mirror of
https://github.com/mukul975/Anthropic-Cybersecurity-Skills.git
synced 2026-07-18 21:49:40 +03:00
Add folder anatomy (scripts/agent.py + references/api-reference.md) for 648 cybersecurity skills
Complete skill folder anatomy across all cybersecurity skills: - scripts/agent.py: 80-150 line Python agents using real libraries (impacket, boto3, azure-mgmt-*, kubernetes, pefile, yara, scapy, shodan, stix2, etc.) - references/api-reference.md: real API documentation with method signatures - LICENSE: MIT license for all skill folders
This commit is contained in:
@@ -0,0 +1,47 @@
|
||||
# API Reference: Memory Forensics with Volatility 3
|
||||
|
||||
## Volatility 3 CLI
|
||||
|
||||
| Plugin | Description |
|
||||
|--------|-------------|
|
||||
| `windows.info` | OS version, kernel base, system time |
|
||||
| `windows.pslist` | List processes via EPROCESS linked list |
|
||||
| `windows.pstree` | Process tree with parent-child relationships |
|
||||
| `windows.psscan` | Pool scan for processes (finds hidden) |
|
||||
| `windows.malfind` | Detect injected code in process memory |
|
||||
| `windows.netscan` | Active network connections and listening ports |
|
||||
| `windows.cmdline` | Command line arguments for all processes |
|
||||
| `windows.dlllist` | DLLs loaded per process |
|
||||
| `windows.hashdump` | Extract cached NTLM password hashes |
|
||||
| `windows.lsadump` | LSA secrets from memory |
|
||||
| `windows.svcscan` | Windows services enumeration |
|
||||
| `windows.modules` | Loaded kernel modules |
|
||||
| `windows.modscan` | Pool scan for kernel modules (finds hidden) |
|
||||
| `windows.registry.hivelist` | List registry hives in memory |
|
||||
| `windows.registry.printkey` | Print specific registry key values |
|
||||
| `yarascan` | Scan memory with YARA rules |
|
||||
| `windows.memmap` | Dump process memory to disk |
|
||||
|
||||
## Common Flags
|
||||
|
||||
| Flag | Description |
|
||||
|------|-------------|
|
||||
| `-f <file>` | Memory dump file path |
|
||||
| `--pid <pid>` | Filter by process ID |
|
||||
| `--dump` | Dump matched content to files |
|
||||
| `-o <dir>` | Output directory for dumps |
|
||||
| `--yara-file <file>` | YARA rules file for scanning |
|
||||
|
||||
## Python Libraries
|
||||
|
||||
| Library | Version | Purpose |
|
||||
|---------|---------|---------|
|
||||
| `subprocess` | stdlib | Execute Volatility 3 CLI commands |
|
||||
| `re` | stdlib | Parse plugin output |
|
||||
|
||||
## References
|
||||
|
||||
- Volatility 3: https://github.com/volatilityfoundation/volatility3
|
||||
- Symbol tables: https://downloads.volatilityfoundation.org/volatility3/symbols/
|
||||
- LiME: https://github.com/504ensicsLabs/LiME
|
||||
- MemProcFS: https://github.com/ufrisk/MemProcFS
|
||||
Reference in New Issue
Block a user