playbooks

home / skills / sickn33 / antigravity-awesome-skills / anti-reversing-techniques

anti-reversing-techniques skill

/skills/anti-reversing-techniques

This skill helps you analyze protected binaries with authorization, documenting scope, and extracting defensive insights without enabling misuse.

This is most likely a fork of the anti-reversing-techniques skill from xfstudio
npx playbooks add skill sickn33/antigravity-awesome-skills --skill anti-reversing-techniques

Review the files below or copy the command above to add this skill to your agents.

Files (2)
SKILL.md
2.1 KB
---
name: anti-reversing-techniques
description: Understand anti-reversing, obfuscation, and protection techniques encountered during software analysis. Use when analyzing protected binaries, bypassing anti-debugging for authorized analysis, or understanding software protection mechanisms.
---

> **AUTHORIZED USE ONLY**: This skill contains dual-use security techniques. Before proceeding with any bypass or analysis:
> 1. **Verify authorization**: Confirm you have explicit written permission from the software owner, or are operating within a legitimate security context (CTF, authorized pentest, malware analysis, security research)
> 2. **Document scope**: Ensure your activities fall within the defined scope of your authorization
> 3. **Legal compliance**: Understand that unauthorized bypassing of software protection may violate laws (CFAA, DMCA anti-circumvention, etc.)
>
> **Legitimate use cases**: Malware analysis, authorized penetration testing, CTF competitions, academic security research, analyzing software you own/have rights to

## Use this skill when

- Analyzing protected binaries with explicit authorization
- Conducting malware analysis or security research in scope
- Participating in CTFs or approved training exercises
- Understanding anti-debugging or obfuscation techniques for defense

## Do not use this skill when

- You lack written authorization or a defined scope
- The goal is to bypass protections for piracy or misuse
- Legal or policy restrictions prohibit analysis

## Instructions

1. Confirm written authorization, scope, and legal constraints.
2. Identify protection mechanisms and choose safe analysis methods.
3. Document findings and avoid modifying artifacts unnecessarily.
4. Provide defensive recommendations and mitigation guidance.

## Safety

- Do not share bypass steps outside the authorized context.
- Preserve evidence and maintain chain-of-custody for malware cases.

Refer to `resources/implementation-playbook.md` for detailed techniques and examples.

## Resources

- `resources/implementation-playbook.md` for detailed techniques and examples.

Overview

This skill helps you identify and reason about anti-reversing, obfuscation, and protection techniques encountered during software analysis. It is designed for authorized analysts to recognize protections, choose safe analysis methods, and produce defensible findings and mitigations. Use it only when you have explicit permission and a defined scope.

How this skill works

The skill inspects binaries and analysis artifacts to classify protection mechanisms such as packers, anti-debugging checks, virtualization/VM-based obfuscation, code obfuscators, integrity checks, and runtime protections. It guides selection of non-destructive analysis approaches (static triage, sandboxing, controlled dynamic tracing) and documents how protections affect instrumentation, debugging, and evidence handling. The skill outputs clear findings and actionable defensive recommendations without providing unauthorized bypass recipes.

When to use it

  • Analyzing protected binaries with explicit written authorization
  • Conducting malware analysis, incident response, or security research in-scope
  • Participating in CTFs or approved training exercises involving protected challenges
  • Assessing software protection to improve defensive controls and secure development
  • Preparing reports that require classification of protection techniques and impact

Best practices

  • Verify and document written authorization, scope, and legal constraints before analysis
  • Prefer non-invasive triage: static signatures, entropy checks, and metadata before runtime changes
  • Isolate dynamic analysis in controlled sandboxes or air-gapped environments
  • Preserve original artifacts and maintain chain-of-custody for malware or legal contexts
  • Focus on defensive recommendations and mitigation rather than publishing bypass steps
  • Log tools, timestamps, and configuration details to support reproducibility and audit

Example use cases

  • Triage a suspicious executable to determine if it uses packing or runtime obfuscation
  • Assess anti-debugging measures that interfere with authorized reverse engineering for vulnerability research
  • Document protections and propose hardening steps for a proprietary application
  • Support incident response by classifying malware protections and advising safe analysis practices
  • Train junior analysts on recognizing obfuscation patterns without demonstrating circumvention

FAQ

Is it legal to use this skill on any binary?

No. Only analyze binaries when you have explicit written permission, are operating in an approved environment (CTF, lab, authorized pentest), or own the software; unauthorized bypassing may violate laws.

Will this skill provide step-by-step bypass instructions?

No. The emphasis is on identification, safe analysis methods, and defensive guidance. It does not provide exploitative or circumvention procedures outside authorized contexts.