Example Usage
$ capa.exe suspicious.exe +--------------------+------------------------------------------------------------------------+ | ATT&CK Tactic | ATT&CK Technique | |--------------------+------------------------------------------------------------------------| | DEFENSE EVASION | Obfuscated Files or Information [T1027] | | DISCOVERY | Query Registry [T1012] | | | System Information Discovery [T1082] | | EXECUTION | Command and Scripting Interpreter::Windows Command Shell [T1059.003] | | | Shared Modules [T1129] | | EXFILTRATION | Exfiltration Over C2 Channel [T1041] | | PERSISTENCE | Create or Modify System Process::Windows Service [T1543.003] | +--------------------+------------------------------------------------------------------------+ +-------------------------------------------+-------------------------------------------------+ | CAPABILITY
See also
ret-sync
Open Source
ret-sync is a set of plugins that helps to synchronize a debugging session (WinDbg/GDB/LLDB/OllyDbg2…
xAnalyzer
Open Source
…
AAIdrive
Open Source
Implementations of some Android Auto features as unofficial IDrive apps…
Radare2
Open Source
Kali
Portable reversing framework that includes a hex editor, disassembler, debugger, scripting engine (r…
horus
Open Source
An OSINT / digital forensics tool built in Python…
NETReactorSlayer
Open Source
An open source (GPLv3) deobfuscator and unpacker for Eziriz .NET Reactor…