by mukul975
detecting-container-escape-attempts helps investigate, detect, and triage container escape signals in Docker and Kubernetes. Use this detecting-container-escape-attempts guide for incident triage, escape vectors, alert interpretation, and response workflows based on Falco, Sysdig, auditd, and container inspection evidence.
by mukul975
The analyzing-persistence-mechanisms-in-linux skill helps investigate Linux persistence after compromise, including crontab jobs, systemd units, LD_PRELOAD abuse, shell profile changes, and SSH authorized_keys backdoors. It is designed for incident response, threat hunting, and security audit workflows with auditd and file-integrity checks.
by mukul975
analyzing-linux-system-artifacts helps investigate Linux hosts for compromise by reviewing auth logs, shell history, cron jobs, systemd services, SSH keys, and other persistence points. Use this analyzing-linux-system-artifacts guide for Security Audit, incident response, and forensic triage. It includes practical install and usage guidance.
by mukul975
analyzing-linux-audit-logs-for-intrusion is a Linux incident-response skill for auditd review, helping you find suspicious logins, privilege escalation, file tampering, and host intrusion evidence with ausearch, aureport, and auditctl.
