A community-driven registry for Claude, Cursor, Windsurf, Cline & more. Not affiliated with Anthropic.
Are you the author? Sign in to claim
Claude Code skill for systematically reducing VirusTotal/EDR detection rates on compiled Go binaries via PE structural a
A Claude Code skill for systematically reducing VirusTotal and EDR detection rates on compiled Go binaries through structural analysis, iterative A/B testing, and ML feature vector optimization.
A companion blog post will be linked here once published.
Modern EDR detections on Go binaries are dominated by statistical ML classifiers (e.g. Microsoft Wacatac.B!ml, ML.Attribute.HighConfidence, MalwareX-gen, Evo-gen) rather than fixed-byte YARA rules. Defeating an ML classifier is a fundamentally different problem from defeating a signature — renaming strings and swapping imports often makes detection worse, because the resulting binary diverges further from the vanilla toolchain baseline the classifier has learned as "normal."
This skill packages a disciplined methodology for that problem:
| File | Purpose |
|---|---|
SKILL.md | The skill itself — methodology, prerequisites, phased workflow, and the core principles above. Load this into Claude Code. |
pe_structural_analyzer.py | Standalone Python analyzer that extracts the full PE structural feature vector (sections, imports, exports, resources, gopclntab, entropy, etc.) and produces a baseline/delta JSON report. |
references/pe-structural-analyzer.md | How to run the analyzer and interpret its output. |
references/pe-structural-features.md | Catalog of structural features observed across vanilla vs. modified Go builds, with which features actually correlate with detection. |
references/experiment-categories.md | Catalog of experiment categories that have and have not worked in practice, including dead ends to avoid. |
pefile and lief (a venv is recommended; on PEP 668 systems use --break-system-packages if you must install system-wide).GOOS=windows GOARCH=amd64 go build) for delta comparison.Drop SKILL.md, pe_structural_analyzer.py, and the references/ directory into a location Claude Code can read as a skill, then invoke the workflow when you have a high-detection binary you need to bring down. The skill will walk through baseline collection, structural analysis, hypothesis selection, and per-experiment A/B testing.
This is a defensive-research and authorized-engagement tool published by Praetorian to share methodology for understanding how modern ML-based EDR classifiers respond to changes in compiled binaries. It is intended for use on binaries you are authorized to test, in the context of red-team engagements, detection-engineering research, and toolchain hardening.
Apache License 2.0 — see LICENSE.
1000+ skills curated from Anthropic, Vercel, Stripe, and other engineering teams
Claude Code skill for YouTube creators — channel audits, video SEO, retention scripts, thumbnails, content strategy, Sho
Design enforcement with memory — keeps your UI consistent across a project
AI image generation skill for Claude Code -- Creative Director powered by Gemini