aeondave/x64dbg
offensive-tools/re/x64dbg/SKILL.md
User-mode debugger for Windows x64/x86 with plugin ecosystem for malware analysis, unpacking, and vulnerability research. Use when dynamically analyzing PE malware, unpacking obfuscated executables, or tracing Windows API calls.
$ install --global
skillsauthnpx skillsauth add aeondave/malskill x64dbgInstall this skill globally with one command. Works with Claude Code, Cursor, and Windsurf.
Security Scan Results
3 of 9 scanners reported clean
Some scanners were skipped, did not run, or reported a non-clean status. Review each row below.
3
Scanners Passed
9
Scanners in report
Clean
TrivyContainer and dependency vulnerability scanner
95%
Clean
SemgrepStatic code analysis for vulnerabilities
95%
Clean
mcp-scan (Snyk)Model Context Protocol security validation
95%
Skipped
Snyk (dep)Open source security scanning
50%
Skipped
Socket.devSupply chain security analysis
50%
Skipped
VirusTotalMulti-engine malware detection
50%
Skipped
CrowdStrikeAdvanced threat intelligence
50%
Skipped
OSV-ScannerOpen Source Vulnerability database check
50%
Skipped
OWASP Dep-Check
50%
Last scanned: Mar 31, 2026, 9:23 PM57.8s1 file scanned
SKILL.md
- name:
- x64dbg
- description:
- User-mode debugger for Windows x64/x86 with plugin ecosystem for malware analysis, unpacking, and vulnerability research. Use when dynamically analyzing PE malware, unpacking obfuscated executables, or tracing Windows API calls.
- license:
- MIT
- compatibility:
- Windows x86/x64; GUI; x64dbg.com
- author:
- AeonDave
- version:
- 1.0
x64dbg
Windows debugger for dynamic malware analysis, unpacking, and API tracing.
Quick Start
- Download from x64dbg.com → extract → run
x96dbg.exe(launcher auto-selects x32/x64) - File > Open → target executable
- Set breakpoint:
F2on instruction, orbp CreateRemoteThread - Run:
F9| Step over:F8| Step into:F7 - Plugins: load ScyllaHide (anti-anti-debug), xAnalyzer
Key Panels
| Panel | Purpose | |-------|---------| | CPU | Disassembly + registers + stack + hex | | Log | API calls, plugin output | | Breakpoints | Manage all BPs | | Memory Map | Virtual memory regions | | References | XREFs to selected | | Symbols | Module imports/exports |
Common Commands
| Action | Key / Command |
|--------|--------------|
| Run / Pause | F9 |
| Step Over | F8 |
| Step Into | F7 |
| Execute till return | Ctrl+F9 |
| Set breakpoint | F2 |
| Breakpoint on API | bp VirtualAlloc in command bar |
| Follow in dump | Ctrl+D on address |
| Search strings | Ctrl+F in disassembly |
Common Workflows
Unpack malware:
- Open sample → run until OEP (watch for
jmp eax/raxafter decryption loop) - Dump process with Scylla plugin → fix imports → save
Find C2 callback:
bp WS2_32.connect
bp WS2_32.send
F9 → examine stack args
Resources
| File | When to load |
|------|--------------|
| references/ | Plugin list and unpack methodology |
Related Skills
aeondave/vibe-audit-technique
development
VerifiedTrustedCommunity
White-box auditing methodology for AI-generated ('vibe-coded') applications. Focuses on modern stack misconfigurations (Supabase, Next.js, Vercel).
4SKILL.mdUpdated Jun 12, 2026
aeondave/source-review-technique
development
VerifiedTrustedCommunity
Hybrid AI/Deterministic SAST methodology for discovering zero-day vulnerabilities in source code. Orchestrates structural search with AI-driven data flow and sink validation.
4SKILL.mdUpdated Jun 12, 2026
aeondave/hardware-technique
development
VerifiedTrustedCommunity
Auth assessment: hardware/embedded methodology; UART/JTAG/SWD/SPI/I2C, firmware extraction, boot/debug paths, embedded OS evidence.
4SKILL.mdUpdated Jun 12, 2026
aeondave/container-technique
devops
VerifiedTrustedCommunity
Container methodology: Identifying containerization limits, Docker/K8s misconfigurations, and executing escapes to the host node.
4SKILL.mdUpdated Jun 12, 2026