mit einem Klick
reverse-skills
reverse-skills enthält 9 gesammelte Skills von knowlet, mit Repository-Berufsabdeckung und Skill-Detailseiten auf SkillsMP.
Skills in diesem Repository
Use this skill when analyzing stripped, packed, or statically linked Go malware or suspicious Go binaries and the goal is to recover build metadata, separate user logic from runtime noise, map packages and goroutine behavior, extract high-signal evidence, and produce defensible capability and next-step assessments. Use when the workflow should combine fast CLI triage (file, sha256, binwalk, strings, go version -m) with concrete `ida-pro-mcp` steps (`decompile`, `xrefs_to`, `find_regex`, `export_funcs`) or AI-assisted structured survey before deep reversing. Trigger on Go malware behavior reconstruction, goroutine-heavy samples, dispatcher or C2 handler hunting, or when symbol recovery is already done and analyst focus shifts to capabilities.
Use this skill when stripped, packed, or poorly labeled Go binaries need function names, package paths, build metadata, source layout clues, types, or interfaces recovered from build info, pclntab, moduledata, typelinks, or tool-specific metadata before deeper malware analysis. Use when triaging with binwalk/strings/go version -m/GoReSym/redress, when IDA or Ghidra shows too few strings versus strings(1), or when preparing concrete `ida-pro-mcp` rename and xref workflows for pclntab-anchored recovery.
Use this skill whenever an `ida-pro-mcp` server is connected and you need to drive IDA Pro efficiently for reverse engineering — structured "survey this binary" first passes, progressive deepening from big-picture to dispatcher-level detail, ready-to-paste `py_eval` helpers for `.rodata` string recovery, panic-path extraction, and pclntab discovery, and disciplined rules for when to `decompile`, `xrefs_to`, `find_regex`, `rename`, and `set_type`. Trigger on any task involving IDA MCP, IDA Pro workflows, stripped binary analysis when the disassembler is connected, or when an analyst asks Claude to "look at this IDB", "survey this binary", "find the dispatcher", or "recover symbols" with an IDA backend available. Complements `reverse-malware-triage`, `reverse-rust-malware`, `reverse-golang-symbol-recovery`, and `reverse-golang-malware`.
Use this skill to perform fast malware or suspicious binary triage, extract high-signal evidence, summarize capabilities, identify likely next pivots, and produce analyst-ready outputs.
Use this skill when analyzing stripped or static-linked Rust malware or suspicious Rust ELF binaries. Focus on string recovery, panic-path reconstruction, module-tree building, command-dispatch discovery, and protocol recovery.
Use this skill when reverse-engineering, sandbox, or threat-intel work has already reconstructed a malware or botnet control plane and the goal is to turn that evidence into ranked disruption, containment, sinkhole, monitoring, and coordination options without overstating what is actually feasible.
Use this skill when reverse-engineering, sandbox, or threat-intel evidence exposes build paths, usernames, typo fingerprints, version windows, cloud relays, wallets, contracts, peer infrastructure, or other operator traces and the goal is to pivot from malware artifacts to a defensible developer or operator attribution model with prioritized investigative actions.
Use this skill to reconstruct command flow, transport assumptions, message boundaries, field candidates, and encode/decode behavior from reverse-engineering evidence.
Use this skill to transform reverse-engineering notes into a concise, analyst-ready report with confidence labels, IOC sections, and prioritized next actions.