In this hands-on workshop we will analyze an unknown binary, quickly extract indicators, and determine the binary’s core functionality. We’ll give Claude the LCRE (LimaCharlie Reverse Engineering) tool to accelerate analysis and interpretation by identifying configuration details, key behaviors, and any additional indicators useful for rule building. We’ll use this information to craft detection rules for this sample.
Next, we’ll execute the sample in a sandboxed VM to validate the detections against real runtime behavior. We’ll use what we observe to verify and tune our detection rules, reduce false positives, and uncover any additional behaviors or telemetry that improve coverage beyond the current indicators.
Attendees will walk away with an understanding of how to use Claude Code as a Security Operations accelerator while keeping human validation and defensible analysis at the core.