools,
workflows, recipes, and categories (1782 links total).

Install zk for interactive browsing with fzf search, tag filtering,
and backlink discovery. Add 'fhelp wiki' command and Makefile target.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
This commit is contained in:
tobias
2026-03-28 19:50:36 +01:00
parent b13db23a5e
commit e62a14dafc
478 changed files with 7683 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files
data/generated/wiki/tools/capa.md
+34
View File
@@ -0,0 +1,34 @@
# capa
> Identify malware capabilities mapped to MITRE ATT&CK framework and Malware Behavior Catalog
**Category:** [[categories/statically-analyze-code-pe-files|Statically Analyze Code > PE Files]] | **Tier:** Rich (FOR610)
**Docs:** [https://docs.remnux.org/discover-the-tools/statically+analyze+code/pe-files](https://docs.remnux.org/discover-the-tools/statically+analyze+code/pe-files)
## Usage
```bash
capa specimen.exe
capa -vv specimen.exe
capa -vv specimen.exe | grep -A7 'Suspended Process'
```
## Recipes
- [[recipes/capa-capability-filter|Filter Capabilities by Technique]]
## Workflows
- [[workflows/static-analysis-workflow|Static Properties Analysis]] — Step 5: Capability Detection
- [[workflows/behavioral-analysis-workflow|Behavioral Analysis]] — Step 4: Emulation (Safe Alternative)
- [[workflows/unpacking-workflow|Unpacking Packed Executables]] — Step 8: Verification
- [[workflows/code-injection-workflow|Code Injection Analysis]] — Step 1: Capability Detection
- [[workflows/shellcode-analysis-workflow|Shellcode Analysis]] — Step 1: Shellcode Detection
- [[workflows/cobalt-strike-workflow|Cobalt Strike Analysis]] — Step 1: Beacon Detection
## Related Tools
- [[tools/binee-binary-emulation-environment|binee (Binary Emulation Environment)]] — Analyze I/O operations of a suspicious PE file by emulating
- [[tools/mbcscan|mbcscan]] — Scan a PE file to list the associated Malware Behavior Catal
- [[tools/speakeasy|speakeasy]] — Windows binary emulator — emulates API calls to analyze malw
## FOR610
**Labs:** 1.4, 5.4
**Sections:** 1, 5
#capabilities #mitre-attack #automated-analysis