Skill UI

A comprehensive, step-by-step guide for security professionals to perform deep-dive malware analysis. It covers methodologies for static analysis (disassemblers, imports), dynamic execution (sandboxing, monitoring), identifying Indicators of Compromise (IOCs), and structuring professional threat reports. Essential for incident response and threat intelligence.

This comprehensive guide provides techniques for acquiring, analyzing, and extracting artifacts from memory dumps. It covers best practices for digital forensics, crucial for incident response and malware analysis. Users learn how to use industry-standard tools like Volatility 3 on Windows, Linux, and macOS, including process, network, and registry deep dives.

This specialized skill guides users through a structured, forensic investigation process when facing sudden, significant drops in organic traffic or search rankings. It is designed for incident scenarios—such as suspected penalties, Core Updates, major technical regressions, or unexplained traffic crashes—providing a systematic approach to triage, root-cause analysis, and developing a prioritized recovery plan.

A forensic tool for performing post-mortem analysis on AI-assisted coding sessions. It goes beyond simply stating what was done, determining *why* work deviated (e.g., spec ambiguity, repo friction, agent error), identifying scope creep, and classifying rework patterns. It provides evidence-backed recommendations to improve prompts, codebase health, and future development workflows.

This comprehensive guide details the professional workflow for performing digital forensic analysis on disk images using Autopsy and The Sleuth Kit. It covers environment setup, data source ingestion, recovering deleted files, extracting critical metadata (EXIF, MFT timestamps), and performing advanced keyword searches to build a complete investigative timeline and detailed case report.

A comprehensive guide and workflow for digital forensics investigators to analyze raw email headers. This tool helps trace the true origin of suspicious emails, verify sender authenticity, and detect advanced spoofing techniques by validating crucial protocols like SPF, DKIM, and DMARC. It covers everything from header parsing to domain infrastructure analysis and IP reputation checks.

This guide details the comprehensive process of using the Linux Audit framework (auditd) to detect advanced security threats. It covers deploying specific rules to monitor critical system files, detecting unauthorized privilege escalation, process injection, and suspicious system calls. Users can then leverage ausearch and aureport to efficiently query, reconstruct timelines, and summarize findings for forensic analysis and compliance auditing.

This skill provides a comprehensive method for detecting kernel-level rootkits on Linux systems. It leverages memory forensics using Volatility3 on physical memory dumps, combined with cross-view analysis (comparing /proc vs /sys) and live system scanning (rkhunter). Techniques include identifying hooked syscall tables, discovering hidden kernel modules, and detecting tampered system structures.

Comprehensive digital forensic analysis guide for Linux systems. It covers the collection and examination of critical artifacts such as authentication logs, shell histories, user configurations, system files (passwd, shadow), and persistence mechanisms to effectively detect security compromises, unauthorized access, and malicious activity.

This skill details the forensic analysis of Windows LNK shortcut files and Jump Lists. It enables investigators to reconstruct user activity, track file access, and determine program execution history by parsing critical metadata like timestamps, paths, and system identifiers, even when the original artifacts are deleted.

A comprehensive cybersecurity tool designed to analyze malicious VBA and XLM macros embedded within Microsoft Office documents (Word, Excel, PowerPoint). It facilitates deep forensic investigation by extracting, deobfuscating, and tracing the full attack chain, including identifying auto-execution triggers, payload download URLs, and file writing techniques. Useful for malware analysts investigating phishing campaigns and maldocs.

This guide details the process of performing static analysis on potentially malicious PDF documents. It utilizes advanced tools like peepdf, pdfid, and pdf-parser to extract embedded JavaScript, shellcode, and suspicious objects. Use this method when triaging suspicious attachments from phishing emails or conducting deep forensic examination of weaponized document artifacts to generate actionable Indicators of Compromise (IOCs).