@aegis-scan/skills 0.5.0 → 0.5.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (346) hide show
  1. package/ATTRIBUTION.md +93 -0
  2. package/package.json +1 -1
  3. package/sbom.cdx.json +1 -0
  4. package/skills/compliance/aegis-native/brutaler-anwalt/.claude-plugin/plugin.json +108 -0
  5. package/skills/compliance/aegis-native/brutaler-anwalt/CHANGELOG.md +878 -0
  6. package/skills/compliance/aegis-native/brutaler-anwalt/HANDOVER-LO-LIVE-VERIFICATION-2026-05-15.md +187 -0
  7. package/skills/compliance/aegis-native/brutaler-anwalt/README.md +9 -3
  8. package/skills/compliance/aegis-native/brutaler-anwalt/SKILL.md +93 -14
  9. package/skills/compliance/aegis-native/brutaler-anwalt/commands/audit.md +193 -0
  10. package/skills/compliance/aegis-native/brutaler-anwalt/commands/avv-redline.md +246 -0
  11. package/skills/compliance/aegis-native/brutaler-anwalt/commands/az-verify.md +155 -0
  12. package/skills/compliance/aegis-native/brutaler-anwalt/commands/cold-start.md +157 -0
  13. package/skills/compliance/aegis-native/brutaler-anwalt/commands/dsar-respond.md +180 -0
  14. package/skills/compliance/aegis-native/brutaler-anwalt/commands/health.md +50 -0
  15. package/skills/compliance/aegis-native/brutaler-anwalt/commands/simulate.md +158 -0
  16. package/skills/compliance/aegis-native/brutaler-anwalt/hooks/post_write.py +315 -0
  17. package/skills/compliance/aegis-native/brutaler-anwalt/hooks/prompt_submit.py +144 -0
  18. package/skills/compliance/aegis-native/brutaler-anwalt/hooks/session_start.py +57 -0
  19. package/skills/compliance/aegis-native/brutaler-anwalt/hooks/triggers.json +191 -0
  20. package/skills/compliance/aegis-native/brutaler-anwalt/references/INDEX.md +102 -0
  21. package/skills/compliance/aegis-native/brutaler-anwalt/references/abmahn-templates.md +1 -1
  22. package/skills/compliance/aegis-native/brutaler-anwalt/references/aegis-integration.md +60 -5
  23. package/skills/compliance/aegis-native/brutaler-anwalt/references/audit-patterns.md +745 -11
  24. package/skills/compliance/aegis-native/brutaler-anwalt/references/az-auffuellung-batch1.md +468 -0
  25. package/skills/compliance/aegis-native/brutaler-anwalt/references/bgh-urteile.md +106 -30
  26. package/skills/compliance/aegis-native/brutaler-anwalt/references/branchenrecht.md +247 -2
  27. package/skills/compliance/aegis-native/brutaler-anwalt/references/checklisten.md +75 -2
  28. package/skills/compliance/aegis-native/brutaler-anwalt/references/de-aufsichtsbehoerden-taetigkeitsberichte-2024.md +310 -0
  29. package/skills/compliance/aegis-native/brutaler-anwalt/references/de-bussgeld-argumentations-layer.md +598 -0
  30. package/skills/compliance/aegis-native/brutaler-anwalt/references/de-dsk-beschluesse.md +346 -0
  31. package/skills/compliance/aegis-native/brutaler-anwalt/references/de-statute-tier1/AGG/audit-relevance.md +76 -0
  32. package/skills/compliance/aegis-native/brutaler-anwalt/references/de-statute-tier1/AGG/paragraphs.md +115 -0
  33. package/skills/compliance/aegis-native/brutaler-anwalt/references/de-statute-tier1/AMG/audit-relevance.md +58 -0
  34. package/skills/compliance/aegis-native/brutaler-anwalt/references/de-statute-tier1/AMG/paragraphs.md +95 -0
  35. package/skills/compliance/aegis-native/brutaler-anwalt/references/de-statute-tier1/ArbZG/audit-relevance.md +60 -0
  36. package/skills/compliance/aegis-native/brutaler-anwalt/references/de-statute-tier1/ArbZG/paragraphs.md +90 -0
  37. package/skills/compliance/aegis-native/brutaler-anwalt/references/de-statute-tier1/BetrVG/audit-relevance.md +73 -0
  38. package/skills/compliance/aegis-native/brutaler-anwalt/references/de-statute-tier1/BetrVG/paragraphs.md +114 -0
  39. package/skills/compliance/aegis-native/brutaler-anwalt/references/de-statute-tier1/DDG/audit-relevance.md +72 -0
  40. package/skills/compliance/aegis-native/brutaler-anwalt/references/de-statute-tier1/DDG/paragraphs.md +103 -0
  41. package/skills/compliance/aegis-native/brutaler-anwalt/references/de-statute-tier1/DiGAV/audit-relevance.md +65 -0
  42. package/skills/compliance/aegis-native/brutaler-anwalt/references/de-statute-tier1/DiGAV/paragraphs.md +102 -0
  43. package/skills/compliance/aegis-native/brutaler-anwalt/references/de-statute-tier1/ElektroG/audit-relevance.md +66 -0
  44. package/skills/compliance/aegis-native/brutaler-anwalt/references/de-statute-tier1/ElektroG/paragraphs.md +108 -0
  45. package/skills/compliance/aegis-native/brutaler-anwalt/references/de-statute-tier1/FernUSG/audit-relevance.md +80 -0
  46. package/skills/compliance/aegis-native/brutaler-anwalt/references/de-statute-tier1/FernUSG/paragraphs.md +102 -0
  47. package/skills/compliance/aegis-native/brutaler-anwalt/references/de-statute-tier1/GeschGehG/audit-relevance.md +89 -0
  48. package/skills/compliance/aegis-native/brutaler-anwalt/references/de-statute-tier1/GeschGehG/paragraphs.md +107 -0
  49. package/skills/compliance/aegis-native/brutaler-anwalt/references/de-statute-tier1/GwG/audit-relevance.md +62 -0
  50. package/skills/compliance/aegis-native/brutaler-anwalt/references/de-statute-tier1/GwG/paragraphs.md +119 -0
  51. package/skills/compliance/aegis-native/brutaler-anwalt/references/de-statute-tier1/HWG/audit-relevance.md +70 -0
  52. package/skills/compliance/aegis-native/brutaler-anwalt/references/de-statute-tier1/HWG/paragraphs.md +125 -0
  53. package/skills/compliance/aegis-native/brutaler-anwalt/references/de-statute-tier1/HinSchG/audit-relevance.md +70 -0
  54. package/skills/compliance/aegis-native/brutaler-anwalt/references/de-statute-tier1/HinSchG/paragraphs.md +116 -0
  55. package/skills/compliance/aegis-native/brutaler-anwalt/references/de-statute-tier1/INDEX.md +152 -0
  56. package/skills/compliance/aegis-native/brutaler-anwalt/references/de-statute-tier1/KWG/audit-relevance.md +64 -0
  57. package/skills/compliance/aegis-native/brutaler-anwalt/references/de-statute-tier1/KWG/paragraphs.md +110 -0
  58. package/skills/compliance/aegis-native/brutaler-anwalt/references/de-statute-tier1/LFGB/audit-relevance.md +63 -0
  59. package/skills/compliance/aegis-native/brutaler-anwalt/references/de-statute-tier1/LFGB/paragraphs.md +90 -0
  60. package/skills/compliance/aegis-native/brutaler-anwalt/references/de-statute-tier1/MPDG/audit-relevance.md +61 -0
  61. package/skills/compliance/aegis-native/brutaler-anwalt/references/de-statute-tier1/MPDG/paragraphs.md +96 -0
  62. package/skills/compliance/aegis-native/brutaler-anwalt/references/de-statute-tier1/NachwG/audit-relevance.md +54 -0
  63. package/skills/compliance/aegis-native/brutaler-anwalt/references/de-statute-tier1/NachwG/paragraphs.md +82 -0
  64. package/skills/compliance/aegis-native/brutaler-anwalt/references/de-statute-tier1/PAngV/audit-relevance.md +76 -0
  65. package/skills/compliance/aegis-native/brutaler-anwalt/references/de-statute-tier1/PAngV/paragraphs.md +86 -0
  66. package/skills/compliance/aegis-native/brutaler-anwalt/references/de-statute-tier1/RDG/audit-relevance.md +84 -0
  67. package/skills/compliance/aegis-native/brutaler-anwalt/references/de-statute-tier1/RDG/paragraphs.md +114 -0
  68. package/skills/compliance/aegis-native/brutaler-anwalt/references/de-statute-tier1/TDDDG/audit-relevance.md +92 -0
  69. package/skills/compliance/aegis-native/brutaler-anwalt/references/de-statute-tier1/TDDDG/paragraphs.md +91 -0
  70. package/skills/compliance/aegis-native/brutaler-anwalt/references/de-statute-tier1/UrhG-UrhDaG/audit-relevance.md +85 -0
  71. package/skills/compliance/aegis-native/brutaler-anwalt/references/de-statute-tier1/UrhG-UrhDaG/paragraphs.md +166 -0
  72. package/skills/compliance/aegis-native/brutaler-anwalt/references/de-statute-tier1/VDuG/audit-relevance.md +71 -0
  73. package/skills/compliance/aegis-native/brutaler-anwalt/references/de-statute-tier1/VDuG/paragraphs.md +102 -0
  74. package/skills/compliance/aegis-native/brutaler-anwalt/references/de-statute-tier1/VERIFICATION-NOTES.md +111 -0
  75. package/skills/compliance/aegis-native/brutaler-anwalt/references/de-statute-tier1/VVG/audit-relevance.md +65 -0
  76. package/skills/compliance/aegis-native/brutaler-anwalt/references/de-statute-tier1/VVG/paragraphs.md +101 -0
  77. package/skills/compliance/aegis-native/brutaler-anwalt/references/de-statute-tier1/VerpackG/audit-relevance.md +62 -0
  78. package/skills/compliance/aegis-native/brutaler-anwalt/references/de-statute-tier1/VerpackG/paragraphs.md +120 -0
  79. package/skills/compliance/aegis-native/brutaler-anwalt/references/de-statute-tier1/WpHG/audit-relevance.md +64 -0
  80. package/skills/compliance/aegis-native/brutaler-anwalt/references/de-statute-tier1/WpHG/paragraphs.md +120 -0
  81. package/skills/compliance/aegis-native/brutaler-anwalt/references/de-statute-tier1/ZAG/audit-relevance.md +68 -0
  82. package/skills/compliance/aegis-native/brutaler-anwalt/references/de-statute-tier1/ZAG/paragraphs.md +110 -0
  83. package/skills/compliance/aegis-native/brutaler-anwalt/references/dsgvo.md +55 -8
  84. package/skills/compliance/aegis-native/brutaler-anwalt/references/eu-edpb-guidelines.md +505 -0
  85. package/skills/compliance/aegis-native/brutaler-anwalt/references/eu-eugh-dsgvo-schadensersatz.md +223 -0
  86. package/skills/compliance/aegis-native/brutaler-anwalt/references/gesetze/BDSG/audit-relevance.md +31 -0
  87. package/skills/compliance/aegis-native/brutaler-anwalt/references/gesetze/BFSG/audit-relevance.md +39 -0
  88. package/skills/compliance/aegis-native/brutaler-anwalt/references/gesetze/BGB/audit-relevance.md +42 -0
  89. package/skills/compliance/aegis-native/brutaler-anwalt/references/gesetze/DDG/audit-relevance.md +28 -0
  90. package/skills/compliance/aegis-native/brutaler-anwalt/references/gesetze/DSGVO/audit-relevance.md +35 -0
  91. package/skills/compliance/aegis-native/brutaler-anwalt/references/gesetze/EU-Verordnungen/AI-Act-2024-1689/articles.md +4 -1
  92. package/skills/compliance/aegis-native/brutaler-anwalt/references/gesetze/EU-Verordnungen/AI-Act-2024-1689/audit-relevance.md +139 -0
  93. package/skills/compliance/aegis-native/brutaler-anwalt/references/gesetze/EU-Verordnungen/AI-Act-2024-1689/gpai-pflichten.md +102 -0
  94. package/skills/compliance/aegis-native/brutaler-anwalt/references/gesetze/EU-Verordnungen/AI-Act-2024-1689/hochrisiko-annex-iii.md +134 -0
  95. package/skills/compliance/aegis-native/brutaler-anwalt/references/gesetze/EU-Verordnungen/AI-Act-2024-1689/sanktionen-art-99.md +97 -0
  96. package/skills/compliance/aegis-native/brutaler-anwalt/references/gesetze/EU-Verordnungen/AI-Act-2024-1689/transparenz-art-50.md +120 -0
  97. package/skills/compliance/aegis-native/brutaler-anwalt/references/gesetze/EU-Verordnungen/AI-Act-2024-1689/uebergangsfristen.md +109 -0
  98. package/skills/compliance/aegis-native/brutaler-anwalt/references/gesetze/EU-Verordnungen/CER-2022-2557/articles.md +42 -0
  99. package/skills/compliance/aegis-native/brutaler-anwalt/references/gesetze/EU-Verordnungen/CRA-2024-2847/articles.md +87 -0
  100. package/skills/compliance/aegis-native/brutaler-anwalt/references/gesetze/EU-Verordnungen/CSDDD-2024-1760/articles.md +43 -0
  101. package/skills/compliance/aegis-native/brutaler-anwalt/references/gesetze/EU-Verordnungen/CSRD-2022-2464/articles.md +42 -0
  102. package/skills/compliance/aegis-native/brutaler-anwalt/references/gesetze/EU-Verordnungen/DGA-2022-868/articles.md +53 -0
  103. package/skills/compliance/aegis-native/brutaler-anwalt/references/gesetze/EU-Verordnungen/DMA-2022-1925/articles.md +55 -0
  104. package/skills/compliance/aegis-native/brutaler-anwalt/references/gesetze/EU-Verordnungen/DORA-2022-2554/articles.md +164 -0
  105. package/skills/compliance/aegis-native/brutaler-anwalt/references/gesetze/EU-Verordnungen/DORA-2022-2554/audit-relevance.md +86 -0
  106. package/skills/compliance/aegis-native/brutaler-anwalt/references/gesetze/EU-Verordnungen/DSA-2022-2065/articles.md +3 -0
  107. package/skills/compliance/aegis-native/brutaler-anwalt/references/gesetze/EU-Verordnungen/DSA-2022-2065/audit-relevance.md +110 -0
  108. package/skills/compliance/aegis-native/brutaler-anwalt/references/gesetze/EU-Verordnungen/DSA-2022-2065/notice-and-action.md +138 -0
  109. package/skills/compliance/aegis-native/brutaler-anwalt/references/gesetze/EU-Verordnungen/DSA-2022-2065/small-platform-pflichten.md +109 -0
  110. package/skills/compliance/aegis-native/brutaler-anwalt/references/gesetze/EU-Verordnungen/DSA-2022-2065/trusted-flaggers.md +77 -0
  111. package/skills/compliance/aegis-native/brutaler-anwalt/references/gesetze/EU-Verordnungen/DSA-2022-2065/vlop-vlose.md +130 -0
  112. package/skills/compliance/aegis-native/brutaler-anwalt/references/gesetze/EU-Verordnungen/Data-Act-2023-2854/articles.md +102 -0
  113. package/skills/compliance/aegis-native/brutaler-anwalt/references/gesetze/EU-Verordnungen/Data-Act-2023-2854/audit-relevance.md +77 -0
  114. package/skills/compliance/aegis-native/brutaler-anwalt/references/gesetze/EU-Verordnungen/MiCA-2023-1114/articles.md +124 -0
  115. package/skills/compliance/aegis-native/brutaler-anwalt/references/gesetze/EU-Verordnungen/MiCA-2023-1114/audit-relevance.md +85 -0
  116. package/skills/compliance/aegis-native/brutaler-anwalt/references/gesetze/EU-Verordnungen/NIS2-2022-2555/articles.md +101 -0
  117. package/skills/compliance/aegis-native/brutaler-anwalt/references/gesetze/EU-Verordnungen/ProdHaftRL-2024-2853/articles.md +68 -0
  118. package/skills/compliance/aegis-native/brutaler-anwalt/references/gesetze/EU-Verordnungen/eIDAS-2024-1183/articles.md +43 -0
  119. package/skills/compliance/aegis-native/brutaler-anwalt/references/gesetze/Finance/KWG.md +52 -0
  120. package/skills/compliance/aegis-native/brutaler-anwalt/references/gesetze/Finance/PSD2.md +67 -0
  121. package/skills/compliance/aegis-native/brutaler-anwalt/references/gesetze/Finance/ZAG.md +50 -0
  122. package/skills/compliance/aegis-native/brutaler-anwalt/references/gesetze/GlueStV/articles.md +86 -0
  123. package/skills/compliance/aegis-native/brutaler-anwalt/references/gesetze/HGB-AO/audit-relevance.md +27 -0
  124. package/skills/compliance/aegis-native/brutaler-anwalt/references/gesetze/HinSchG/articles.md +96 -0
  125. package/skills/compliance/aegis-native/brutaler-anwalt/references/gesetze/JuSchG-JMStV/articles.md +86 -0
  126. package/skills/compliance/aegis-native/brutaler-anwalt/references/gesetze/KritisDachG/articles.md +39 -0
  127. package/skills/compliance/aegis-native/brutaler-anwalt/references/gesetze/LkSG/articles.md +90 -0
  128. package/skills/compliance/aegis-native/brutaler-anwalt/references/gesetze/MedTech/DiGAV.md +60 -0
  129. package/skills/compliance/aegis-native/brutaler-anwalt/references/gesetze/MedTech/IVDR-2017-746.md +51 -0
  130. package/skills/compliance/aegis-native/brutaler-anwalt/references/gesetze/MedTech/MDR-2017-745.md +85 -0
  131. package/skills/compliance/aegis-native/brutaler-anwalt/references/gesetze/NIS2UmsuCG-BSIG/articles.md +53 -0
  132. package/skills/compliance/aegis-native/brutaler-anwalt/references/gesetze/StGB/relevante-paragraphen.md +157 -0
  133. package/skills/compliance/aegis-native/brutaler-anwalt/references/gesetze/TDDDG/audit-relevance.md +33 -0
  134. package/skills/compliance/aegis-native/brutaler-anwalt/references/gesetze/TDDDG/paragraphs.md +3 -2
  135. package/skills/compliance/aegis-native/brutaler-anwalt/references/gesetze/TKG/articles.md +73 -0
  136. package/skills/compliance/aegis-native/brutaler-anwalt/references/gesetze/UWG/audit-relevance.md +39 -0
  137. package/skills/compliance/aegis-native/brutaler-anwalt/references/gesetze/UWG/paragraphs.md +71 -3
  138. package/skills/compliance/aegis-native/brutaler-anwalt/references/gesetze/VERIFICATION-STATUS.md +266 -0
  139. package/skills/compliance/aegis-native/brutaler-anwalt/references/gesetze/VSBG/audit-relevance.md +37 -0
  140. package/skills/compliance/aegis-native/brutaler-anwalt/references/gesetze/ePrivacy-RL-2002-58/articles.md +92 -0
  141. package/skills/compliance/aegis-native/brutaler-anwalt/references/gesetze/ePrivacy-RL-2002-58/audit-relevance.md +62 -0
  142. package/skills/compliance/aegis-native/brutaler-anwalt/references/it-recht.md +115 -9
  143. package/skills/compliance/aegis-native/brutaler-anwalt/references/stack-patterns/INDEX.md +1 -1
  144. package/skills/compliance/aegis-native/brutaler-anwalt/references/stack-patterns/ai/anthropic-dpa.md +87 -0
  145. package/skills/compliance/aegis-native/brutaler-anwalt/references/stack-patterns/astro/cookie-banner-pattern.md +202 -0
  146. package/skills/compliance/aegis-native/brutaler-anwalt/references/stack-patterns/astro/dse-section-pattern.md +198 -0
  147. package/skills/compliance/aegis-native/brutaler-anwalt/references/stack-patterns/astro/tracking-server-endpoint.md +193 -0
  148. package/skills/compliance/aegis-native/brutaler-anwalt/references/stack-patterns/auth/auth0-tom.md +92 -0
  149. package/skills/compliance/aegis-native/brutaler-anwalt/references/stack-patterns/auth/clerk-tom.md +84 -0
  150. package/skills/compliance/aegis-native/brutaler-anwalt/references/stack-patterns/django/auth-cookies-pattern.md +295 -0
  151. package/skills/compliance/aegis-native/brutaler-anwalt/references/stack-patterns/django/cookie-banner-pattern.md +318 -0
  152. package/skills/compliance/aegis-native/brutaler-anwalt/references/stack-patterns/django/gdpr-cleanup-celery.md +339 -0
  153. package/skills/compliance/aegis-native/brutaler-anwalt/references/stack-patterns/express/cookie-banner-pattern.md +237 -0
  154. package/skills/compliance/aegis-native/brutaler-anwalt/references/stack-patterns/express/gdpr-routes-pattern.md +256 -0
  155. package/skills/compliance/aegis-native/brutaler-anwalt/references/stack-patterns/express/helmet-csp-pattern.md +207 -0
  156. package/skills/compliance/aegis-native/brutaler-anwalt/references/stack-patterns/laravel/agb-versioning-pattern.md +305 -0
  157. package/skills/compliance/aegis-native/brutaler-anwalt/references/stack-patterns/laravel/cookie-banner-pattern.md +287 -0
  158. package/skills/compliance/aegis-native/brutaler-anwalt/references/stack-patterns/laravel/gdpr-models-pattern.md +290 -0
  159. package/skills/compliance/aegis-native/brutaler-anwalt/references/stack-patterns/laravel/tracking-config-pattern.md +263 -0
  160. package/skills/compliance/aegis-native/brutaler-anwalt/references/stack-patterns/nest/auth-pattern.md +265 -0
  161. package/skills/compliance/aegis-native/brutaler-anwalt/references/stack-patterns/nest/cookie-banner-pattern.md +255 -0
  162. package/skills/compliance/aegis-native/brutaler-anwalt/references/stack-patterns/nest/gdpr-cleanup-cron.md +244 -0
  163. package/skills/compliance/aegis-native/brutaler-anwalt/references/stack-patterns/nest/tracking-interceptor.md +239 -0
  164. package/skills/compliance/aegis-native/brutaler-anwalt/references/stack-patterns/nextjs/api-route-bearer-auth.md +103 -0
  165. package/skills/compliance/aegis-native/brutaler-anwalt/references/stack-patterns/nextjs/dynamic-rendering-headers.md +83 -0
  166. package/skills/compliance/aegis-native/brutaler-anwalt/references/stack-patterns/nextjs/env-driven-tracking.md +135 -0
  167. package/skills/compliance/aegis-native/brutaler-anwalt/references/stack-patterns/rails/cookie-banner-pattern.md +294 -0
  168. package/skills/compliance/aegis-native/brutaler-anwalt/references/stack-patterns/rails/devise-dsgvo-pattern.md +262 -0
  169. package/skills/compliance/aegis-native/brutaler-anwalt/references/stack-patterns/rails/gdpr-anonymization-pattern.md +283 -0
  170. package/skills/compliance/aegis-native/brutaler-anwalt/references/stack-patterns/react/consent-gate-pattern.md +99 -0
  171. package/skills/compliance/aegis-native/brutaler-anwalt/references/stack-patterns/react/cookie-banner-pattern.md +204 -0
  172. package/skills/compliance/aegis-native/brutaler-anwalt/references/stack-patterns/strapi/cms-pii-pattern.md +301 -0
  173. package/skills/compliance/aegis-native/brutaler-anwalt/references/stack-patterns/strapi/notice-and-action-plugin.md +371 -0
  174. package/skills/compliance/aegis-native/brutaler-anwalt/references/stack-patterns/svelte/cookie-banner-pattern.md +234 -0
  175. package/skills/compliance/aegis-native/brutaler-anwalt/references/stack-patterns/svelte/dse-section-pattern.md +231 -0
  176. package/skills/compliance/aegis-native/brutaler-anwalt/references/stack-patterns/svelte/sveltekit-server-hooks-pattern.md +217 -0
  177. package/skills/compliance/aegis-native/brutaler-anwalt/references/stack-patterns/tracking/google-analytics-consent.md +129 -0
  178. package/skills/compliance/aegis-native/brutaler-anwalt/references/stack-patterns/tracking/posthog-consent.md +79 -0
  179. package/skills/compliance/aegis-native/brutaler-anwalt/references/stack-patterns/vue/cookie-banner-pattern.md +208 -0
  180. package/skills/compliance/aegis-native/brutaler-anwalt/references/stack-patterns/vue/dse-i18n-pattern.md +204 -0
  181. package/skills/compliance/aegis-native/brutaler-anwalt/references/stack-patterns/vue/nuxt-vs-vue-only-pattern.md +197 -0
  182. package/skills/compliance/aegis-native/brutaler-anwalt/references/stack-patterns/vue/tracking-pinia-pattern.md +211 -0
  183. package/skills/compliance/aegis-native/brutaler-anwalt/references/strafrecht-steuer.md +1 -1
  184. package/skills/compliance/aegis-native/brutaler-anwalt/references/streitwerte.json +176 -0
  185. package/skills/compliance/aegis-native/brutaler-anwalt/references/templates/DSFA-template.md +80 -0
  186. package/skills/compliance/aegis-native/brutaler-anwalt/references/templates/VVT-template-file-upload.md +98 -0
  187. package/skills/compliance/aegis-native/brutaler-anwalt/references/templates-avv-layer/AVV-EN-international.md +267 -0
  188. package/skills/compliance/aegis-native/brutaler-anwalt/references/templates-avv-layer/AVV-anhang-Audit-Klausel-Varianten.md +148 -0
  189. package/skills/compliance/aegis-native/brutaler-anwalt/references/templates-avv-layer/AVV-anhang-CH-revDSG.md +127 -0
  190. package/skills/compliance/aegis-native/brutaler-anwalt/references/templates-avv-layer/AVV-anhang-SCC-module2-controller-processor.md +180 -0
  191. package/skills/compliance/aegis-native/brutaler-anwalt/references/templates-avv-layer/AVV-anhang-SCC-module3-processor-subprocessor.md +144 -0
  192. package/skills/compliance/aegis-native/brutaler-anwalt/references/templates-avv-layer/AVV-anhang-Sub-Processor-List.md +114 -0
  193. package/skills/compliance/aegis-native/brutaler-anwalt/references/templates-avv-layer/AVV-anhang-TOMs.md +197 -0
  194. package/skills/compliance/aegis-native/brutaler-anwalt/references/templates-avv-layer/AVV-anhang-UK-IDTA.md +131 -0
  195. package/skills/compliance/aegis-native/brutaler-anwalt/references/templates-avv-layer/AVV-standard-DE.md +288 -0
  196. package/skills/compliance/aegis-native/brutaler-anwalt/references/templates-avv-layer/Joint-Controller-Vertrag-Art-26.md +265 -0
  197. package/skills/compliance/aegis-native/brutaler-anwalt/scripts/health-check.sh +190 -48
  198. package/skills/compliance/aegis-native/brutaler-anwalt/scripts/test-triggers.sh +145 -0
  199. package/skills/compliance/aegis-native/brutaler-anwalt/settings.json +90 -0
  200. package/skills/defensive/permoon-fork/README.md +40 -0
  201. package/skills/defensive/permoon-fork/multi-model-consolidation/SKILL.md +47 -0
  202. package/skills/defensive/permoon-fork/multi-model-severity/SKILL.md +34 -0
  203. package/skills/defensive/permoon-fork/multi-model-system-prompt/SKILL.md +40 -0
  204. package/skills/foundation/aegis-native/aegis-handover-writer/SKILL.md +1 -1
  205. package/skills/foundation/aegis-native/aegis-quality-gates/SKILL.md +1 -1
  206. package/skills/offensive/airecon-fork/ctf-crypto/SKILL.md +260 -0
  207. package/skills/offensive/airecon-fork/ctf-crypto-modern-ciphers/SKILL.md +688 -0
  208. package/skills/offensive/airecon-fork/ctf-forensics/SKILL.md +253 -0
  209. package/skills/offensive/airecon-fork/ctf-forensics-network/SKILL.md +480 -0
  210. package/skills/offensive/airecon-fork/ctf-heap-advanced/SKILL.md +336 -0
  211. package/skills/offensive/airecon-fork/ctf-pwn/SKILL.md +294 -0
  212. package/skills/offensive/airecon-fork/ctf-pwn-rop-and-shellcode/SKILL.md +392 -0
  213. package/skills/offensive/airecon-fork/ctf-reversing/SKILL.md +284 -0
  214. package/skills/offensive/airecon-fork/frameworks-django/SKILL.md +268 -0
  215. package/skills/offensive/airecon-fork/frameworks-dotnet/SKILL.md +280 -0
  216. package/skills/offensive/airecon-fork/frameworks-express/SKILL.md +266 -0
  217. package/skills/offensive/airecon-fork/frameworks-fastapi/SKILL.md +193 -0
  218. package/skills/offensive/airecon-fork/frameworks-flask/SKILL.md +297 -0
  219. package/skills/offensive/airecon-fork/frameworks-laravel/SKILL.md +260 -0
  220. package/skills/offensive/airecon-fork/frameworks-nextjs/SKILL.md +230 -0
  221. package/skills/offensive/airecon-fork/frameworks-php/SKILL.md +271 -0
  222. package/skills/offensive/airecon-fork/frameworks-rails/SKILL.md +269 -0
  223. package/skills/offensive/airecon-fork/frameworks-spring/SKILL.md +245 -0
  224. package/skills/offensive/airecon-fork/frameworks-wordpress/SKILL.md +348 -0
  225. package/skills/offensive/airecon-fork/payloads-command-injection/SKILL.md +459 -0
  226. package/skills/offensive/airecon-fork/payloads-http-parameter-pollution/SKILL.md +129 -0
  227. package/skills/offensive/airecon-fork/payloads-ldap-injection/SKILL.md +100 -0
  228. package/skills/offensive/airecon-fork/payloads-lfi/SKILL.md +485 -0
  229. package/skills/offensive/airecon-fork/payloads-sqli/SKILL.md +419 -0
  230. package/skills/offensive/airecon-fork/payloads-ssrf/SKILL.md +125 -0
  231. package/skills/offensive/airecon-fork/payloads-ssti/SKILL.md +443 -0
  232. package/skills/offensive/airecon-fork/payloads-xss/SKILL.md +447 -0
  233. package/skills/offensive/airecon-fork/payloads-xxe/SKILL.md +172 -0
  234. package/skills/offensive/airecon-fork/postexploit-ad-credential-attacks/SKILL.md +306 -0
  235. package/skills/offensive/airecon-fork/postexploit-container-escape/SKILL.md +299 -0
  236. package/skills/offensive/airecon-fork/postexploit-credential-dumping/SKILL.md +249 -0
  237. package/skills/offensive/airecon-fork/postexploit-lateral-movement/SKILL.md +194 -0
  238. package/skills/offensive/airecon-fork/postexploit-linux-privesc/SKILL.md +252 -0
  239. package/skills/offensive/airecon-fork/postexploit-netexec-workflow/SKILL.md +302 -0
  240. package/skills/offensive/airecon-fork/postexploit-pivoting/SKILL.md +205 -0
  241. package/skills/offensive/airecon-fork/postexploit-windows-privesc/SKILL.md +210 -0
  242. package/skills/offensive/airecon-fork/protocols-active-directory/SKILL.md +314 -0
  243. package/skills/offensive/airecon-fork/protocols-dns/SKILL.md +203 -0
  244. package/skills/offensive/airecon-fork/protocols-ftp/SKILL.md +159 -0
  245. package/skills/offensive/airecon-fork/protocols-graphql/SKILL.md +648 -0
  246. package/skills/offensive/airecon-fork/protocols-kerberos/SKILL.md +168 -0
  247. package/skills/offensive/airecon-fork/protocols-ldap/SKILL.md +245 -0
  248. package/skills/offensive/airecon-fork/protocols-rdp/SKILL.md +186 -0
  249. package/skills/offensive/airecon-fork/protocols-smb/SKILL.md +191 -0
  250. package/skills/offensive/airecon-fork/protocols-smtp-imap/SKILL.md +263 -0
  251. package/skills/offensive/airecon-fork/protocols-snmp/SKILL.md +147 -0
  252. package/skills/offensive/airecon-fork/protocols-ssh/SKILL.md +287 -0
  253. package/skills/offensive/airecon-fork/reconnaissance-asn-whois-osint/SKILL.md +236 -0
  254. package/skills/offensive/airecon-fork/reconnaissance-ctf-methodology/SKILL.md +435 -0
  255. package/skills/offensive/airecon-fork/reconnaissance-dorking/SKILL.md +182 -0
  256. package/skills/offensive/airecon-fork/reconnaissance-exposed-devtools-detection/SKILL.md +513 -0
  257. package/skills/offensive/airecon-fork/reconnaissance-full-recon/SKILL.md +305 -0
  258. package/skills/offensive/airecon-fork/reconnaissance-internal-pentest/SKILL.md +202 -0
  259. package/skills/offensive/airecon-fork/reconnaissance-javascript-analysis/SKILL.md +167 -0
  260. package/skills/offensive/airecon-fork/reconnaissance-js-internal-hostname-intelligence/SKILL.md +391 -0
  261. package/skills/offensive/airecon-fork/reconnaissance-monitoring-secrets-exposure/SKILL.md +394 -0
  262. package/skills/offensive/airecon-fork/reconnaissance-shodan-censys/SKILL.md +279 -0
  263. package/skills/offensive/airecon-fork/reconnaissance-subdomain-enum/SKILL.md +952 -0
  264. package/skills/offensive/airecon-fork/technologies-cicd-attacks/SKILL.md +283 -0
  265. package/skills/offensive/airecon-fork/technologies-cloud-security/SKILL.md +299 -0
  266. package/skills/offensive/airecon-fork/technologies-docker-container/SKILL.md +266 -0
  267. package/skills/offensive/airecon-fork/technologies-elasticsearch/SKILL.md +226 -0
  268. package/skills/offensive/airecon-fork/technologies-firebase-firestore/SKILL.md +213 -0
  269. package/skills/offensive/airecon-fork/technologies-frida-hooking/SKILL.md +387 -0
  270. package/skills/offensive/airecon-fork/technologies-gitlab-github/SKILL.md +259 -0
  271. package/skills/offensive/airecon-fork/technologies-jenkins/SKILL.md +256 -0
  272. package/skills/offensive/airecon-fork/technologies-kubernetes-pentest/SKILL.md +281 -0
  273. package/skills/offensive/airecon-fork/technologies-memcached/SKILL.md +230 -0
  274. package/skills/offensive/airecon-fork/technologies-mobile-app-pentesting/SKILL.md +105 -0
  275. package/skills/offensive/airecon-fork/technologies-mongodb/SKILL.md +257 -0
  276. package/skills/offensive/airecon-fork/technologies-nginx-apache/SKILL.md +280 -0
  277. package/skills/offensive/airecon-fork/technologies-observability-stack-attacks/SKILL.md +501 -0
  278. package/skills/offensive/airecon-fork/technologies-redis/SKILL.md +236 -0
  279. package/skills/offensive/airecon-fork/technologies-supabase/SKILL.md +270 -0
  280. package/skills/offensive/airecon-fork/technologies-tomcat/SKILL.md +232 -0
  281. package/skills/offensive/airecon-fork/tools-advanced-fuzzing/SKILL.md +351 -0
  282. package/skills/offensive/airecon-fork/tools-browser-automation/SKILL.md +300 -0
  283. package/skills/offensive/airecon-fork/tools-caido/SKILL.md +776 -0
  284. package/skills/offensive/airecon-fork/tools-code-review/SKILL.md +71 -0
  285. package/skills/offensive/airecon-fork/tools-dalfox/SKILL.md +189 -0
  286. package/skills/offensive/airecon-fork/tools-hashcat-john/SKILL.md +258 -0
  287. package/skills/offensive/airecon-fork/tools-impacket/SKILL.md +227 -0
  288. package/skills/offensive/airecon-fork/tools-install/SKILL.md +202 -0
  289. package/skills/offensive/airecon-fork/tools-metasploit/SKILL.md +270 -0
  290. package/skills/offensive/airecon-fork/tools-nmap/SKILL.md +211 -0
  291. package/skills/offensive/airecon-fork/tools-nuclei/SKILL.md +175 -0
  292. package/skills/offensive/airecon-fork/tools-reporting/SKILL.md +47 -0
  293. package/skills/offensive/airecon-fork/tools-scripting/SKILL.md +1939 -0
  294. package/skills/offensive/airecon-fork/tools-semgrep/SKILL.md +202 -0
  295. package/skills/offensive/airecon-fork/tools-source-audit/SKILL.md +308 -0
  296. package/skills/offensive/airecon-fork/tools-sqlmap/SKILL.md +137 -0
  297. package/skills/offensive/airecon-fork/tools-tool-catalog/SKILL.md +320 -0
  298. package/skills/offensive/airecon-fork/tools-wapiti/SKILL.md +293 -0
  299. package/skills/offensive/airecon-fork/vulnerabilities-2fa-bypass/SKILL.md +219 -0
  300. package/skills/offensive/airecon-fork/vulnerabilities-account-takeover/SKILL.md +223 -0
  301. package/skills/offensive/airecon-fork/vulnerabilities-api-schema-exposure/SKILL.md +849 -0
  302. package/skills/offensive/airecon-fork/vulnerabilities-api-testing/SKILL.md +278 -0
  303. package/skills/offensive/airecon-fork/vulnerabilities-auth-workflow/SKILL.md +252 -0
  304. package/skills/offensive/airecon-fork/vulnerabilities-authentication-jwt/SKILL.md +158 -0
  305. package/skills/offensive/airecon-fork/vulnerabilities-bfla/SKILL.md +156 -0
  306. package/skills/offensive/airecon-fork/vulnerabilities-blind-xss/SKILL.md +111 -0
  307. package/skills/offensive/airecon-fork/vulnerabilities-business-logic/SKILL.md +313 -0
  308. package/skills/offensive/airecon-fork/vulnerabilities-cors/SKILL.md +242 -0
  309. package/skills/offensive/airecon-fork/vulnerabilities-crlf-injection/SKILL.md +146 -0
  310. package/skills/offensive/airecon-fork/vulnerabilities-csrf/SKILL.md +200 -0
  311. package/skills/offensive/airecon-fork/vulnerabilities-csrf-advanced-bypass/SKILL.md +536 -0
  312. package/skills/offensive/airecon-fork/vulnerabilities-deserialization/SKILL.md +363 -0
  313. package/skills/offensive/airecon-fork/vulnerabilities-dom-based-vulnerabilities/SKILL.md +105 -0
  314. package/skills/offensive/airecon-fork/vulnerabilities-exploitation/SKILL.md +286 -0
  315. package/skills/offensive/airecon-fork/vulnerabilities-grpc/SKILL.md +123 -0
  316. package/skills/offensive/airecon-fork/vulnerabilities-host-header-injection/SKILL.md +169 -0
  317. package/skills/offensive/airecon-fork/vulnerabilities-http-smuggling/SKILL.md +411 -0
  318. package/skills/offensive/airecon-fork/vulnerabilities-idor/SKILL.md +705 -0
  319. package/skills/offensive/airecon-fork/vulnerabilities-information-disclosure/SKILL.md +867 -0
  320. package/skills/offensive/airecon-fork/vulnerabilities-insecure-file-uploads/SKILL.md +190 -0
  321. package/skills/offensive/airecon-fork/vulnerabilities-jwt-attacks/SKILL.md +270 -0
  322. package/skills/offensive/airecon-fork/vulnerabilities-kubernetes/SKILL.md +252 -0
  323. package/skills/offensive/airecon-fork/vulnerabilities-mass-assignment/SKILL.md +788 -0
  324. package/skills/offensive/airecon-fork/vulnerabilities-nosql-injection/SKILL.md +204 -0
  325. package/skills/offensive/airecon-fork/vulnerabilities-oauth-misconfig/SKILL.md +220 -0
  326. package/skills/offensive/airecon-fork/vulnerabilities-oauth-saml/SKILL.md +163 -0
  327. package/skills/offensive/airecon-fork/vulnerabilities-open-redirect/SKILL.md +167 -0
  328. package/skills/offensive/airecon-fork/vulnerabilities-password-reset-poisoning/SKILL.md +66 -0
  329. package/skills/offensive/airecon-fork/vulnerabilities-path-traversal/SKILL.md +192 -0
  330. package/skills/offensive/airecon-fork/vulnerabilities-privilege-escalation/SKILL.md +320 -0
  331. package/skills/offensive/airecon-fork/vulnerabilities-prototype-pollution/SKILL.md +242 -0
  332. package/skills/offensive/airecon-fork/vulnerabilities-race-conditions/SKILL.md +192 -0
  333. package/skills/offensive/airecon-fork/vulnerabilities-rce/SKILL.md +240 -0
  334. package/skills/offensive/airecon-fork/vulnerabilities-sensitive-file-pii-exposure/SKILL.md +589 -0
  335. package/skills/offensive/airecon-fork/vulnerabilities-spring4shell/SKILL.md +86 -0
  336. package/skills/offensive/airecon-fork/vulnerabilities-sql-injection/SKILL.md +313 -0
  337. package/skills/offensive/airecon-fork/vulnerabilities-ssrf/SKILL.md +183 -0
  338. package/skills/offensive/airecon-fork/vulnerabilities-ssti/SKILL.md +344 -0
  339. package/skills/offensive/airecon-fork/vulnerabilities-subdomain-takeover/SKILL.md +160 -0
  340. package/skills/offensive/airecon-fork/vulnerabilities-supply-chain/SKILL.md +125 -0
  341. package/skills/offensive/airecon-fork/vulnerabilities-unhandled-exception-differential/SKILL.md +742 -0
  342. package/skills/offensive/airecon-fork/vulnerabilities-waf-detection/SKILL.md +90 -0
  343. package/skills/offensive/airecon-fork/vulnerabilities-web-cache-poisoning/SKILL.md +233 -0
  344. package/skills/offensive/airecon-fork/vulnerabilities-websocket/SKILL.md +180 -0
  345. package/skills/offensive/airecon-fork/vulnerabilities-xss/SKILL.md +316 -0
  346. package/skills/offensive/airecon-fork/vulnerabilities-xxe/SKILL.md +222 -0
package/skills/offensive/airecon-fork/ctf-forensics/SKILL.md ADDED
@@ -0,0 +1,253 @@
1
+ <!-- aegis-local: forked 2026-05-04 from pikpikcu/airecon@9a21453459d87eefb012ea355c79b593d0d3c0cc (MIT-licensed); attribution preserved, see ATTRIBUTION.md -->
2
+
3
+ ---
4
+ name: ctf-forensics
5
+ description: CTF forensics — file carving, steganography, pcap/network analysis, memory forensics, disk forensics, and metadata extraction using CLI tools in Kali Linux
6
+ ---
7
+
8
+ # CTF Forensics
9
+
10
+ Forensics = extract hidden data from files, network captures, memory dumps, and disk images.
11
+
12
+ **Install:**
13
+ ```
14
+ sudo apt-get install -y binwalk foremost exiftool steghide stegseek outguess file strings xxd hexdump tshark wireshark-common volatility3 pngcheck
15
+ pip install stegoveritas --break-system-packages
16
+ pip install oletools --break-system-packages
17
+ sudo apt-get install -y zsteg
18
+ # stegseek: wget https://github.com/RickdeJager/stegseek/releases/latest/download/stegseek_0.6-1.deb && dpkg -i stegseek*.deb
19
+ ```
20
+
21
+ ---
22
+
23
+ ## File Analysis — First Steps
24
+
25
+ # Always start here for any unknown file:
26
+ file challenge.xxx # True file type (ignore extension)
27
+ xxd challenge.xxx | head -20 # Hex dump — check magic bytes
28
+ strings -n 6 challenge.xxx # Printable strings, min length 6
29
+ exiftool challenge.xxx # All metadata
30
+
31
+ # Common magic bytes:
32
+ # PNG: 89 50 4E 47 0D 0A 1A 0A
33
+ # JPEG: FF D8 FF
34
+ # ZIP: 50 4B 03 04
35
+ # PDF: 25 50 44 46
36
+ # ELF: 7F 45 4C 46
37
+ # GIF: 47 49 46 38
38
+ # RAR: 52 61 72 21
39
+ # 7z: 37 7A BC AF
40
+
41
+ # Check for embedded files:
42
+ binwalk challenge.xxx # Show embedded files
43
+ binwalk -e challenge.xxx # Extract all embedded files
44
+ binwalk -D 'png image:png' challenge.xxx # Extract specific type only
45
+ foremost -i challenge.xxx -o output/ # Alternative file carver
46
+
47
+ ---
48
+
49
+ ## Steganography
50
+
51
+ ### Image Steganography
52
+
53
+ # Check LSB steganography (most common):
54
+ zsteg challenge.png # PNG: check all LSB channels
55
+ zsteg -a challenge.png # All possible bitplanes
56
+
57
+ # steghide — extract hidden data (JPEG/BMP):
58
+ steghide info challenge.jpg # Check if data embedded
59
+ steghide extract -sf challenge.jpg # Extract (will ask passphrase)
60
+ steghide extract -sf challenge.jpg -p "" # Try empty passphrase
61
+ steghide extract -sf challenge.jpg -p "password" # Try password
62
+
63
+ # stegseek — bruteforce steghide passphrase:
64
+ stegseek challenge.jpg /usr/share/wordlists/rockyou.txt
65
+
66
+ # outguess:
67
+ outguess -r challenge.jpg output.txt
68
+
69
+ # stegoveritas — comprehensive image steg analysis:
70
+ stegoveritas challenge.png
71
+ stegoveritas challenge.png -steghide -wordlist /usr/share/wordlists/rockyou.txt
72
+
73
+ # pngcheck — PNG chunk analysis:
74
+ pngcheck -v challenge.png
75
+
76
+ # Check image pixels (Python):
77
+ python3 -c "
78
+ from PIL import Image
79
+ img = Image.open('challenge.png')
80
+ pixels = list(img.getdata())
81
+ # Extract LSB of each pixel
82
+ bits = [p[0] & 1 for p in pixels[:100]]
83
+ print(bits)
84
+ "
85
+
86
+ ### Audio Steganography
87
+
88
+ # Spectrogram analysis:
89
+ sox challenge.wav -n spectrogram -o spec.png
90
+ # Or: python3 -c "import scipy.io.wavfile as wav; import matplotlib.pyplot as plt; import numpy as np; r,d=wav.read('challenge.wav'); plt.specgram(d,Fs=r); plt.savefig('spec.png')"
91
+
92
+ # LSB in WAV:
93
+ python3 -c "
94
+ import wave, struct
95
+ f = wave.open('challenge.wav', 'r')
96
+ frames = f.readframes(-1)
97
+ samples = struct.unpack(f'<{len(frames)//2}h', frames)
98
+ bits = [s & 1 for s in samples[:200]]
99
+ chars = [chr(int(''.join(map(str, bits[i:i+8])), 2)) for i in range(0, len(bits)-8, 8)]
100
+ print(''.join(chars))
101
+ "
102
+
103
+ # mp3stego: mp3stego-decode -X -P password challenge.mp3 output.txt
104
+
105
+ ### Text Steganography
106
+
107
+ # Check for whitespace encoding (SNOW):
108
+ cat -A challenge.txt | grep ' ' # trailing spaces/tabs
109
+ # stegsnow: sudo apt-get install -y stegsnow
110
+ stegsnow -C challenge.txt
111
+
112
+ # Unicode zero-width characters:
113
+ python3 -c "
114
+ text = open('challenge.txt', 'rb').read()
115
+ hidden = [hex(b) for b in text if b in [0xe2, 0x80, 0x8b, 0x8c, 0x8d, 0xad]]
116
+ print(hidden[:20])
117
+ "
118
+
119
+ ---
120
+
121
+ ## Network / PCAP Analysis
122
+
123
+ # Open PCAP:
124
+ tshark -r challenge.pcap -V | head -50 # Verbose first packet
125
+ tshark -r challenge.pcap -Y "http" # Filter HTTP
126
+ tshark -r challenge.pcap -Y "dns" # Filter DNS
127
+
128
+ # Extract HTTP objects (images, files):
129
+ tshark -r challenge.pcap --export-objects http,output/http_files/
130
+ tshark -r challenge.pcap --export-objects smb,output/smb_files/
131
+
132
+ # Follow TCP stream (conversation):
133
+ tshark -r challenge.pcap -Y "tcp.stream==0" -T fields -e data | xxd
134
+
135
+ # Extract credentials from PCAP:
136
+ tshark -r challenge.pcap -Y "http.request.method==POST" -T fields \
137
+ -e http.host -e http.request.uri -e http.request.body
138
+
139
+ # Find all DNS queries:
140
+ tshark -r challenge.pcap -Y "dns.qry.name" -T fields -e dns.qry.name | sort -u
141
+
142
+ # FTP/SMTP/Telnet credentials (cleartext):
143
+ tshark -r challenge.pcap -Y "ftp" -T fields -e ftp.request.command -e ftp.request.arg
144
+ strings challenge.pcap | grep -i "PASS\|USER\|AUTH\|login"
145
+
146
+ # Extract all data from UDP streams (DNS tunneling):
147
+ tshark -r challenge.pcap -Y "dns" -T fields -e dns.qry.name | sort -u
148
+
149
+ ---
150
+
151
+ ## Memory Forensics (Volatility 3)
152
+
153
+ # Install: sudo apt-get install -y volatility3
154
+ # OR: pip install volatility3 --break-system-packages
155
+
156
+ # Identify OS profile first:
157
+ vol -f memory.dmp windows.info # Windows
158
+ vol -f memory.dmp linux.bash # Linux
159
+
160
+ # Windows processes:
161
+ vol -f memory.dmp windows.pslist # Running processes
162
+ vol -f memory.dmp windows.pstree # Process tree
163
+ vol -f memory.dmp windows.cmdline # Command line per process
164
+ vol -f memory.dmp windows.netscan # Network connections
165
+
166
+ # Dump process memory:
167
+ vol -f memory.dmp windows.dumpfiles --pid <PID>
168
+ vol -f memory.dmp windows.memmap --pid <PID> --dump
169
+
170
+ # Extract credentials:
171
+ vol -f memory.dmp windows.hashdump # NTLM hashes from SAM
172
+ vol -f memory.dmp windows.lsadump # LSA secrets
173
+
174
+ # Find files:
175
+ vol -f memory.dmp windows.filescan | grep -i "flag\|secret\|password"
176
+
177
+ # Registry hives:
178
+ vol -f memory.dmp windows.registry.hivelist
179
+ vol -f memory.dmp windows.registry.printkey --key "SOFTWARE\Microsoft\Windows\CurrentVersion\Run"
180
+
181
+ # Strings in memory:
182
+ strings memory.dmp | grep -i "flag{\|CTF{\|password\|secret" | head -30
183
+
184
+ ---
185
+
186
+ ## Disk Image Forensics
187
+
188
+ # Mount disk image:
189
+ file disk.img
190
+ fdisk -l disk.img # Show partitions
191
+ sudo mount -o loop,offset=$((512*2048)) disk.img /mnt/disk
192
+
193
+ # Extract partition from image:
194
+ dd if=disk.img of=partition.img bs=512 skip=2048 count=<sectors>
195
+
196
+ # Recover deleted files:
197
+ sudo apt-get install -y testdisk photorec
198
+ photorec disk.img # GUI-less recovery
199
+ testdisk disk.img # Partition/MBR recovery
200
+
201
+ # Search for strings in raw image:
202
+ strings disk.img | grep -i "flag\|pass\|secret\|CTF"
203
+ grep -boa 'flag{' disk.img # Binary search for flag pattern
204
+
205
+ ---
206
+
207
+ ## Archive / ZIP Analysis
208
+
209
+ # Test ZIP password:
210
+ zip2john challenge.zip > zip.hash
211
+ john zip.hash --wordlist=/usr/share/wordlists/rockyou.txt
212
+
213
+ # hashcat:
214
+ zip2john challenge.zip | tee zip.hash
215
+ hashcat -m 13600 zip.hash /usr/share/wordlists/rockyou.txt
216
+
217
+ # Check ZIP structure:
218
+ unzip -l challenge.zip # List contents
219
+ unzip -t challenge.zip # Test integrity
220
+
221
+ # Extract without password (known plaintext attack):
222
+ # If you know one file in the ZIP → pkcrack
223
+ sudo apt-get install -y pkcrack
224
+
225
+ ---
226
+
227
+ ## Office Document Forensics
228
+
229
+ # Extract macros and embedded objects:
230
+ # oletools: pip install oletools --break-system-packages
231
+ oleid challenge.docx # Check for macros, encryption
232
+ olevba challenge.docx # Extract VBA macros
233
+ oleobj challenge.docx # Extract embedded objects
234
+ rtfobj challenge.rtf # Extract from RTF
235
+
236
+ # strings on office docs:
237
+ strings challenge.docx | grep -i "flag\|pass\|http"
238
+
239
+ ---
240
+
241
+ ## Pro Tips
242
+
243
+ 1. Always run `file` + `xxd | head` + `strings` + `exiftool` on every challenge file first
244
+ 2. PNG → `zsteg -a` first; JPEG → `steghide` + `stegseek` brute force
245
+ 3. PCAP → `--export-objects http` to get all transferred files; check DNS for tunneling
246
+ 4. Memory dump → `windows.pslist` + `windows.cmdline` → suspicious processes first
247
+ 5. ZIP with password → `zip2john` + john/hashcat with rockyou
248
+ 6. Office docs → `olevba` to extract macros (often contains flag or dropper)
249
+ 7. Look for "appended data" after EOF: `binwalk` or `cat file.jpg file2.zip`
250
+
251
+ ## Summary
252
+
253
+ Forensics checklist: `file` → `binwalk -e` → `strings` → `exiftool` → steg tools (`zsteg`/`steghide`/`stegseek`) → PCAP (`tshark --export-objects`) → memory (`vol windows.pslist` + `hashdump`) → archives (`zip2john` + crack). Every file type has a specific toolchain — apply systematically.