# FLOSS
> Automatically extract obfuscated strings from malware using static analysis, stack strings, and emulation

**Category:** [[categories/examine-static-properties-deobfuscation|Examine Static Properties > Deobfuscation]] | **Tier:** Rich (FOR610)
**Docs:** [https://docs.remnux.org/discover-the-tools/examine+static+properties/deobfuscation](https://docs.remnux.org/discover-the-tools/examine+static+properties/deobfuscation)

## Usage
```bash
floss specimen.exe
floss specimen.exe > strings-output.txt
floss --no-static -- specimen.exe
```

## Recipes
- [[recipes/stack-string-extraction|Extract Stack-Built Strings]]

## Workflows
- [[workflows/static-analysis-workflow|Static Properties Analysis]] — Step 4: String Extraction
- [[workflows/shellcode-analysis-workflow|Shellcode Analysis]] — Step 6: String & IOC Extraction
- [[workflows/string-deobfuscation-workflow|String & Data Deobfuscation]] — Step 1: Automated Extraction

## Related Tools
- [[tools/1768|1768.py]] — Parse Cobalt Strike beacon configuration from shellcode or m
- [[tools/balbuzard|balbuzard]] — Extract and deobfuscate patterns from suspicious files.
- [[tools/base64dump|base64dump.py]] — Extract and decode Base64-encoded strings from files
- [[tools/brxor|brxor.py]] — Brute-force XOR key detection for single-byte XOR-encoded st
- [[tools/chepy|chepy]] — Decode and otherwise analyze data using this command-line to

## FOR610
**Labs:** 5.2, 5.3
**Sections:** 5

#strings #deobfuscation #automated