OpenCTI is an open-source platform for managing cyber threat intelligence knowledge, built on STIX 2.1 as its
Deploy and configure the Havoc C2 framework with teamserver, HTTPS listeners, redirectors, and Demon agents for
Build a structured SOC escalation matrix defining severity tiers, response SLAs, escalation paths, and notification
Builds SOC performance metrics and KPI tracking dashboards measuring Mean Time to Detect (MTTD), Mean Time to
Build comprehensive threat actor profiles using open-source intelligence (OSINT) techniques to document adversary
Deploy MISP (Malware Information Sharing Platform) to aggregate, correlate, and distribute threat intelligence
Build a systematic threat hunt hypothesis framework that transforms threat intelligence, attack patterns, and
Build automated threat intelligence enrichment pipelines in Splunk Enterprise Security using lookup tables, modular
Builds automated threat intelligence feed integration pipelines connecting STIX/TAXII feeds, open-source threat
Building a Threat Intelligence Platform (TIP) involves deploying and integrating multiple CTI tools into a unified
Patrones de colas de tareas asíncronas con Bull/BullMQ en NestJS para producción. Usar PROACTIVAMENTE cuando se trabaje con jobs programados, recordatorios, notificaciones…
C2框架免杀方法论:分析 C2 源码、搜索检测规则(YARA/Sigma/Snort)、逐规则分析、修改源码绕过检测。当遇到 YARA/Sigma/Snort 规则触发告警、beacon/implant 被杀软检测到时使用。第一步:确认 implant/beacon 语言和架构;第二步:搜索对应检测规则并逐规则分析修改
Caveman compresso solo per reasoning interno e prompt verso subagent. Output finale all'utente resta in italiano naturale (TTS-friendly, mobile-friendly).
Chief Investment Officer del Financial Intelligence System. Es el último agente en ejecutarse y el único con autoridad para emitir la recomendación final de inversión.
Answers questions about Claude Code features, configuration, and usage from local documentation synced from code.claude.com.
Consult official Claude Code documentation from code.claude.com using selective fetching. Use when working on hooks, skills, subagents, plugins, agent teams, MCP servers,…
Build production-grade, security-first network security applications (e.g., security modules like MCP/NCM/NPM/IPAM/STIG Manager/Syslog/IDS/IPS/SIEM/SOAR/), using Dockerized…
Run 150+ AI apps via inference.sh CLI (infsh) — image generation, video creation, LLMs, search, 3D, social automation. Uses the terminal tool.
Cross-platform cloud storage path resolution — OneDrive, iCloud, Dropbox path discovery and normalization
MISP (Malware Information Sharing Platform) is an open-source threat intelligence platform for gathering, sharing,
Maps NIST controls to FedRAMP requirements and documents. Use when helping with control implementation, compliance mapping, security baseline alignment, or understanding control…
Inspecteur des finances publiques IA. Simule un contrôle fiscal DGFIP complet sur les comptes d'une entreprise française (SASU, EURL, SAS, SARL).
Build, review, or improve Core Data persistence in apps that have not adopted SwiftData. Use when working with NSManagedObject subclasses, NSFetchedResultsController for…
Correlates security events in IBM QRadar SIEM using AQL (Ariel Query Language), custom rules, building blocks,
Correlates disparate security incidents, IOCs, and adversary behaviors across time and organizations to identify
Garnish — Craft CMS's built-in JavaScript UI toolkit for the control panel. Covers the full Garnish surface: class system (Garnish.Base.extend, init, setSettings, addListener,…
Create a new packet analyzer for Minecraft Bedrock logs. Generates template code, provides documentation links, and guides testing workflow.
Setup observability platform configuration (Datadog, Prometheus, Splunk) with REQ-* dashboards and alerts. Creates monitors for each requirement with SLA tracking.
Expert guidance for creating Claude Code slash commands. Use when working with slash commands, creating custom commands, understanding command structure, or learning YAML…
Expert guidance for creating, building, and using Claude Code subagents and the Task tool. Use when working with subagents, setting up agent configurations, understanding how…
Create and manage TMDD threat models grounded in actual codebase architecture. Use when the user wants to threat-model a system, add a feature, create security threat mappings,…
Use when designing or implementing a custom logging framework in Apex: log sObject schema, log level gating, retention policies, batch purge jobs, and forwarding logs to external…
Extrae parámetros críticos de datasheets técnicos de componentes electrónicos y microcontroladores, y los resume en lenguaje natural accesible para estudiantes.
Deploys and configures CrowdStrike Falcon EDR agents across enterprise endpoints to enable real-time threat
Detects prompt injection attacks targeting LLM-based applications using a multi-layered defense combining regex
Detect and prevent API enumeration attacks including BOLA and IDOR exploitation by monitoring sequential identifier
Detects arbitrary read vulnerabilities by identifying unchecked array indexing and out-of-bounds memory access.
Detects arbitrary write vulnerabilities by identifying unchecked array indexing and out-of-bounds memory writes.
Detect cyber attacks targeting OT historian servers (OSIsoft PI, Ignition, Wonderware) that sit at the IT/OT
Detects and analyzes Bluetooth Low Energy (BLE) security attacks including sniffing, replay attacks, GATT enumeration
Detects stack and heap buffer overflow vulnerabilities in binary code by identifying unsafe memory operations.
Business Email Compromise (BEC) is a sophisticated fraud scheme where attackers impersonate executives, vendors,
Deploy AI and NLP-powered detection systems to identify business email compromise attacks by analyzing writing
Detects OS command injection vulnerabilities by identifying unsafe system/popen/exec calls with user-controlled input.
Detecting compromised cloud credentials across AWS, Azure, and GCP by analyzing anomalous API activity, impossible
Detects AI-generated deepfake audio used in voice phishing (vishing) attacks by extracting spectral features
Detect DLL side-loading attacks where adversaries place malicious DLLs alongside legitimate applications to hijack
Detects double free vulnerabilities by identifying attempts to free the same memory block twice. Use when analyzing memory management, cleanup paths, or investigating heap…
Detect malicious email forwarding rules created by adversaries to maintain persistent access to email communications
Detects fileless malware and in-memory attacks that execute entirely in RAM without writing persistent files
Detects format string vulnerabilities by identifying unsafe printf family function calls with user-controlled format strings.
Detect Kerberos Golden Ticket forgery by analyzing Windows Event ID 4769 for RC4 encryption downgrades (0x17),
Detects information disclosure vulnerabilities including sensitive data in logs, error message exposure, and memory leaks.
Detects various injection vulnerabilities including SQL injection, LDAP injection, XPath injection, and code injection.
Detect insider threat behavioral indicators including unusual data access, off-hours activity, mass file downloads,
Implement User and Entity Behavior Analytics using Elasticsearch/OpenSearch to build behavioral baselines, calculate
Detects integer overflow and underflow vulnerabilities in arithmetic operations used for buffer sizing or allocation.
Detect Kerberoasting attacks by monitoring for anomalous Kerberos TGS requests targeting service accounts with
Detect adversary lateral movement across networks using Splunk SPL queries against Windows authentication logs,
Detect abuse of legitimate Windows binaries (LOLBins) used for living off the land attacks. Monitors process