ctf-malware

Solid

Provides malware analysis and network traffic techniques for CTF challenges. Use when analyzing obfuscated scripts, malicious packages, custom crypto protocols, C2 traffic, PE/.NET binaries, RC4/AES encrypted communications, YARA rules, shellcode analysis, memory forensics for malware (Volatility malfind, process injection detection), anti-analysis techniques (VM/sandbox detection, timing evasion, API hashing, process injection, environment checks), or extracting malware configurations and indicators of compromise.

Data & Documents 2,227 stars 274 forks Updated 4 weeks ago MIT

Install

View on GitHub

Quality Score: 97/100

Stars 20%
100
Recency 20%
90
Frontmatter 20%
70
Documentation 15%
100
Issue Health 10%
50
License 10%
100
Description 5%
100

Skill Content

# CTF Malware & Network Analysis Quick reference for malware analysis CTF challenges. Each technique has a one-liner here; see supporting files for full details with code. ## Prerequisites **Python packages (all platforms):** ```bash pip install yara-python pefile capstone oletools unicorn pycryptodome \ volatility3 dissect.cobaltstrike ``` **Linux (apt):** ```bash apt install strace ltrace tshark binwalk binutils ``` **macOS (Homebrew):** ```bash brew install wireshark binwalk binutils ghidra ``` **Manual install:** - dnSpy — [GitHub](https://github.com/dnSpy/dnSpy), .NET decompiler (Windows) ## Additional Resources - [scripts-and-obfuscation.md](scripts-and-obfuscation.md) - JavaScript deobfuscation, PowerShell analysis, eval/base64 decoding, junk code detection, hex payloads, Debian package analysis, dynamic analysis techniques (strace/ltrace, network monitoring, memory string extraction, automated sandbox execution), YARA rules for malware detection, shellcode analysis (Unicorn Engine, Capstone), memory forensics for malware (Volatility 3 malfind, process injection detection), anti-analysis techniques (VM detection, timing evasion, API hashing, process injection), trojanized plugin analysis with custom alphabet C2 decoding - [c2-and-protocols.md](c2-and-protocols.md) - C2 traffic patterns, custom crypto protocols, RC4 WebSocket, DNS-based C2, network indicators, PCAP analysis, AES-CBC, encryption ID, Telegram bot recovery, Poison Ivy RAT Camellia decryption - [p...

Details

Author
ljagiello
Repository
ljagiello/ctf-skills
Created
3 months ago
Last Updated
4 weeks ago
Language
Python
License
MIT

Integrates with

Telegram · Communication WebSocket · API

Similar Skills

Semantically similar based on skill content — not just same category

Data & Documents Solid

ctf-forensics

Provides digital forensics and signal analysis techniques for CTF challenges. Use when analyzing disk images, memory dumps, event logs, network captures, cryptocurrency transactions, steganography, PDF analysis, Windows registry, Volatility, PCAP, Docker images, coredumps, side-channel power traces, DTMF audio spectrograms, packet timing analysis, CD audio disc images, or recovering deleted files and credentials.

2,227 Updated 4 weeks ago
ljagiello
AI & Automation Featured

analyzing-network-traffic-of-malware

Analyzes network traffic generated by malware during sandbox execution or live incident response to identify C2 protocols, data exfiltration channels, payload downloads, and lateral movement patterns using Wireshark, Zeek, and Suricata. Activates for requests involving malware network analysis, C2 traffic decoding, malware PCAP analysis, or network-based malware detection.

12,642 Updated today
mukul975
AI & Automation Listed

ctf-forensics

Use when solving CTF forensics challenges — disk images, memory dumps, PCAPs, log analysis, file carving, deleted file recovery, NTFS/ext4 artifacts. Triggers on "ctf forensics", "memory dump", "pcap analysis", "disk image", "file carving", "log forensics".

6 Updated today
26zl
AI & Automation Featured

analyzing-command-and-control-communication

Analyzes malware command-and-control (C2) communication protocols to understand beacon patterns, command structures, data encoding, and infrastructure. Covers HTTP, HTTPS, DNS, and custom protocol C2 analysis for detection development and threat intelligence. Activates for requests involving C2 analysis, beacon detection, C2 protocol reverse engineering, or command-and-control infrastructure mapping.

12,642 Updated today
mukul975
AI & Automation Solid

ctf-crypto

Provides cryptography attack techniques for CTF challenges. Use when attacking encryption, hashing, signatures, ZKP, PRNG, or mathematical crypto problems involving RSA, AES, ECC, lattices, LWE, CVP, number theory, Coppersmith, Pollard, Wiener, padding oracle, GCM, key derivation, or stream/block cipher weaknesses.

2,227 Updated 4 weeks ago
ljagiello