Expert at analyzing the quality and effectiveness of Claude Code components (agents, skills, commands, hooks). Assumes component is already technically valid.
Identifies weak cryptographic algorithms, hardcoded keys, and insecure key management practices in binary code.
Structures cryptocurrency tax analysis with cost basis tracking, gain classification, and reporting requirements.
Analyzes intrusion activity against the Lockheed Martin Cyber Kill Chain framework to identify which phases
Analyze dependencies for known security vulnerabilities and outdated versions. Use when auditing third-party libraries.
Parse and analyze email headers to trace the origin of phishing emails, verify sender authenticity, and identify
Structures EM economic analysis with growth, inflation, external vulnerability, and political risk assessment.
Perform static and symbolic analysis of Solidity smart contracts using Slither and Mythril to detect reentrancy,
Reverse engineer Go-compiled malware using Ghidra with specialized scripts for function recovery, string extraction,
Detect and analyze heap spray attacks in memory dumps using Volatility3 plugins to identify NOP sled patterns,
Performs runtime mobile security exploration of iOS applications using Objection, a Frida-powered toolkit that
Uses the Linux Audit framework (auditd) with ausearch and aureport utilities to detect intrusion attempts, unauthorized
Analyzes malicious Linux ELF (Executable and Linkable Format) binaries including botnets, cryptominers, ransomware,
Analyzes malicious VBA macros embedded in Microsoft Office documents (Word, Excel, PowerPoint) to identify download
Executes malware samples in Cuckoo Sandbox to observe runtime behavior including process creation, file system
Use the Malpedia platform and API to research malware family relationships, track variant evolution, link families
Use Sysinternals Autoruns to systematically identify and analyze malware persistence mechanisms across registry
Detect sandbox evasion techniques in malware samples by analyzing timing checks, VM artifact queries, user interaction
Analyze cryptocurrency market sentiment using Fear & Greed Index, news analysis, and market momentum.
Detect and analyze covert communication channels used by malware including DNS tunneling, ICMP exfiltration,
Analyzes network traffic captures and flow data to identify adversary activity during security incidents, including
Analyzes network traffic generated by malware during sandbox execution or live incident response to identify
Captures and analyzes network packet data using Wireshark and tshark to identify malicious traffic patterns,
Process perform on-chain analysis including whale tracking, token flows, and network activity. Use when performing crypto analysis.
Track crypto options flow to identify institutional positioning and market sentiment. Use when tracking institutional options flow.
Identifies and unpacks UPX-packed and other packed malware samples to expose the original executable code for
Analyzes malicious PDF files using PDFiD, pdf-parser, and peepdf to identify embedded JavaScript, shellcode,
Analyzes network protocol implementations to identify parsing vulnerabilities, state machine issues, and protocol-level security problems.
Analyzes encryption algorithms, key management, and file encryption routines used by ransomware families to
Monitor and analyze ransomware group data leak sites (DLS) to track victim postings, extract threat intelligence
Identify ransomware network indicators including C2 beaconing patterns, TOR exit node connections, data exfiltration
Traces ransomware cryptocurrency payment flows using blockchain analysis tools such as Chainalysis Reactor,
Parses Software Bill of Materials (SBOM) in CycloneDX and SPDX JSON formats to identify supply chain vulnerabilities
Structures forward-looking scenario analysis with macroeconomic assumptions and portfolio impact assessment.
Analyze HTTP security headers of web domains to identify vulnerabilities and misconfigurations. Use when you need to audit website security headers, assess header compliance, or…
Leverages Splunk Enterprise Security and SPL (Search Processing Language) to investigate security incidents
Detects session management vulnerabilities including session fixation, session hijacking, and insecure cookie handling.
Evaluates sovereign creditworthiness with fiscal analysis, external vulnerability, political risk, and institutional quality assessment.
Investigate supply chain attack artifacts including trojanized software updates, compromised build pipelines,
Tracks untrusted input propagation from sources to sinks in binary code to identify injection vulnerabilities.
MITRE ATT&CK is a globally-accessible knowledge base of adversary tactics, techniques, and procedures (TTPs)
Map advanced persistent threat (APT) group tactics, techniques, and procedures (TTPs) to the MITRE ATT&CK framework
Analyzes structured and unstructured threat intelligence feeds to extract actionable indicators, adversary tactics,
Analyze the threat landscape using MISP (Malware Information Sharing Platform) by querying event statistics,
Queries Certificate Transparency logs via crt.sh and pycrtsh to detect phishing domains, unauthorized certificate
Evaluates real-world asset tokenization with legal structure, market infrastructure, and liquidity analysis.
Detect typosquatting, homograph phishing, and brand impersonation domains using dnstwist to generate domain permutations
Parse Apache and Nginx access logs to detect SQL injection attempts, local file inclusion, directory traversal,
Analyzes Windows Security, System, and Sysmon event logs in Splunk to detect authentication attacks, privilege
Expert Anchor smart contract development for Solana (January 2026). Use when (1) Writing or auditing Solana programs, (2) Implementing security patterns, (3) Defining account…
Adversarial System Design auditor that reviews SD deliverables (requirements, architecture, deep-dive, data flow, security, tradeoffs, evolution, product breakdown) plus ADRs and…
Scaffold a production-ready native Android app -- generate a complete Kotlin project with Jetpack Compose UI, MVVM architecture, Hilt dependency injection, Room database with…
AndroidアプリのセキュリティレビューをOWASP Mobile Top 10 2024およびMASVS (Mobile Application Security Verification Standard) の観点で実施し、Markdownレポートを生成する。 Use when: (1) Androidアプリのセキュリティ監査/レビュー依頼時 (2)…
Decompile Android APK, XAPK, JAR, and AAR files using jadx or Fernflower/Vineflower. Reverse engineer Android apps, extract HTTP API endpoints, trace call flows from UI to network…
Android security fundamentals: encrypted storage (EncryptedSharedPreferences, EncryptedFile), biometric authentication (BiometricPrompt, Credential Manager), network certificate…
Configure Android release build signing with dual-source credentials (env vars + gradle.properties)
Reviews iframe bindings and host bindings for Angular 15-era security and behavior hardening.
ALWAYS use when working with Angular Security, XSS prevention, CSRF protection, Content Security Policy, or sanitization in Angular applications.
Secure Anima and Figma tokens for design-to-code pipelines. Use when protecting API credentials, restricting Figma access scope, or hardening CI/CD design automation pipelines.
Finaler Red-Team-Check vor Einreichung: Nummern, Schriftsatzverweise, Dateien, Stempel, OCR, Schwärzung, Dateinamen, beA-Paket, Lücken und Begleitvermerk.