analyzing-linux-elf-malware

Featured

Analyzes malicious Linux ELF (Executable and Linkable Format) binaries including botnets, cryptominers, ransomware, and rootkits targeting Linux servers, containers, and cloud infrastructure. Covers static analysis, dynamic tracing, and reverse engineering of x86_64 and ARM ELF samples. Activates for requests involving Linux malware analysis, ELF binary investigation, Linux server compromise assessment, or container malware analysis.

DevOps & Infrastructure 12,642 stars 1468 forks Updated today Apache-2.0

Install

View on GitHub

Quality Score: 99/100

Stars 20%
100
Recency 20%
100
Frontmatter 20%
70
Documentation 15%
100
Issue Health 10%
50
License 10%
100
Description 5%
100

Skill Content

# Analyzing Linux ELF Malware ## When to Use - A Linux server or container has been compromised and suspicious ELF binaries are found - Analyzing Linux botnets (Mirai, Gafgyt, XorDDoS), cryptominers, or ransomware - Investigating malware targeting cloud infrastructure, Docker containers, or Kubernetes pods - Reverse engineering Linux rootkits and kernel modules - Analyzing cross-platform malware compiled for Linux x86_64, ARM, or MIPS architectures **Do not use** for Windows PE binary analysis; use PEStudio, Ghidra, or IDA for Windows malware. ## Prerequisites - Ghidra or IDA with Linux ELF support for disassembly and decompilation - Linux analysis VM (Ubuntu 22.04 recommended) with development tools installed - strace, ltrace, and GDB for dynamic analysis and debugging - readelf, objdump, and nm from GNU binutils for static inspection - Radare2 for quick binary triage and scripted analysis - Docker for isolated container-based malware execution ## Workflow ### Step 1: Identify ELF Binary Properties Examine the ELF header and basic properties: ```bash # File type identification file suspect_binary # Detailed ELF header analysis readelf -h suspect_binary # Section headers readelf -S suspect_binary # Program headers (segments) readelf -l suspect_binary # Symbol table (if not stripped) readelf -s suspect_binary nm suspect_binary 2>/dev/null # Dynamic linking information readelf -d suspect_binary ldd suspect_binary 2>/dev/null # Only on matching architecture! # Co...

Details

Author
mukul975
Repository
mukul975/Anthropic-Cybersecurity-Skills
Created
3 months ago
Last Updated
today
Language
Python
License
Apache-2.0

Integrates with

Kubernetes · Infrastructure

Similar Skills

Semantically similar based on skill content — not just same category

AI & Automation Featured

performing-firmware-malware-analysis

Analyzes firmware images for embedded malware, backdoors, and unauthorized modifications targeting routers, IoT devices, UEFI/BIOS, and embedded systems. Covers firmware extraction, filesystem analysis, binary reverse engineering, and bootkit detection. Activates for requests involving firmware security analysis, IoT malware investigation, UEFI rootkit detection, or embedded device compromise assessment.

12,642 Updated today
mukul975
AI & Automation Featured

analyzing-golang-malware-with-ghidra

Reverse engineer Go-compiled malware using Ghidra with specialized scripts for function recovery, string extraction, and type reconstruction in stripped Go binaries.

12,642 Updated today
mukul975
Data & Documents Listed

binary-analysis

Analyze binary files (exe, dll, sys, bin, ocx, scr, cpl, drv) to assess if they are malicious, perform decompilation, extract strings/imports/exports, detect malware, and provide threat assessment. Use this skill when user asks to analyze, examine, check, or assess any binary file, asks if a file is malicious/suspicious/safe, or provides a file path to a binary. Trigger for phrases like "Is [file] malicious?", "Analyze [file]", "What does [binary] do?", or any request involving binary file analysis.

335 Updated today
aiskillstore
Data & Documents Solid

ctf-malware

Provides malware analysis and network traffic techniques for CTF challenges. Use when analyzing obfuscated scripts, malicious packages, custom crypto protocols, C2 traffic, PE/.NET binaries, RC4/AES encrypted communications, YARA rules, shellcode analysis, memory forensics for malware (Volatility malfind, process injection detection), anti-analysis techniques (VM/sandbox detection, timing evasion, API hashing, process injection, environment checks), or extracting malware configurations and indicators of compromise.

2,227 Updated 4 weeks ago
ljagiello
Data & Documents Listed

malware-analyst

Expert malware analyst specializing in defensive malware research, threat intelligence, and incident response. Masters sandbox analysis, behavioral analysis, and malware family identification. Handles static/dynamic analysis, unpacking, and IOC extraction. Use PROACTIVELY for malware triage, threat hunting, incident response, or security research.

335 Updated today
aiskillstore