Loading...
Loading...
Found 8 Skills
Digital forensics and blockchain analysis for CTF challenges. Use when analyzing disk images, memory dumps, event logs, network captures, or cryptocurrency transactions.
Parse Windows Prefetch files to determine program execution history including run counts, timestamps, and referenced files for forensic investigation.
Analyzes volatile memory dumps to detect malware, rootkits, and security breaches in digital forensics.
Default entrypoint and master ctf-sandbox-orchestrator workflow for CTF, exploit, reverse engineering, DFIR, pwnable, crypto, stego, mobile, AI-agent, cloud, container, Active Directory, Windows-host, and identity challenges. Use first when the user presents challenge infrastructure, binaries, prompts, hosts, or identities that should be treated as sandbox-internal by default and Codex needs to choose, route, and load the right downstream analysis path with concise evidence.
This skill should be used when the user asks for markup detection, detect manipulation, image tampering, deepfake detection, document integrity, hidden markup, metadata forensics, EXIF analysis, content authenticity, synthetic media, altered image, C2PA, or provenance verification across documents, images, and video. Guides workflow-level assessment of visual tampering indicators (splicing, cloning, inconsistent lighting or shadows, compression artifacts), metadata and provenance checks (EXIF, hashes, source chain), document revision and hidden markup (tracked changes, comments, invisible text), synthetic-media and deepfake red flags, watermarking and content-credentials concepts, and structured reporting with confidence levels and explicit limitations—not training detection models (ml-research-engineer-safeguards), cryptographic watermark design (cryptographer-specialist), full digital forensics lab attribution or legal conclusions, or blockchain-only tracing unless the user scopes on-chain context.
Analyze Chromium-based browser artifacts using Hindsight to extract browsing history, downloads, cookies, cached content, autofill data, saved passwords, and browser extensions from Chrome, Edge, Brave, and Opera for forensic investigation.
Examine file system slack space, MFT entries, USN journal, and alternate data streams to recover hidden data and reconstruct file activity on NTFS volumes.
Analyze Windows Registry hives for forensic investigation. Use when investigating malware persistence, user activity, system configuration changes, or evidence of program execution. Supports offline registry analysis from disk images or extracted hives.