Linux

terminal-ops is an evidence-first repo execution skill for terminal work. Use it to run commands, inspect git state, debug CI or builds, and make narrow fixes with proof of what changed and what was verified. This terminal-ops guide helps reduce guesswork for Code Editing and repo operations.

detecting-rootkit-activity is a Malware Analysis skill for finding rootkit indicators such as hidden processes, hooked system calls, altered kernel structures, hidden modules, and covert network artifacts. It uses cross-view comparison and integrity checks to help validate suspicious hosts when standard tools disagree.

configuring-host-based-intrusion-detection guide for setting up HIDS with Wazuh, OSSEC, or AIDE to monitor file integrity, system changes, and compliance-focused endpoint security for Security Audit workflows.

burpsuite-project-parser searches and extracts data from Burp Suite project files (.burp) using Burp Suite Professional and the burpsuite-project-file-parser extension. Use it for security audit findings, proxy history, site map entries, and regex searches across captured HTTP traffic.

The using-tmux-for-interactive-commands skill helps you run interactive CLI tools in detached tmux sessions. Use it for editors, REPLs, git rebase -i, and other terminal apps that need real-time input/output. It is a practical guide for Workflow Automation when you need start, send, capture, and stop control.

Use the windows-vm skill to create, manage, and SSH into a headless Windows 11 VM in Docker with KVM acceleration. It fits desktop automation, Windows app setup, and repeatable agent workflows when you need a real Windows environment without manual RDP.

openclaw-secure-linux-cloud helps you install and use OpenClaw securely on a Linux cloud host with a private-first setup, loopback binding, SSH tunneling, Tailscale or reverse proxy tradeoffs, and tight defaults for Podman, token auth, pairing, sandboxing, and tool permissions.

secure-linux-web-hosting helps safely set up or review Linux web hosting with distro-aware routing, SSH hardening, firewall changes, Nginx static or reverse-proxy setup, HTTPS issuance, and validation-first sequencing for Deployment work.

pylabrobot is a hardware-agnostic Python framework for lab automation. Use the pylabrobot skill to control liquid handlers, plate readers, pumps, incubators, and centrifuges, manage deck layouts, and simulate protocols before execution. Good for multi-vendor workflows and reproducible automation.

configuring-snort-ids-for-intrusion-detection skill for installing, configuring, validating, and tuning Snort 3 IDS on authorized network segments. Includes practical usage, rule loading, CLI checks, false-positive reduction, and Security Audit workflows.

eradicating-malware-from-infected-systems is a cybersecurity incident response skill for removing malware, backdoors, and persistence mechanisms after containment. It includes workflow guidance, reference files, and scripts for Windows and Linux cleanup, credential rotation, root-cause remediation, and validation.

detecting-privilege-escalation-attempts helps hunt privilege escalation on Windows and Linux, including token manipulation, UAC bypass, unquoted service paths, kernel exploits, and sudo/doas abuse. Built for threat hunting teams that need a practical workflow, reference queries, and helper scripts.

detecting-port-scanning-with-fail2ban helps configure Fail2ban to detect port scans, SSH brute force attempts, and reconnaissance, then ban suspicious IPs and alert security teams. This skill fits hardening and detecting-port-scanning-with-fail2ban for Security Audit workflows, with practical guidance for logs, jails, filters, and safe tuning.

analyzing-memory-dumps-with-volatility is a Volatility 3 skill for memory forensics, malware triage, hidden processes, injection, network activity, and credentials in RAM dumps on Windows, Linux, or macOS. Use it when you need a repeatable analyzing-memory-dumps-with-volatility guide for incident response and malware analysis.

analyzing-linux-kernel-rootkits helps DFIR and threat-hunting workflows detect Linux kernel rootkits with Volatility3 cross-view checks, rkhunter scans, and /proc vs /sys analysis for hidden modules, hooked syscalls, and tampered kernel structures. It is a practical analyzing-linux-kernel-rootkits guide for forensic triage.

analyzing-linux-elf-malware helps analyze suspicious Linux ELF binaries for malware analysis, with guidance for architecture checks, strings, imports, static triage, and early indicators of botnets, miners, rootkits, ransomware, and container threats.

detecting-container-escape-attempts helps investigate, detect, and triage container escape signals in Docker and Kubernetes. Use this detecting-container-escape-attempts guide for incident triage, escape vectors, alert interpretation, and response workflows based on Falco, Sysdig, auditd, and container inspection evidence.

deploying-osquery-for-endpoint-monitoring guide for deploying and configuring osquery for endpoint visibility, fleet-wide monitoring, and SQL-driven threat hunting. Use it to plan installation, read the workflow and API references, and operationalize scheduled queries, log collection, and centralized review across Windows, macOS, and Linux endpoints.

deploying-edr-agent-with-crowdstrike helps plan, install, and verify CrowdStrike Falcon sensor rollout across Windows, macOS, and Linux endpoints. Use this deploying-edr-agent-with-crowdstrike skill for install guidance, policy setup, telemetry-to-SIEM integration, and Incident Response readiness.

building-c2-infrastructure-with-sliver-framework helps authorized red team and Security Audit work plan, install, and use Sliver-based C2 infrastructure with redirectors, HTTPS listeners, operator access, and resilience checks. It includes a practical guide, workflow files, and repo scripts for deployment and validation.

The analyzing-persistence-mechanisms-in-linux skill helps investigate Linux persistence after compromise, including crontab jobs, systemd units, LD_PRELOAD abuse, shell profile changes, and SSH authorized_keys backdoors. It is designed for incident response, threat hunting, and security audit workflows with auditd and file-integrity checks.

analyzing-linux-system-artifacts helps investigate Linux hosts for compromise by reviewing auth logs, shell history, cron jobs, systemd services, SSH keys, and other persistence points. Use this analyzing-linux-system-artifacts guide for Security Audit, incident response, and forensic triage. It includes practical install and usage guidance.

analyzing-linux-audit-logs-for-intrusion is a Linux incident-response skill for auditd review, helping you find suspicious logins, privilege escalation, file tampering, and host intrusion evidence with ausearch, aureport, and auditctl.

analyzing-docker-container-forensics helps investigate compromised Docker containers by analyzing images, layers, volumes, logs, and runtime artifacts to identify malicious activity and preserve evidence. Use this analyzing-docker-container-forensics skill for a Security Audit, incident review, or container hardening assessment.