The Agent Skills Directory

[DATA_EXFILTRATION]: The skill captures and exports extensive sensitive system information including physical memory images (via WinPmem or LiME), environment variables, and Windows registry persistence keys (e.g., Run hives). These artifacts commonly contain plaintext secrets, session tokens, and sensitive configuration data.\n- [COMMAND_EXECUTION]: Automated Python scripts (scripts/agent.py, scripts/process.py) utilize the subprocess module to execute system utilities for gathering network state, routing tables, and process hierarchies across Windows and Linux platforms.\n- [COMMAND_EXECUTION]: The collection process involves operations requiring elevated administrative or root privileges, such as loading kernel modules for memory extraction (insmod), querying service states (sc queryex), and exporting protected registry hives.\n- [DATA_EXFILTRATION]: Accesses protected system logs such as /var/log/auth.log on Linux systems and captures detailed process command lines, which may expose sensitive information passed as arguments.

collecting-volatile-evidence-from-compromised-host