SQL-powered forensic investigation and system interrogation using osquery to query operating systems as relational databases. Enables rapid evidence collection, threat hunting, and incident response across Linux, macOS, and Windows endpoints. Use when: (1) Investigating security incidents and collecting forensic artifacts, (2) Threat hunting across endpoints for suspicious activity, (3) Analyzing running processes, network connections, and persistence mechanisms, (4) Collecting system state during incident response, (5) Querying file hashes, user activity, and system configuration for compromise indicators, (6) Building detection queries for continuous monitoring with osqueryd.
/plugin marketplace add AgentSecOps/SecOpsAgentKit/plugin install appsec-skills@agent-sec-ops-kit-skillsThis skill inherits all available tools. When active, it can use any tool Claude has access to.
assets/forensic-packs/credential-access.confassets/forensic-packs/ir-triage.confassets/forensic-packs/lateral-movement.confassets/forensic-packs/persistence-hunt.confassets/osquery.confreferences/mitre-attack-queries.mdreferences/osqueryd-deployment.mdreferences/platform-differences.mdreferences/table-guide.mdBuild robust backtesting systems for trading strategies with proper handling of look-ahead bias, survivorship bias, and transaction costs. Use when developing trading algorithms, validating strategies, or building backtesting infrastructure.