Summary
This is a comprehensive IR playbook that walks you through the full incident lifecycle, from scoping and evidence collection through containment and reporting. It's built around Volatility 3, Plaso, and modern log analysis tools like Chainsaw and Hayabusa. The memory forensics section is genuinely useful, covering process injection detection, rootkit hunting, and credential extraction with specific commands you can run. What I appreciate is the practical timeline analysis workflow and the structured IOC extraction guidance. The reporting template alone saves hours when you're writing up findings at 2am. If you're doing incident response work, this gives you a solid procedural framework with the actual commands instead of just theory.
Install to Claude Code
npx -y skills add hypnguyen1209/offensive-claude --skill incident-response --agent claude-codeInstalls into .claude/skills of the current project.
Agent, run crypto. Access onchain data & trade routes via 1inch.
Install now →
On Capafy, your Skill runs online 24/7 as an agent product, and you get paid every time someone uses it.
Start earning →
An agent that runs the SEO playbooks that move rankings and ships PRs you control.
Get founding access →
Connect Claude to +800M contacts, +150M companies. Find & Enrich leads in chat.
Try For Free →Files
SKILL.md
Select a file.
Featured
Agent, run crypto. Access onchain data & trade routes via 1inch.
Install now →On Capafy, your Skill runs online 24/7 as an agent product, and you get paid every time someone uses it.
Start earning →An agent that runs the SEO playbooks that move rankings and ships PRs you control.
Get founding access →Connect Claude to +800M contacts, +150M companies. Find & Enrich leads in chat.
Try For Free →
