Loading...
Loading...
Found 8 Skills
Analyze network traffic captures and artifacts for forensic investigation. Use when investigating data exfiltration, command and control communications, lateral movement, or network-based attacks. Supports PCAP, PCAPNG, and NetFlow analysis.
Digital forensics tools for file carving, steganography detection, PCAP analysis, and entropy scanning in CTF challenges. Trigger: When analyzing files, steganography, PCAP traffic, or hidden data.
Internal downstream skill for ctf-sandbox-orchestrator. CTF-sandbox workflow for packet capture analysis, session reconstruction, application-protocol decoding, stream reassembly, beacon timing, and packet-to-process correlation. Use when the user asks to analyze a PCAP, rebuild TCP or UDP sessions, decode HTTP, WebSocket, DNS, custom C2, or binary protocols, extract transferred artifacts, or tie packet sequences to host or malware behavior. Use only after `$ctf-sandbox-orchestrator` has already established sandbox assumptions and routed here.
Embedded network debugging tool used for interface discovery, packet capture, pcap/pcapng analysis, connectivity testing, port scanning, and traffic statistics. It is automatically triggered when users mention network protocol debugging terms such as Wireshark, tshark, Npcap, packet capture, network joint debugging, port scanning, connectivity troubleshooting, pcap analysis, network interface, ping test, traceroute, traffic statistics, Modbus TCP, EtherNet/IP, etc. It also supports explicit invocation via /net. Even if users only say "capture a packet", "scan ports", "check network connectivity" or "analyze this pcap", this skill should be triggered as long as the context involves network communication debugging.
This skill should be used when the user asks to "analyze network traffic with Wireshark", "capture packets for troubleshooting", "filter PCAP files", "follow TCP/UDP streams", "dete...
Analyzes network traffic generated by malware during sandbox execution or live incident response to identify C2 protocols, data exfiltration channels, payload downloads, and lateral movement patterns using Wireshark, Zeek, and Suricata. Activates for requests involving malware network analysis, C2 traffic decoding, malware PCAP analysis, or network-based malware detection.
Automate network traffic analysis using tshark and pyshark for protocol statistics, suspicious flow detection, DNS anomaly identification, and IOC extraction from PCAP files
IoT network traffic analyzer for detecting IoT protocols and identifying security vulnerabilities in network communications. Use when you need to analyze network traffic, identify IoT protocols, or assess network security of IoT devices.