Claude-skill-registry binary-reconnaissance

Initial reconnaissance on binaries including checksec, file analysis, strings, and symbols. First step for any new target.

install

source · Clone the upstream repo

git clone https://github.com/majiayu000/claude-skill-registry

Claude Code · Install into ~/.claude/skills/

T=$(mktemp -d) && git clone --depth=1 https://github.com/majiayu000/claude-skill-registry "$T" && mkdir -p ~/.claude/skills && cp -r "$T/skills/data/binary-reconnaissance" ~/.claude/skills/majiayu000-claude-skill-registry-binary-reconnaissance && rm -rf "$T"

manifest: skills/data/binary-reconnaissance/SKILL.md

Binary Reconnaissance

First-look analysis of any new binary target. Run these checks before deeper analysis.

Checklist

File type:
```
file target
```
Security mitigations:
```
checksec target
```
Symbols:
```
nm target
```
or
```
readelf -s target
```

Strings:

strings target | grep -i flag\|win\|shell

Disassembly:
```
objdump -M intel -d target > target.asm
```

Checksec Interpretation

Protection	Enabled	Disabled	Bypass
NX	Can't execute shellcode on stack	Shellcode works	ROP, ret2libc
Canary	Stack smash detected	No protection	Leak canary, brute force
PIE	Addresses randomized	Fixed addresses	Leak code address
RELRO	GOT protected	GOT writable	Can't use GOT overwrite

Quick Wins to Look For

Functions named
```
win
```
,
```
get_flag
```
,
```
shell
```
,
```
backdoor
```
Strings containing
```
flag
```
,
```
/bin/sh
```
,
```
cat flag
```
```
system()
```
or
```
execve()
```
in PLT
No canary + no PIE = likely simple overflow

Output

Produce

context/binary-info.md

using the template.