tobias
f3ccc09c3d
Build comprehensive malware analysis knowledge base from 3 sources: - SANS FOR610 course: 120 tools, 47 labs, 15 workflows, 27 recipes - REMnux salt-states: 340 packages parsed from GitHub - REMnux docs: 280+ tools scraped from docs.remnux.org Master inventory merges all sources into 447 tools with help tiers (rich/standard/basic). Pipeline generates: tools.db (397 entries), 397 cheatsheets with multi-tool recipes, 15 workflow guides, 224 TLDR pages, and coverage reports. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
22 lines
586 B
Plaintext
22 lines
586 B
Plaintext
# de4dot
|
|
# .NET deobfuscator — remove obfuscation from .NET assemblies
|
|
# FOR610 Labs: 4.8 | Sections: 4
|
|
# Docs: https://docs.remnux.org/discover-the-tools/statically+analyze+code/.net
|
|
|
|
% dotnet, deobfuscation
|
|
|
|
# Basic usage
|
|
de4dot obfuscated.exe
|
|
|
|
|
|
# --- Recipes (multi-tool chains) ---
|
|
|
|
# >> Decompile .NET on Command Line
|
|
# Decompile to C# source
|
|
ilspycmd <assembly.exe> > source.cs
|
|
# Search for suspicious patterns
|
|
grep -n 'Assembly.Load\|WebClient\|Process.Start' source.cs
|
|
# If obfuscated, deobfuscate first
|
|
de4dot <assembly.exe>
|
|
ilspycmd <assembly-cleaned.exe> > source_clean.cs
|