irt/docker_file_analysis
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
Files
3a8e5d90efaa361e0ef2e1514807313a9c1ab7ef
docker_file_analysis/data/generated/workflows/index.txt
T
tobias f3ccc09c3d Add FOR610 tool/workflow knowledge base and data pipeline 
Build comprehensive malware analysis knowledge base from 3 sources:
- SANS FOR610 course: 120 tools, 47 labs, 15 workflows, 27 recipes
- REMnux salt-states: 340 packages parsed from GitHub
- REMnux docs: 280+ tools scraped from docs.remnux.org

Master inventory merges all sources into 447 tools with help tiers
(rich/standard/basic). Pipeline generates: tools.db (397 entries),
397 cheatsheets with multi-tool recipes, 15 workflow guides, 224
TLDR pages, and coverage reports.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
2026-03-28 17:38:15 +01:00

96 lines
3.2 KiB
Plaintext
Raw Blame History

============================================================
Available Analysis Workflows
============================================================
static-analysis-workflow
Static Properties Analysis
Systematic static examination of a suspicious file
without executing it. Works for PE, ELF, .NET,
scripts, and documents.
behavioral-analysis-workflow
Behavioral Analysis
Monitor runtime behavior in an isolated environment.
Applicable to any executable or script on Linux
(REMnux) or Windows.
network-interception-workflow
Network Traffic Interception
Redirect and analyze malware network traffic in an
isolated REMnux environment. Covers DNS, HTTP,
HTTPS, and raw IP interception.
document-analysis-workflow
Malicious Document Analysis
Analyze suspicious documents (PDF, Office, RTF,
OneNote) for embedded malware, macros, and exploits.
Follows Zeltser's 6-step methodology.
javascript-deobfuscation-workflow
JavaScript Deobfuscation
Deobfuscate and analyze malicious JavaScript from
web pages, email attachments, or document macros.
unpacking-workflow
Unpacking Packed Executables
Unpack compressed, encrypted, or obfuscated
executables to reveal the original code. Covers
automated and manual techniques.
code-injection-workflow
Code Injection Analysis
Identify and analyze process injection techniques
including DLL injection, process hollowing, and
reflective loading.
dotnet-analysis-workflow
.NET Malware Analysis
Analyze .NET malware using decompilation, debugging,
and deobfuscation. Works for .NET Framework, .NET
Core, and mixed-mode assemblies.
shellcode-analysis-workflow
Shellcode Analysis
Analyze extracted shellcode from documents,
exploits, or injected processes. Covers detection,
emulation, and payload identification.
string-deobfuscation-workflow
String & Data Deobfuscation
Decode obfuscated strings and data in malware.
Covers XOR, Base64, stack strings, custom
algorithms, and multi-layer encoding.
memory-forensics-workflow
Memory Forensics
Analyze memory dumps to find malware artifacts,
injected code, and hidden processes. Uses Volatility
3 framework on REMnux.
android-analysis-workflow
Android Malware Analysis
Analyze suspicious Android APK files using static
and dynamic techniques available in REMnux.
java-analysis-workflow
Java Malware Analysis
Analyze malicious Java archives (JAR), applets, and
compiled classes. Covers decompilation and code
analysis.
email-analysis-workflow
Email & Phishing Analysis
Analyze suspicious email messages for phishing
indicators, malicious attachments, and weaponized
links.
cobalt-strike-workflow
Cobalt Strike Analysis
Analyze Cobalt Strike beacons, configurations, and
network traffic using Didier Stevens' CS toolkit on
REMnux.
────────────────────────────────────────────────────────────
Usage: fhelp workflow <name>
Example: fhelp workflow static-analysis
Reference in New Issue View Git Blame Copy Permalink