tobias
f3ccc09c3d
Build comprehensive malware analysis knowledge base from 3 sources: - SANS FOR610 course: 120 tools, 47 labs, 15 workflows, 27 recipes - REMnux salt-states: 340 packages parsed from GitHub - REMnux docs: 280+ tools scraped from docs.remnux.org Master inventory merges all sources into 447 tools with help tiers (rich/standard/basic). Pipeline generates: tools.db (397 entries), 397 cheatsheets with multi-tool recipes, 15 workflow guides, 224 TLDR pages, and coverage reports. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
27 lines
734 B
Plaintext
27 lines
734 B
Plaintext
# FLOSS
|
|
# Automatically extract obfuscated strings from malware using static analysis, stack strings, and emulation
|
|
# FOR610 Labs: 5.2, 5.3 | Sections: 5
|
|
# Docs: https://docs.remnux.org/discover-the-tools/examine+static+properties/deobfuscation
|
|
|
|
% strings, deobfuscation, automated
|
|
|
|
# Basic usage
|
|
floss specimen.exe
|
|
|
|
# Save output to file
|
|
floss specimen.exe > strings-output.txt
|
|
|
|
# Skip static analysis, focus on dynamic
|
|
floss --no-static -- specimen.exe
|
|
|
|
|
|
# --- Recipes (multi-tool chains) ---
|
|
|
|
# >> Extract Stack-Built Strings
|
|
# Automatic stack string recovery
|
|
strdeob.pl <sample>
|
|
# FLOSS automatic deobfuscation (static + stack + decoded)
|
|
floss <sample>
|
|
# FLOSS skip static strings, only show decoded
|
|
floss --no-static -- <sample>
|