Malcat

Malcat now embeds a MCP server in its GUI. Simply start it with <Ctrl+M> and you can interact with your current analysis. It's there for all Malcat versions, including the free one! Here, I used Claude to do a first pass of function+variables renaming for an unknown malware, focusing on the C2 dispatcher function and C2 commands. While LLM can always make mistake, this helps to prioritize what to reverse first. Pretty neat!

Want to do some quality LLM-assisted triage too? Register Malcat's headless MCP server with Claude: claude mcp add --transport stdio malcat --  python <malcat install dir>/bin/malcat.mcp.py Then ask Claude to analyse a file path using malcat and observe the magic! You'll notice that thanks to Malcat's file carving, anomalies and function signatures, the LLM agent goes relatively fast to the point. Want to go farther? Your LLM can leverage Malcat's transforms to statically unpack (relatively simple) malware!

We're happy to announce that #malcat 0.9.13 is out! What you'll find: ● A new, long-awaited, Apple-silicon MacOS port! ● two integrated MCP servers (in-GUI +headless) for easy automated triage at scale ● And an improved interface with dark mode for Windows and a new dynamic pane layout system https://lnkd.in/duFp9ssv

If you're a #REMnux user, I'm happy to let you know that Malcat Lite has been added to the REMnux distribution: https://lnkd.in/dcFcbri3

Quick peek at the upcoming 0.9.13 release. It will also feature a 100% headless MCP server for full and pro users.

When you're starting out in malware analysis, it’s easy to think of strings as just "being there." But as you advance in your skills and understanding, you realize they are part of a complex structure laid out by compilers and structured according to file formats. In my latest video, we move beyond simple extraction to look at how they are stored and how programs access them (often through pointers). We’re diving into: 📍 The Role of Pointers: Why what you see in disassembly is actually an address pointing somewhere else entirely. 🧩 Compiler Alignment: Explaining that "noise" and those extra null bytes—it's not junk; it’s performance-based alignment. 🔍 Finding 'Main': A practical walkthrough in Malcat to see beyond the compiler’s runtime noise and find the author’s unique code. Watch lesson 4 on YouTube: https://lnkd.in/gFWcKEhA

Sometimes, the absence of signature match is also interesting. Here the #Chrysalis sideloaded dll, where we can quickly spot the few interesting functions. Make sure to check "Show UNK" !

A quick update on Malcat's MacOS development (apple silicon): A couple of visual glitches, but the analysis & UI are now functional \o/

#malcat 0.9.12 is out! Enjoy .pyc and .net stack analysis, py 3.14 support, nuitka / inno 6.7 / .net singlefile bundle parsers and may other improvements: https://lnkd.in/dPhUhuKW

Did an entire tool review on Malcat, and what are my thoughts: Do note this is coming from the perspective of a beginner. I'm not yet someone who has the experience to use the tool to its full potential, but I will soon. Credits to the developers of Malcat for building such a fantastic tool! Looking forward to see what the tool is like when it is out of beta! My substack post: https://lnkd.in/gbqyukzZ