@aegis-scan/skills 0.5.0 → 0.5.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (345) hide show
  1. package/ATTRIBUTION.md +93 -0
  2. package/package.json +1 -1
  3. package/sbom.cdx.json +1 -0
  4. package/skills/compliance/aegis-native/brutaler-anwalt/.claude-plugin/plugin.json +108 -0
  5. package/skills/compliance/aegis-native/brutaler-anwalt/CHANGELOG.md +878 -0
  6. package/skills/compliance/aegis-native/brutaler-anwalt/README.md +9 -3
  7. package/skills/compliance/aegis-native/brutaler-anwalt/SKILL.md +93 -14
  8. package/skills/compliance/aegis-native/brutaler-anwalt/commands/audit.md +193 -0
  9. package/skills/compliance/aegis-native/brutaler-anwalt/commands/avv-redline.md +246 -0
  10. package/skills/compliance/aegis-native/brutaler-anwalt/commands/az-verify.md +155 -0
  11. package/skills/compliance/aegis-native/brutaler-anwalt/commands/cold-start.md +157 -0
  12. package/skills/compliance/aegis-native/brutaler-anwalt/commands/dsar-respond.md +180 -0
  13. package/skills/compliance/aegis-native/brutaler-anwalt/commands/health.md +50 -0
  14. package/skills/compliance/aegis-native/brutaler-anwalt/commands/simulate.md +158 -0
  15. package/skills/compliance/aegis-native/brutaler-anwalt/hooks/post_write.py +315 -0
  16. package/skills/compliance/aegis-native/brutaler-anwalt/hooks/prompt_submit.py +144 -0
  17. package/skills/compliance/aegis-native/brutaler-anwalt/hooks/session_start.py +57 -0
  18. package/skills/compliance/aegis-native/brutaler-anwalt/hooks/triggers.json +191 -0
  19. package/skills/compliance/aegis-native/brutaler-anwalt/references/INDEX.md +102 -0
  20. package/skills/compliance/aegis-native/brutaler-anwalt/references/abmahn-templates.md +1 -1
  21. package/skills/compliance/aegis-native/brutaler-anwalt/references/aegis-integration.md +60 -5
  22. package/skills/compliance/aegis-native/brutaler-anwalt/references/audit-patterns.md +745 -11
  23. package/skills/compliance/aegis-native/brutaler-anwalt/references/az-auffuellung-batch1.md +468 -0
  24. package/skills/compliance/aegis-native/brutaler-anwalt/references/bgh-urteile.md +106 -30
  25. package/skills/compliance/aegis-native/brutaler-anwalt/references/branchenrecht.md +247 -2
  26. package/skills/compliance/aegis-native/brutaler-anwalt/references/checklisten.md +75 -2
  27. package/skills/compliance/aegis-native/brutaler-anwalt/references/de-aufsichtsbehoerden-taetigkeitsberichte-2024.md +310 -0
  28. package/skills/compliance/aegis-native/brutaler-anwalt/references/de-bussgeld-argumentations-layer.md +598 -0
  29. package/skills/compliance/aegis-native/brutaler-anwalt/references/de-dsk-beschluesse.md +346 -0
  30. package/skills/compliance/aegis-native/brutaler-anwalt/references/de-statute-tier1/AGG/audit-relevance.md +76 -0
  31. package/skills/compliance/aegis-native/brutaler-anwalt/references/de-statute-tier1/AGG/paragraphs.md +115 -0
  32. package/skills/compliance/aegis-native/brutaler-anwalt/references/de-statute-tier1/AMG/audit-relevance.md +58 -0
  33. package/skills/compliance/aegis-native/brutaler-anwalt/references/de-statute-tier1/AMG/paragraphs.md +95 -0
  34. package/skills/compliance/aegis-native/brutaler-anwalt/references/de-statute-tier1/ArbZG/audit-relevance.md +60 -0
  35. package/skills/compliance/aegis-native/brutaler-anwalt/references/de-statute-tier1/ArbZG/paragraphs.md +90 -0
  36. package/skills/compliance/aegis-native/brutaler-anwalt/references/de-statute-tier1/BetrVG/audit-relevance.md +73 -0
  37. package/skills/compliance/aegis-native/brutaler-anwalt/references/de-statute-tier1/BetrVG/paragraphs.md +114 -0
  38. package/skills/compliance/aegis-native/brutaler-anwalt/references/de-statute-tier1/DDG/audit-relevance.md +72 -0
  39. package/skills/compliance/aegis-native/brutaler-anwalt/references/de-statute-tier1/DDG/paragraphs.md +103 -0
  40. package/skills/compliance/aegis-native/brutaler-anwalt/references/de-statute-tier1/DiGAV/audit-relevance.md +65 -0
  41. package/skills/compliance/aegis-native/brutaler-anwalt/references/de-statute-tier1/DiGAV/paragraphs.md +102 -0
  42. package/skills/compliance/aegis-native/brutaler-anwalt/references/de-statute-tier1/ElektroG/audit-relevance.md +66 -0
  43. package/skills/compliance/aegis-native/brutaler-anwalt/references/de-statute-tier1/ElektroG/paragraphs.md +108 -0
  44. package/skills/compliance/aegis-native/brutaler-anwalt/references/de-statute-tier1/FernUSG/audit-relevance.md +80 -0
  45. package/skills/compliance/aegis-native/brutaler-anwalt/references/de-statute-tier1/FernUSG/paragraphs.md +102 -0
  46. package/skills/compliance/aegis-native/brutaler-anwalt/references/de-statute-tier1/GeschGehG/audit-relevance.md +89 -0
  47. package/skills/compliance/aegis-native/brutaler-anwalt/references/de-statute-tier1/GeschGehG/paragraphs.md +107 -0
  48. package/skills/compliance/aegis-native/brutaler-anwalt/references/de-statute-tier1/GwG/audit-relevance.md +62 -0
  49. package/skills/compliance/aegis-native/brutaler-anwalt/references/de-statute-tier1/GwG/paragraphs.md +119 -0
  50. package/skills/compliance/aegis-native/brutaler-anwalt/references/de-statute-tier1/HWG/audit-relevance.md +70 -0
  51. package/skills/compliance/aegis-native/brutaler-anwalt/references/de-statute-tier1/HWG/paragraphs.md +125 -0
  52. package/skills/compliance/aegis-native/brutaler-anwalt/references/de-statute-tier1/HinSchG/audit-relevance.md +70 -0
  53. package/skills/compliance/aegis-native/brutaler-anwalt/references/de-statute-tier1/HinSchG/paragraphs.md +116 -0
  54. package/skills/compliance/aegis-native/brutaler-anwalt/references/de-statute-tier1/INDEX.md +152 -0
  55. package/skills/compliance/aegis-native/brutaler-anwalt/references/de-statute-tier1/KWG/audit-relevance.md +64 -0
  56. package/skills/compliance/aegis-native/brutaler-anwalt/references/de-statute-tier1/KWG/paragraphs.md +110 -0
  57. package/skills/compliance/aegis-native/brutaler-anwalt/references/de-statute-tier1/LFGB/audit-relevance.md +63 -0
  58. package/skills/compliance/aegis-native/brutaler-anwalt/references/de-statute-tier1/LFGB/paragraphs.md +90 -0
  59. package/skills/compliance/aegis-native/brutaler-anwalt/references/de-statute-tier1/MPDG/audit-relevance.md +61 -0
  60. package/skills/compliance/aegis-native/brutaler-anwalt/references/de-statute-tier1/MPDG/paragraphs.md +96 -0
  61. package/skills/compliance/aegis-native/brutaler-anwalt/references/de-statute-tier1/NachwG/audit-relevance.md +54 -0
  62. package/skills/compliance/aegis-native/brutaler-anwalt/references/de-statute-tier1/NachwG/paragraphs.md +82 -0
  63. package/skills/compliance/aegis-native/brutaler-anwalt/references/de-statute-tier1/PAngV/audit-relevance.md +76 -0
  64. package/skills/compliance/aegis-native/brutaler-anwalt/references/de-statute-tier1/PAngV/paragraphs.md +86 -0
  65. package/skills/compliance/aegis-native/brutaler-anwalt/references/de-statute-tier1/RDG/audit-relevance.md +84 -0
  66. package/skills/compliance/aegis-native/brutaler-anwalt/references/de-statute-tier1/RDG/paragraphs.md +114 -0
  67. package/skills/compliance/aegis-native/brutaler-anwalt/references/de-statute-tier1/TDDDG/audit-relevance.md +92 -0
  68. package/skills/compliance/aegis-native/brutaler-anwalt/references/de-statute-tier1/TDDDG/paragraphs.md +91 -0
  69. package/skills/compliance/aegis-native/brutaler-anwalt/references/de-statute-tier1/UrhG-UrhDaG/audit-relevance.md +85 -0
  70. package/skills/compliance/aegis-native/brutaler-anwalt/references/de-statute-tier1/UrhG-UrhDaG/paragraphs.md +166 -0
  71. package/skills/compliance/aegis-native/brutaler-anwalt/references/de-statute-tier1/VDuG/audit-relevance.md +71 -0
  72. package/skills/compliance/aegis-native/brutaler-anwalt/references/de-statute-tier1/VDuG/paragraphs.md +102 -0
  73. package/skills/compliance/aegis-native/brutaler-anwalt/references/de-statute-tier1/VERIFICATION-NOTES.md +111 -0
  74. package/skills/compliance/aegis-native/brutaler-anwalt/references/de-statute-tier1/VVG/audit-relevance.md +65 -0
  75. package/skills/compliance/aegis-native/brutaler-anwalt/references/de-statute-tier1/VVG/paragraphs.md +101 -0
  76. package/skills/compliance/aegis-native/brutaler-anwalt/references/de-statute-tier1/VerpackG/audit-relevance.md +62 -0
  77. package/skills/compliance/aegis-native/brutaler-anwalt/references/de-statute-tier1/VerpackG/paragraphs.md +120 -0
  78. package/skills/compliance/aegis-native/brutaler-anwalt/references/de-statute-tier1/WpHG/audit-relevance.md +64 -0
  79. package/skills/compliance/aegis-native/brutaler-anwalt/references/de-statute-tier1/WpHG/paragraphs.md +120 -0
  80. package/skills/compliance/aegis-native/brutaler-anwalt/references/de-statute-tier1/ZAG/audit-relevance.md +68 -0
  81. package/skills/compliance/aegis-native/brutaler-anwalt/references/de-statute-tier1/ZAG/paragraphs.md +110 -0
  82. package/skills/compliance/aegis-native/brutaler-anwalt/references/dsgvo.md +55 -8
  83. package/skills/compliance/aegis-native/brutaler-anwalt/references/eu-edpb-guidelines.md +505 -0
  84. package/skills/compliance/aegis-native/brutaler-anwalt/references/eu-eugh-dsgvo-schadensersatz.md +223 -0
  85. package/skills/compliance/aegis-native/brutaler-anwalt/references/gesetze/BDSG/audit-relevance.md +31 -0
  86. package/skills/compliance/aegis-native/brutaler-anwalt/references/gesetze/BFSG/audit-relevance.md +39 -0
  87. package/skills/compliance/aegis-native/brutaler-anwalt/references/gesetze/BGB/audit-relevance.md +42 -0
  88. package/skills/compliance/aegis-native/brutaler-anwalt/references/gesetze/DDG/audit-relevance.md +28 -0
  89. package/skills/compliance/aegis-native/brutaler-anwalt/references/gesetze/DSGVO/audit-relevance.md +35 -0
  90. package/skills/compliance/aegis-native/brutaler-anwalt/references/gesetze/EU-Verordnungen/AI-Act-2024-1689/articles.md +4 -1
  91. package/skills/compliance/aegis-native/brutaler-anwalt/references/gesetze/EU-Verordnungen/AI-Act-2024-1689/audit-relevance.md +139 -0
  92. package/skills/compliance/aegis-native/brutaler-anwalt/references/gesetze/EU-Verordnungen/AI-Act-2024-1689/gpai-pflichten.md +102 -0
  93. package/skills/compliance/aegis-native/brutaler-anwalt/references/gesetze/EU-Verordnungen/AI-Act-2024-1689/hochrisiko-annex-iii.md +134 -0
  94. package/skills/compliance/aegis-native/brutaler-anwalt/references/gesetze/EU-Verordnungen/AI-Act-2024-1689/sanktionen-art-99.md +97 -0
  95. package/skills/compliance/aegis-native/brutaler-anwalt/references/gesetze/EU-Verordnungen/AI-Act-2024-1689/transparenz-art-50.md +120 -0
  96. package/skills/compliance/aegis-native/brutaler-anwalt/references/gesetze/EU-Verordnungen/AI-Act-2024-1689/uebergangsfristen.md +109 -0
  97. package/skills/compliance/aegis-native/brutaler-anwalt/references/gesetze/EU-Verordnungen/CER-2022-2557/articles.md +42 -0
  98. package/skills/compliance/aegis-native/brutaler-anwalt/references/gesetze/EU-Verordnungen/CRA-2024-2847/articles.md +87 -0
  99. package/skills/compliance/aegis-native/brutaler-anwalt/references/gesetze/EU-Verordnungen/CSDDD-2024-1760/articles.md +43 -0
  100. package/skills/compliance/aegis-native/brutaler-anwalt/references/gesetze/EU-Verordnungen/CSRD-2022-2464/articles.md +42 -0
  101. package/skills/compliance/aegis-native/brutaler-anwalt/references/gesetze/EU-Verordnungen/DGA-2022-868/articles.md +53 -0
  102. package/skills/compliance/aegis-native/brutaler-anwalt/references/gesetze/EU-Verordnungen/DMA-2022-1925/articles.md +55 -0
  103. package/skills/compliance/aegis-native/brutaler-anwalt/references/gesetze/EU-Verordnungen/DORA-2022-2554/articles.md +164 -0
  104. package/skills/compliance/aegis-native/brutaler-anwalt/references/gesetze/EU-Verordnungen/DORA-2022-2554/audit-relevance.md +86 -0
  105. package/skills/compliance/aegis-native/brutaler-anwalt/references/gesetze/EU-Verordnungen/DSA-2022-2065/articles.md +3 -0
  106. package/skills/compliance/aegis-native/brutaler-anwalt/references/gesetze/EU-Verordnungen/DSA-2022-2065/audit-relevance.md +110 -0
  107. package/skills/compliance/aegis-native/brutaler-anwalt/references/gesetze/EU-Verordnungen/DSA-2022-2065/notice-and-action.md +138 -0
  108. package/skills/compliance/aegis-native/brutaler-anwalt/references/gesetze/EU-Verordnungen/DSA-2022-2065/small-platform-pflichten.md +109 -0
  109. package/skills/compliance/aegis-native/brutaler-anwalt/references/gesetze/EU-Verordnungen/DSA-2022-2065/trusted-flaggers.md +77 -0
  110. package/skills/compliance/aegis-native/brutaler-anwalt/references/gesetze/EU-Verordnungen/DSA-2022-2065/vlop-vlose.md +130 -0
  111. package/skills/compliance/aegis-native/brutaler-anwalt/references/gesetze/EU-Verordnungen/Data-Act-2023-2854/articles.md +102 -0
  112. package/skills/compliance/aegis-native/brutaler-anwalt/references/gesetze/EU-Verordnungen/Data-Act-2023-2854/audit-relevance.md +77 -0
  113. package/skills/compliance/aegis-native/brutaler-anwalt/references/gesetze/EU-Verordnungen/MiCA-2023-1114/articles.md +124 -0
  114. package/skills/compliance/aegis-native/brutaler-anwalt/references/gesetze/EU-Verordnungen/MiCA-2023-1114/audit-relevance.md +85 -0
  115. package/skills/compliance/aegis-native/brutaler-anwalt/references/gesetze/EU-Verordnungen/NIS2-2022-2555/articles.md +101 -0
  116. package/skills/compliance/aegis-native/brutaler-anwalt/references/gesetze/EU-Verordnungen/ProdHaftRL-2024-2853/articles.md +68 -0
  117. package/skills/compliance/aegis-native/brutaler-anwalt/references/gesetze/EU-Verordnungen/eIDAS-2024-1183/articles.md +43 -0
  118. package/skills/compliance/aegis-native/brutaler-anwalt/references/gesetze/Finance/KWG.md +52 -0
  119. package/skills/compliance/aegis-native/brutaler-anwalt/references/gesetze/Finance/PSD2.md +67 -0
  120. package/skills/compliance/aegis-native/brutaler-anwalt/references/gesetze/Finance/ZAG.md +50 -0
  121. package/skills/compliance/aegis-native/brutaler-anwalt/references/gesetze/GlueStV/articles.md +86 -0
  122. package/skills/compliance/aegis-native/brutaler-anwalt/references/gesetze/HGB-AO/audit-relevance.md +27 -0
  123. package/skills/compliance/aegis-native/brutaler-anwalt/references/gesetze/HinSchG/articles.md +96 -0
  124. package/skills/compliance/aegis-native/brutaler-anwalt/references/gesetze/JuSchG-JMStV/articles.md +86 -0
  125. package/skills/compliance/aegis-native/brutaler-anwalt/references/gesetze/KritisDachG/articles.md +39 -0
  126. package/skills/compliance/aegis-native/brutaler-anwalt/references/gesetze/LkSG/articles.md +90 -0
  127. package/skills/compliance/aegis-native/brutaler-anwalt/references/gesetze/MedTech/DiGAV.md +60 -0
  128. package/skills/compliance/aegis-native/brutaler-anwalt/references/gesetze/MedTech/IVDR-2017-746.md +51 -0
  129. package/skills/compliance/aegis-native/brutaler-anwalt/references/gesetze/MedTech/MDR-2017-745.md +85 -0
  130. package/skills/compliance/aegis-native/brutaler-anwalt/references/gesetze/NIS2UmsuCG-BSIG/articles.md +53 -0
  131. package/skills/compliance/aegis-native/brutaler-anwalt/references/gesetze/StGB/relevante-paragraphen.md +157 -0
  132. package/skills/compliance/aegis-native/brutaler-anwalt/references/gesetze/TDDDG/audit-relevance.md +33 -0
  133. package/skills/compliance/aegis-native/brutaler-anwalt/references/gesetze/TDDDG/paragraphs.md +3 -2
  134. package/skills/compliance/aegis-native/brutaler-anwalt/references/gesetze/TKG/articles.md +73 -0
  135. package/skills/compliance/aegis-native/brutaler-anwalt/references/gesetze/UWG/audit-relevance.md +39 -0
  136. package/skills/compliance/aegis-native/brutaler-anwalt/references/gesetze/UWG/paragraphs.md +71 -3
  137. package/skills/compliance/aegis-native/brutaler-anwalt/references/gesetze/VERIFICATION-STATUS.md +266 -0
  138. package/skills/compliance/aegis-native/brutaler-anwalt/references/gesetze/VSBG/audit-relevance.md +37 -0
  139. package/skills/compliance/aegis-native/brutaler-anwalt/references/gesetze/ePrivacy-RL-2002-58/articles.md +92 -0
  140. package/skills/compliance/aegis-native/brutaler-anwalt/references/gesetze/ePrivacy-RL-2002-58/audit-relevance.md +62 -0
  141. package/skills/compliance/aegis-native/brutaler-anwalt/references/it-recht.md +115 -9
  142. package/skills/compliance/aegis-native/brutaler-anwalt/references/stack-patterns/INDEX.md +1 -1
  143. package/skills/compliance/aegis-native/brutaler-anwalt/references/stack-patterns/ai/anthropic-dpa.md +87 -0
  144. package/skills/compliance/aegis-native/brutaler-anwalt/references/stack-patterns/astro/cookie-banner-pattern.md +202 -0
  145. package/skills/compliance/aegis-native/brutaler-anwalt/references/stack-patterns/astro/dse-section-pattern.md +198 -0
  146. package/skills/compliance/aegis-native/brutaler-anwalt/references/stack-patterns/astro/tracking-server-endpoint.md +193 -0
  147. package/skills/compliance/aegis-native/brutaler-anwalt/references/stack-patterns/auth/auth0-tom.md +92 -0
  148. package/skills/compliance/aegis-native/brutaler-anwalt/references/stack-patterns/auth/clerk-tom.md +84 -0
  149. package/skills/compliance/aegis-native/brutaler-anwalt/references/stack-patterns/django/auth-cookies-pattern.md +295 -0
  150. package/skills/compliance/aegis-native/brutaler-anwalt/references/stack-patterns/django/cookie-banner-pattern.md +318 -0
  151. package/skills/compliance/aegis-native/brutaler-anwalt/references/stack-patterns/django/gdpr-cleanup-celery.md +339 -0
  152. package/skills/compliance/aegis-native/brutaler-anwalt/references/stack-patterns/express/cookie-banner-pattern.md +237 -0
  153. package/skills/compliance/aegis-native/brutaler-anwalt/references/stack-patterns/express/gdpr-routes-pattern.md +256 -0
  154. package/skills/compliance/aegis-native/brutaler-anwalt/references/stack-patterns/express/helmet-csp-pattern.md +207 -0
  155. package/skills/compliance/aegis-native/brutaler-anwalt/references/stack-patterns/laravel/agb-versioning-pattern.md +305 -0
  156. package/skills/compliance/aegis-native/brutaler-anwalt/references/stack-patterns/laravel/cookie-banner-pattern.md +287 -0
  157. package/skills/compliance/aegis-native/brutaler-anwalt/references/stack-patterns/laravel/gdpr-models-pattern.md +290 -0
  158. package/skills/compliance/aegis-native/brutaler-anwalt/references/stack-patterns/laravel/tracking-config-pattern.md +263 -0
  159. package/skills/compliance/aegis-native/brutaler-anwalt/references/stack-patterns/nest/auth-pattern.md +265 -0
  160. package/skills/compliance/aegis-native/brutaler-anwalt/references/stack-patterns/nest/cookie-banner-pattern.md +255 -0
  161. package/skills/compliance/aegis-native/brutaler-anwalt/references/stack-patterns/nest/gdpr-cleanup-cron.md +244 -0
  162. package/skills/compliance/aegis-native/brutaler-anwalt/references/stack-patterns/nest/tracking-interceptor.md +239 -0
  163. package/skills/compliance/aegis-native/brutaler-anwalt/references/stack-patterns/nextjs/api-route-bearer-auth.md +103 -0
  164. package/skills/compliance/aegis-native/brutaler-anwalt/references/stack-patterns/nextjs/dynamic-rendering-headers.md +83 -0
  165. package/skills/compliance/aegis-native/brutaler-anwalt/references/stack-patterns/nextjs/env-driven-tracking.md +135 -0
  166. package/skills/compliance/aegis-native/brutaler-anwalt/references/stack-patterns/rails/cookie-banner-pattern.md +294 -0
  167. package/skills/compliance/aegis-native/brutaler-anwalt/references/stack-patterns/rails/devise-dsgvo-pattern.md +262 -0
  168. package/skills/compliance/aegis-native/brutaler-anwalt/references/stack-patterns/rails/gdpr-anonymization-pattern.md +283 -0
  169. package/skills/compliance/aegis-native/brutaler-anwalt/references/stack-patterns/react/consent-gate-pattern.md +99 -0
  170. package/skills/compliance/aegis-native/brutaler-anwalt/references/stack-patterns/react/cookie-banner-pattern.md +204 -0
  171. package/skills/compliance/aegis-native/brutaler-anwalt/references/stack-patterns/strapi/cms-pii-pattern.md +301 -0
  172. package/skills/compliance/aegis-native/brutaler-anwalt/references/stack-patterns/strapi/notice-and-action-plugin.md +371 -0
  173. package/skills/compliance/aegis-native/brutaler-anwalt/references/stack-patterns/svelte/cookie-banner-pattern.md +234 -0
  174. package/skills/compliance/aegis-native/brutaler-anwalt/references/stack-patterns/svelte/dse-section-pattern.md +231 -0
  175. package/skills/compliance/aegis-native/brutaler-anwalt/references/stack-patterns/svelte/sveltekit-server-hooks-pattern.md +217 -0
  176. package/skills/compliance/aegis-native/brutaler-anwalt/references/stack-patterns/tracking/google-analytics-consent.md +129 -0
  177. package/skills/compliance/aegis-native/brutaler-anwalt/references/stack-patterns/tracking/posthog-consent.md +79 -0
  178. package/skills/compliance/aegis-native/brutaler-anwalt/references/stack-patterns/vue/cookie-banner-pattern.md +208 -0
  179. package/skills/compliance/aegis-native/brutaler-anwalt/references/stack-patterns/vue/dse-i18n-pattern.md +204 -0
  180. package/skills/compliance/aegis-native/brutaler-anwalt/references/stack-patterns/vue/nuxt-vs-vue-only-pattern.md +197 -0
  181. package/skills/compliance/aegis-native/brutaler-anwalt/references/stack-patterns/vue/tracking-pinia-pattern.md +211 -0
  182. package/skills/compliance/aegis-native/brutaler-anwalt/references/strafrecht-steuer.md +1 -1
  183. package/skills/compliance/aegis-native/brutaler-anwalt/references/streitwerte.json +176 -0
  184. package/skills/compliance/aegis-native/brutaler-anwalt/references/templates/DSFA-template.md +80 -0
  185. package/skills/compliance/aegis-native/brutaler-anwalt/references/templates/VVT-template-file-upload.md +98 -0
  186. package/skills/compliance/aegis-native/brutaler-anwalt/references/templates-avv-layer/AVV-EN-international.md +267 -0
  187. package/skills/compliance/aegis-native/brutaler-anwalt/references/templates-avv-layer/AVV-anhang-Audit-Klausel-Varianten.md +148 -0
  188. package/skills/compliance/aegis-native/brutaler-anwalt/references/templates-avv-layer/AVV-anhang-CH-revDSG.md +127 -0
  189. package/skills/compliance/aegis-native/brutaler-anwalt/references/templates-avv-layer/AVV-anhang-SCC-module2-controller-processor.md +180 -0
  190. package/skills/compliance/aegis-native/brutaler-anwalt/references/templates-avv-layer/AVV-anhang-SCC-module3-processor-subprocessor.md +144 -0
  191. package/skills/compliance/aegis-native/brutaler-anwalt/references/templates-avv-layer/AVV-anhang-Sub-Processor-List.md +114 -0
  192. package/skills/compliance/aegis-native/brutaler-anwalt/references/templates-avv-layer/AVV-anhang-TOMs.md +197 -0
  193. package/skills/compliance/aegis-native/brutaler-anwalt/references/templates-avv-layer/AVV-anhang-UK-IDTA.md +131 -0
  194. package/skills/compliance/aegis-native/brutaler-anwalt/references/templates-avv-layer/AVV-standard-DE.md +288 -0
  195. package/skills/compliance/aegis-native/brutaler-anwalt/references/templates-avv-layer/Joint-Controller-Vertrag-Art-26.md +265 -0
  196. package/skills/compliance/aegis-native/brutaler-anwalt/scripts/health-check.sh +190 -48
  197. package/skills/compliance/aegis-native/brutaler-anwalt/scripts/test-triggers.sh +145 -0
  198. package/skills/compliance/aegis-native/brutaler-anwalt/settings.json +90 -0
  199. package/skills/defensive/permoon-fork/README.md +40 -0
  200. package/skills/defensive/permoon-fork/multi-model-consolidation/SKILL.md +47 -0
  201. package/skills/defensive/permoon-fork/multi-model-severity/SKILL.md +34 -0
  202. package/skills/defensive/permoon-fork/multi-model-system-prompt/SKILL.md +40 -0
  203. package/skills/foundation/aegis-native/aegis-handover-writer/SKILL.md +1 -1
  204. package/skills/foundation/aegis-native/aegis-quality-gates/SKILL.md +1 -1
  205. package/skills/offensive/airecon-fork/ctf-crypto/SKILL.md +260 -0
  206. package/skills/offensive/airecon-fork/ctf-crypto-modern-ciphers/SKILL.md +688 -0
  207. package/skills/offensive/airecon-fork/ctf-forensics/SKILL.md +253 -0
  208. package/skills/offensive/airecon-fork/ctf-forensics-network/SKILL.md +480 -0
  209. package/skills/offensive/airecon-fork/ctf-heap-advanced/SKILL.md +336 -0
  210. package/skills/offensive/airecon-fork/ctf-pwn/SKILL.md +294 -0
  211. package/skills/offensive/airecon-fork/ctf-pwn-rop-and-shellcode/SKILL.md +392 -0
  212. package/skills/offensive/airecon-fork/ctf-reversing/SKILL.md +284 -0
  213. package/skills/offensive/airecon-fork/frameworks-django/SKILL.md +268 -0
  214. package/skills/offensive/airecon-fork/frameworks-dotnet/SKILL.md +280 -0
  215. package/skills/offensive/airecon-fork/frameworks-express/SKILL.md +266 -0
  216. package/skills/offensive/airecon-fork/frameworks-fastapi/SKILL.md +193 -0
  217. package/skills/offensive/airecon-fork/frameworks-flask/SKILL.md +297 -0
  218. package/skills/offensive/airecon-fork/frameworks-laravel/SKILL.md +260 -0
  219. package/skills/offensive/airecon-fork/frameworks-nextjs/SKILL.md +230 -0
  220. package/skills/offensive/airecon-fork/frameworks-php/SKILL.md +271 -0
  221. package/skills/offensive/airecon-fork/frameworks-rails/SKILL.md +269 -0
  222. package/skills/offensive/airecon-fork/frameworks-spring/SKILL.md +245 -0
  223. package/skills/offensive/airecon-fork/frameworks-wordpress/SKILL.md +348 -0
  224. package/skills/offensive/airecon-fork/payloads-command-injection/SKILL.md +459 -0
  225. package/skills/offensive/airecon-fork/payloads-http-parameter-pollution/SKILL.md +129 -0
  226. package/skills/offensive/airecon-fork/payloads-ldap-injection/SKILL.md +100 -0
  227. package/skills/offensive/airecon-fork/payloads-lfi/SKILL.md +485 -0
  228. package/skills/offensive/airecon-fork/payloads-sqli/SKILL.md +419 -0
  229. package/skills/offensive/airecon-fork/payloads-ssrf/SKILL.md +125 -0
  230. package/skills/offensive/airecon-fork/payloads-ssti/SKILL.md +443 -0
  231. package/skills/offensive/airecon-fork/payloads-xss/SKILL.md +447 -0
  232. package/skills/offensive/airecon-fork/payloads-xxe/SKILL.md +172 -0
  233. package/skills/offensive/airecon-fork/postexploit-ad-credential-attacks/SKILL.md +306 -0
  234. package/skills/offensive/airecon-fork/postexploit-container-escape/SKILL.md +299 -0
  235. package/skills/offensive/airecon-fork/postexploit-credential-dumping/SKILL.md +249 -0
  236. package/skills/offensive/airecon-fork/postexploit-lateral-movement/SKILL.md +194 -0
  237. package/skills/offensive/airecon-fork/postexploit-linux-privesc/SKILL.md +252 -0
  238. package/skills/offensive/airecon-fork/postexploit-netexec-workflow/SKILL.md +302 -0
  239. package/skills/offensive/airecon-fork/postexploit-pivoting/SKILL.md +205 -0
  240. package/skills/offensive/airecon-fork/postexploit-windows-privesc/SKILL.md +210 -0
  241. package/skills/offensive/airecon-fork/protocols-active-directory/SKILL.md +314 -0
  242. package/skills/offensive/airecon-fork/protocols-dns/SKILL.md +203 -0
  243. package/skills/offensive/airecon-fork/protocols-ftp/SKILL.md +159 -0
  244. package/skills/offensive/airecon-fork/protocols-graphql/SKILL.md +648 -0
  245. package/skills/offensive/airecon-fork/protocols-kerberos/SKILL.md +168 -0
  246. package/skills/offensive/airecon-fork/protocols-ldap/SKILL.md +245 -0
  247. package/skills/offensive/airecon-fork/protocols-rdp/SKILL.md +186 -0
  248. package/skills/offensive/airecon-fork/protocols-smb/SKILL.md +191 -0
  249. package/skills/offensive/airecon-fork/protocols-smtp-imap/SKILL.md +263 -0
  250. package/skills/offensive/airecon-fork/protocols-snmp/SKILL.md +147 -0
  251. package/skills/offensive/airecon-fork/protocols-ssh/SKILL.md +287 -0
  252. package/skills/offensive/airecon-fork/reconnaissance-asn-whois-osint/SKILL.md +236 -0
  253. package/skills/offensive/airecon-fork/reconnaissance-ctf-methodology/SKILL.md +435 -0
  254. package/skills/offensive/airecon-fork/reconnaissance-dorking/SKILL.md +182 -0
  255. package/skills/offensive/airecon-fork/reconnaissance-exposed-devtools-detection/SKILL.md +513 -0
  256. package/skills/offensive/airecon-fork/reconnaissance-full-recon/SKILL.md +305 -0
  257. package/skills/offensive/airecon-fork/reconnaissance-internal-pentest/SKILL.md +202 -0
  258. package/skills/offensive/airecon-fork/reconnaissance-javascript-analysis/SKILL.md +167 -0
  259. package/skills/offensive/airecon-fork/reconnaissance-js-internal-hostname-intelligence/SKILL.md +391 -0
  260. package/skills/offensive/airecon-fork/reconnaissance-monitoring-secrets-exposure/SKILL.md +394 -0
  261. package/skills/offensive/airecon-fork/reconnaissance-shodan-censys/SKILL.md +279 -0
  262. package/skills/offensive/airecon-fork/reconnaissance-subdomain-enum/SKILL.md +952 -0
  263. package/skills/offensive/airecon-fork/technologies-cicd-attacks/SKILL.md +283 -0
  264. package/skills/offensive/airecon-fork/technologies-cloud-security/SKILL.md +299 -0
  265. package/skills/offensive/airecon-fork/technologies-docker-container/SKILL.md +266 -0
  266. package/skills/offensive/airecon-fork/technologies-elasticsearch/SKILL.md +226 -0
  267. package/skills/offensive/airecon-fork/technologies-firebase-firestore/SKILL.md +213 -0
  268. package/skills/offensive/airecon-fork/technologies-frida-hooking/SKILL.md +387 -0
  269. package/skills/offensive/airecon-fork/technologies-gitlab-github/SKILL.md +259 -0
  270. package/skills/offensive/airecon-fork/technologies-jenkins/SKILL.md +256 -0
  271. package/skills/offensive/airecon-fork/technologies-kubernetes-pentest/SKILL.md +281 -0
  272. package/skills/offensive/airecon-fork/technologies-memcached/SKILL.md +230 -0
  273. package/skills/offensive/airecon-fork/technologies-mobile-app-pentesting/SKILL.md +105 -0
  274. package/skills/offensive/airecon-fork/technologies-mongodb/SKILL.md +257 -0
  275. package/skills/offensive/airecon-fork/technologies-nginx-apache/SKILL.md +280 -0
  276. package/skills/offensive/airecon-fork/technologies-observability-stack-attacks/SKILL.md +501 -0
  277. package/skills/offensive/airecon-fork/technologies-redis/SKILL.md +236 -0
  278. package/skills/offensive/airecon-fork/technologies-supabase/SKILL.md +270 -0
  279. package/skills/offensive/airecon-fork/technologies-tomcat/SKILL.md +232 -0
  280. package/skills/offensive/airecon-fork/tools-advanced-fuzzing/SKILL.md +351 -0
  281. package/skills/offensive/airecon-fork/tools-browser-automation/SKILL.md +300 -0
  282. package/skills/offensive/airecon-fork/tools-caido/SKILL.md +776 -0
  283. package/skills/offensive/airecon-fork/tools-code-review/SKILL.md +71 -0
  284. package/skills/offensive/airecon-fork/tools-dalfox/SKILL.md +189 -0
  285. package/skills/offensive/airecon-fork/tools-hashcat-john/SKILL.md +258 -0
  286. package/skills/offensive/airecon-fork/tools-impacket/SKILL.md +227 -0
  287. package/skills/offensive/airecon-fork/tools-install/SKILL.md +202 -0
  288. package/skills/offensive/airecon-fork/tools-metasploit/SKILL.md +270 -0
  289. package/skills/offensive/airecon-fork/tools-nmap/SKILL.md +211 -0
  290. package/skills/offensive/airecon-fork/tools-nuclei/SKILL.md +175 -0
  291. package/skills/offensive/airecon-fork/tools-reporting/SKILL.md +47 -0
  292. package/skills/offensive/airecon-fork/tools-scripting/SKILL.md +1939 -0
  293. package/skills/offensive/airecon-fork/tools-semgrep/SKILL.md +202 -0
  294. package/skills/offensive/airecon-fork/tools-source-audit/SKILL.md +308 -0
  295. package/skills/offensive/airecon-fork/tools-sqlmap/SKILL.md +137 -0
  296. package/skills/offensive/airecon-fork/tools-tool-catalog/SKILL.md +320 -0
  297. package/skills/offensive/airecon-fork/tools-wapiti/SKILL.md +293 -0
  298. package/skills/offensive/airecon-fork/vulnerabilities-2fa-bypass/SKILL.md +219 -0
  299. package/skills/offensive/airecon-fork/vulnerabilities-account-takeover/SKILL.md +223 -0
  300. package/skills/offensive/airecon-fork/vulnerabilities-api-schema-exposure/SKILL.md +849 -0
  301. package/skills/offensive/airecon-fork/vulnerabilities-api-testing/SKILL.md +278 -0
  302. package/skills/offensive/airecon-fork/vulnerabilities-auth-workflow/SKILL.md +252 -0
  303. package/skills/offensive/airecon-fork/vulnerabilities-authentication-jwt/SKILL.md +158 -0
  304. package/skills/offensive/airecon-fork/vulnerabilities-bfla/SKILL.md +156 -0
  305. package/skills/offensive/airecon-fork/vulnerabilities-blind-xss/SKILL.md +111 -0
  306. package/skills/offensive/airecon-fork/vulnerabilities-business-logic/SKILL.md +313 -0
  307. package/skills/offensive/airecon-fork/vulnerabilities-cors/SKILL.md +242 -0
  308. package/skills/offensive/airecon-fork/vulnerabilities-crlf-injection/SKILL.md +146 -0
  309. package/skills/offensive/airecon-fork/vulnerabilities-csrf/SKILL.md +200 -0
  310. package/skills/offensive/airecon-fork/vulnerabilities-csrf-advanced-bypass/SKILL.md +536 -0
  311. package/skills/offensive/airecon-fork/vulnerabilities-deserialization/SKILL.md +363 -0
  312. package/skills/offensive/airecon-fork/vulnerabilities-dom-based-vulnerabilities/SKILL.md +105 -0
  313. package/skills/offensive/airecon-fork/vulnerabilities-exploitation/SKILL.md +286 -0
  314. package/skills/offensive/airecon-fork/vulnerabilities-grpc/SKILL.md +123 -0
  315. package/skills/offensive/airecon-fork/vulnerabilities-host-header-injection/SKILL.md +169 -0
  316. package/skills/offensive/airecon-fork/vulnerabilities-http-smuggling/SKILL.md +411 -0
  317. package/skills/offensive/airecon-fork/vulnerabilities-idor/SKILL.md +705 -0
  318. package/skills/offensive/airecon-fork/vulnerabilities-information-disclosure/SKILL.md +867 -0
  319. package/skills/offensive/airecon-fork/vulnerabilities-insecure-file-uploads/SKILL.md +190 -0
  320. package/skills/offensive/airecon-fork/vulnerabilities-jwt-attacks/SKILL.md +270 -0
  321. package/skills/offensive/airecon-fork/vulnerabilities-kubernetes/SKILL.md +252 -0
  322. package/skills/offensive/airecon-fork/vulnerabilities-mass-assignment/SKILL.md +788 -0
  323. package/skills/offensive/airecon-fork/vulnerabilities-nosql-injection/SKILL.md +204 -0
  324. package/skills/offensive/airecon-fork/vulnerabilities-oauth-misconfig/SKILL.md +220 -0
  325. package/skills/offensive/airecon-fork/vulnerabilities-oauth-saml/SKILL.md +163 -0
  326. package/skills/offensive/airecon-fork/vulnerabilities-open-redirect/SKILL.md +167 -0
  327. package/skills/offensive/airecon-fork/vulnerabilities-password-reset-poisoning/SKILL.md +66 -0
  328. package/skills/offensive/airecon-fork/vulnerabilities-path-traversal/SKILL.md +192 -0
  329. package/skills/offensive/airecon-fork/vulnerabilities-privilege-escalation/SKILL.md +320 -0
  330. package/skills/offensive/airecon-fork/vulnerabilities-prototype-pollution/SKILL.md +242 -0
  331. package/skills/offensive/airecon-fork/vulnerabilities-race-conditions/SKILL.md +192 -0
  332. package/skills/offensive/airecon-fork/vulnerabilities-rce/SKILL.md +240 -0
  333. package/skills/offensive/airecon-fork/vulnerabilities-sensitive-file-pii-exposure/SKILL.md +589 -0
  334. package/skills/offensive/airecon-fork/vulnerabilities-spring4shell/SKILL.md +86 -0
  335. package/skills/offensive/airecon-fork/vulnerabilities-sql-injection/SKILL.md +313 -0
  336. package/skills/offensive/airecon-fork/vulnerabilities-ssrf/SKILL.md +183 -0
  337. package/skills/offensive/airecon-fork/vulnerabilities-ssti/SKILL.md +344 -0
  338. package/skills/offensive/airecon-fork/vulnerabilities-subdomain-takeover/SKILL.md +160 -0
  339. package/skills/offensive/airecon-fork/vulnerabilities-supply-chain/SKILL.md +125 -0
  340. package/skills/offensive/airecon-fork/vulnerabilities-unhandled-exception-differential/SKILL.md +742 -0
  341. package/skills/offensive/airecon-fork/vulnerabilities-waf-detection/SKILL.md +90 -0
  342. package/skills/offensive/airecon-fork/vulnerabilities-web-cache-poisoning/SKILL.md +233 -0
  343. package/skills/offensive/airecon-fork/vulnerabilities-websocket/SKILL.md +180 -0
  344. package/skills/offensive/airecon-fork/vulnerabilities-xss/SKILL.md +316 -0
  345. package/skills/offensive/airecon-fork/vulnerabilities-xxe/SKILL.md +222 -0
package/skills/offensive/airecon-fork/ctf-forensics/SKILL.md ADDED
@@ -0,0 +1,253 @@
1
+ <!-- aegis-local: forked 2026-05-04 from pikpikcu/airecon@9a21453459d87eefb012ea355c79b593d0d3c0cc (MIT-licensed); attribution preserved, see ATTRIBUTION.md -->
2
+
3
+ ---
4
+ name: ctf-forensics
5
+ description: CTF forensics — file carving, steganography, pcap/network analysis, memory forensics, disk forensics, and metadata extraction using CLI tools in Kali Linux
6
+ ---
7
+
8
+ # CTF Forensics
9
+
10
+ Forensics = extract hidden data from files, network captures, memory dumps, and disk images.
11
+
12
+ **Install:**
13
+ ```
14
+ sudo apt-get install -y binwalk foremost exiftool steghide stegseek outguess file strings xxd hexdump tshark wireshark-common volatility3 pngcheck
15
+ pip install stegoveritas --break-system-packages
16
+ pip install oletools --break-system-packages
17
+ sudo apt-get install -y zsteg
18
+ # stegseek: wget https://github.com/RickdeJager/stegseek/releases/latest/download/stegseek_0.6-1.deb && dpkg -i stegseek*.deb
19
+ ```
20
+
21
+ ---
22
+
23
+ ## File Analysis — First Steps
24
+
25
+ # Always start here for any unknown file:
26
+ file challenge.xxx # True file type (ignore extension)
27
+ xxd challenge.xxx | head -20 # Hex dump — check magic bytes
28
+ strings -n 6 challenge.xxx # Printable strings, min length 6
29
+ exiftool challenge.xxx # All metadata
30
+
31
+ # Common magic bytes:
32
+ # PNG: 89 50 4E 47 0D 0A 1A 0A
33
+ # JPEG: FF D8 FF
34
+ # ZIP: 50 4B 03 04
35
+ # PDF: 25 50 44 46
36
+ # ELF: 7F 45 4C 46
37
+ # GIF: 47 49 46 38
38
+ # RAR: 52 61 72 21
39
+ # 7z: 37 7A BC AF
40
+
41
+ # Check for embedded files:
42
+ binwalk challenge.xxx # Show embedded files
43
+ binwalk -e challenge.xxx # Extract all embedded files
44
+ binwalk -D 'png image:png' challenge.xxx # Extract specific type only
45
+ foremost -i challenge.xxx -o output/ # Alternative file carver
46
+
47
+ ---
48
+
49
+ ## Steganography
50
+
51
+ ### Image Steganography
52
+
53
+ # Check LSB steganography (most common):
54
+ zsteg challenge.png # PNG: check all LSB channels
55
+ zsteg -a challenge.png # All possible bitplanes
56
+
57
+ # steghide — extract hidden data (JPEG/BMP):
58
+ steghide info challenge.jpg # Check if data embedded
59
+ steghide extract -sf challenge.jpg # Extract (will ask passphrase)
60
+ steghide extract -sf challenge.jpg -p "" # Try empty passphrase
61
+ steghide extract -sf challenge.jpg -p "password" # Try password
62
+
63
+ # stegseek — bruteforce steghide passphrase:
64
+ stegseek challenge.jpg /usr/share/wordlists/rockyou.txt
65
+
66
+ # outguess:
67
+ outguess -r challenge.jpg output.txt
68
+
69
+ # stegoveritas — comprehensive image steg analysis:
70
+ stegoveritas challenge.png
71
+ stegoveritas challenge.png -steghide -wordlist /usr/share/wordlists/rockyou.txt
72
+
73
+ # pngcheck — PNG chunk analysis:
74
+ pngcheck -v challenge.png
75
+
76
+ # Check image pixels (Python):
77
+ python3 -c "
78
+ from PIL import Image
79
+ img = Image.open('challenge.png')
80
+ pixels = list(img.getdata())
81
+ # Extract LSB of each pixel
82
+ bits = [p[0] & 1 for p in pixels[:100]]
83
+ print(bits)
84
+ "
85
+
86
+ ### Audio Steganography
87
+
88
+ # Spectrogram analysis:
89
+ sox challenge.wav -n spectrogram -o spec.png
90
+ # Or: python3 -c "import scipy.io.wavfile as wav; import matplotlib.pyplot as plt; import numpy as np; r,d=wav.read('challenge.wav'); plt.specgram(d,Fs=r); plt.savefig('spec.png')"
91
+
92
+ # LSB in WAV:
93
+ python3 -c "
94
+ import wave, struct
95
+ f = wave.open('challenge.wav', 'r')
96
+ frames = f.readframes(-1)
97
+ samples = struct.unpack(f'<{len(frames)//2}h', frames)
98
+ bits = [s & 1 for s in samples[:200]]
99
+ chars = [chr(int(''.join(map(str, bits[i:i+8])), 2)) for i in range(0, len(bits)-8, 8)]
100
+ print(''.join(chars))
101
+ "
102
+
103
+ # mp3stego: mp3stego-decode -X -P password challenge.mp3 output.txt
104
+
105
+ ### Text Steganography
106
+
107
+ # Check for whitespace encoding (SNOW):
108
+ cat -A challenge.txt | grep ' ' # trailing spaces/tabs
109
+ # stegsnow: sudo apt-get install -y stegsnow
110
+ stegsnow -C challenge.txt
111
+
112
+ # Unicode zero-width characters:
113
+ python3 -c "
114
+ text = open('challenge.txt', 'rb').read()
115
+ hidden = [hex(b) for b in text if b in [0xe2, 0x80, 0x8b, 0x8c, 0x8d, 0xad]]
116
+ print(hidden[:20])
117
+ "
118
+
119
+ ---
120
+
121
+ ## Network / PCAP Analysis
122
+
123
+ # Open PCAP:
124
+ tshark -r challenge.pcap -V | head -50 # Verbose first packet
125
+ tshark -r challenge.pcap -Y "http" # Filter HTTP
126
+ tshark -r challenge.pcap -Y "dns" # Filter DNS
127
+
128
+ # Extract HTTP objects (images, files):
129
+ tshark -r challenge.pcap --export-objects http,output/http_files/
130
+ tshark -r challenge.pcap --export-objects smb,output/smb_files/
131
+
132
+ # Follow TCP stream (conversation):
133
+ tshark -r challenge.pcap -Y "tcp.stream==0" -T fields -e data | xxd
134
+
135
+ # Extract credentials from PCAP:
136
+ tshark -r challenge.pcap -Y "http.request.method==POST" -T fields \
137
+ -e http.host -e http.request.uri -e http.request.body
138
+
139
+ # Find all DNS queries:
140
+ tshark -r challenge.pcap -Y "dns.qry.name" -T fields -e dns.qry.name | sort -u
141
+
142
+ # FTP/SMTP/Telnet credentials (cleartext):
143
+ tshark -r challenge.pcap -Y "ftp" -T fields -e ftp.request.command -e ftp.request.arg
144
+ strings challenge.pcap | grep -i "PASS\|USER\|AUTH\|login"
145
+
146
+ # Extract all data from UDP streams (DNS tunneling):
147
+ tshark -r challenge.pcap -Y "dns" -T fields -e dns.qry.name | sort -u
148
+
149
+ ---
150
+
151
+ ## Memory Forensics (Volatility 3)
152
+
153
+ # Install: sudo apt-get install -y volatility3
154
+ # OR: pip install volatility3 --break-system-packages
155
+
156
+ # Identify OS profile first:
157
+ vol -f memory.dmp windows.info # Windows
158
+ vol -f memory.dmp linux.bash # Linux
159
+
160
+ # Windows processes:
161
+ vol -f memory.dmp windows.pslist # Running processes
162
+ vol -f memory.dmp windows.pstree # Process tree
163
+ vol -f memory.dmp windows.cmdline # Command line per process
164
+ vol -f memory.dmp windows.netscan # Network connections
165
+
166
+ # Dump process memory:
167
+ vol -f memory.dmp windows.dumpfiles --pid <PID>
168
+ vol -f memory.dmp windows.memmap --pid <PID> --dump
169
+
170
+ # Extract credentials:
171
+ vol -f memory.dmp windows.hashdump # NTLM hashes from SAM
172
+ vol -f memory.dmp windows.lsadump # LSA secrets
173
+
174
+ # Find files:
175
+ vol -f memory.dmp windows.filescan | grep -i "flag\|secret\|password"
176
+
177
+ # Registry hives:
178
+ vol -f memory.dmp windows.registry.hivelist
179
+ vol -f memory.dmp windows.registry.printkey --key "SOFTWARE\Microsoft\Windows\CurrentVersion\Run"
180
+
181
+ # Strings in memory:
182
+ strings memory.dmp | grep -i "flag{\|CTF{\|password\|secret" | head -30
183
+
184
+ ---
185
+
186
+ ## Disk Image Forensics
187
+
188
+ # Mount disk image:
189
+ file disk.img
190
+ fdisk -l disk.img # Show partitions
191
+ sudo mount -o loop,offset=$((512*2048)) disk.img /mnt/disk
192
+
193
+ # Extract partition from image:
194
+ dd if=disk.img of=partition.img bs=512 skip=2048 count=<sectors>
195
+
196
+ # Recover deleted files:
197
+ sudo apt-get install -y testdisk photorec
198
+ photorec disk.img # GUI-less recovery
199
+ testdisk disk.img # Partition/MBR recovery
200
+
201
+ # Search for strings in raw image:
202
+ strings disk.img | grep -i "flag\|pass\|secret\|CTF"
203
+ grep -boa 'flag{' disk.img # Binary search for flag pattern
204
+
205
+ ---
206
+
207
+ ## Archive / ZIP Analysis
208
+
209
+ # Test ZIP password:
210
+ zip2john challenge.zip > zip.hash
211
+ john zip.hash --wordlist=/usr/share/wordlists/rockyou.txt
212
+
213
+ # hashcat:
214
+ zip2john challenge.zip | tee zip.hash
215
+ hashcat -m 13600 zip.hash /usr/share/wordlists/rockyou.txt
216
+
217
+ # Check ZIP structure:
218
+ unzip -l challenge.zip # List contents
219
+ unzip -t challenge.zip # Test integrity
220
+
221
+ # Extract without password (known plaintext attack):
222
+ # If you know one file in the ZIP → pkcrack
223
+ sudo apt-get install -y pkcrack
224
+
225
+ ---
226
+
227
+ ## Office Document Forensics
228
+
229
+ # Extract macros and embedded objects:
230
+ # oletools: pip install oletools --break-system-packages
231
+ oleid challenge.docx # Check for macros, encryption
232
+ olevba challenge.docx # Extract VBA macros
233
+ oleobj challenge.docx # Extract embedded objects
234
+ rtfobj challenge.rtf # Extract from RTF
235
+
236
+ # strings on office docs:
237
+ strings challenge.docx | grep -i "flag\|pass\|http"
238
+
239
+ ---
240
+
241
+ ## Pro Tips
242
+
243
+ 1. Always run `file` + `xxd | head` + `strings` + `exiftool` on every challenge file first
244
+ 2. PNG → `zsteg -a` first; JPEG → `steghide` + `stegseek` brute force
245
+ 3. PCAP → `--export-objects http` to get all transferred files; check DNS for tunneling
246
+ 4. Memory dump → `windows.pslist` + `windows.cmdline` → suspicious processes first
247
+ 5. ZIP with password → `zip2john` + john/hashcat with rockyou
248
+ 6. Office docs → `olevba` to extract macros (often contains flag or dropper)
249
+ 7. Look for "appended data" after EOF: `binwalk` or `cat file.jpg file2.zip`
250
+
251
+ ## Summary
252
+
253
+ Forensics checklist: `file` → `binwalk -e` → `strings` → `exiftool` → steg tools (`zsteg`/`steghide`/`stegseek`) → PCAP (`tshark --export-objects`) → memory (`vol windows.pslist` + `hashdump`) → archives (`zip2john` + crack). Every file type has a specific toolchain — apply systematically.