tobias
e62a14dafc
Generate interlinked wiki from master inventory: 397 tool pages, 15 workflow pages, 27 recipe pages, 33 category pages, plus index. All pages use [[wiki-links]] for cross-navigation between tools, workflows, recipes, and categories (1782 links total). Install zk for interactive browsing with fzf search, tag filtering, and backlink discovery. Add 'fhelp wiki' command and Makefile target. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
1.6 KiB
1.6 KiB
capa
Identify malware capabilities mapped to MITRE ATT&CK framework and Malware Behavior Catalog
Category: categories/statically-analyze-code-pe-files | Tier: Rich (FOR610) Docs: https://docs.remnux.org/discover-the-tools/statically+analyze+code/pe-files
Usage
capa specimen.exe
capa -vv specimen.exe
capa -vv specimen.exe | grep -A7 'Suspended Process'
Recipes
Workflows
- workflows/static-analysis-workflow — Step 5: Capability Detection
- workflows/behavioral-analysis-workflow — Step 4: Emulation (Safe Alternative)
- workflows/unpacking-workflow — Step 8: Verification
- workflows/code-injection-workflow — Step 1: Capability Detection
- workflows/shellcode-analysis-workflow — Step 1: Shellcode Detection
- workflows/cobalt-strike-workflow — Step 1: Beacon Detection
Related Tools
- tools/binee-binary-emulation-environment — Analyze I/O operations of a suspicious PE file by emulating
- tools/mbcscan — Scan a PE file to list the associated Malware Behavior Catal
- tools/speakeasy — Windows binary emulator — emulates API calls to analyze malw
FOR610
Labs: 1.4, 5.4 Sections: 1, 5
#capabilities #mitre-attack #automated-analysis