Skip to content

Releases: gl0bal01/intel-codex

Intel Codex - v2.0.0

27 Apr 21:11
@gl0bal01 gl0bal01
v2.0.0
4887fb1

Choose a tag to compare

View all tags
Intel Codex - v2.0.0 Latest
Latest

🧠 Intel Codex (v2.0.0)

Intel Codex is an operational manual for digital investigators, security analysts, OSINT practitioners, and CTF players, maintained as an Obsidian vault with mirrored Docusaurus publication.

📊 By the Numbers

41 SOPs (up from ~30 at v1.0.0) | 20 Investigation Guides | 21 Security Procedures | 9 CTF Resources

Domain v1.0.0 v2.0.0 Delta
Investigations / Platforms 7 8 +discord
Investigations / Techniques 9 12 +darkweb-investigation, blockchain-investigation, mixer-tracing
Security / Analysis 6 10 +smart-contract-audit, cloud-forensics, saas-log-forensics, email-bec-forensics
Security / Pentesting 8 11 +cloud-pentest, wireless-rf-pentest, container-k8s-pentest

🔍 What's New Since v1.0.0

11 new SOPs added across four buildout cycles:

Investigations / Platforms

  • sop-platform-discord — server / channel / bot investigation, snowflake-ID timestamp extraction, DiscordChatExporter ToS framing, webhook discovery, voice-channel surveillance discipline, sensitive-crime hard stop

Investigations / Techniques

  • sop-darkweb-investigation — Tor / I2P navigation, hidden-service enumeration, marketplace OSINT, vendor PGP pivots, ransomware leak-site tracking
  • sop-blockchain-investigation — multi-chain tracing, address clustering, bridge read-flow tracing, sanctions integration, court-admissibility (Sterlingov framework)
  • sop-mixer-tracing — CoinJoin clustering attacks, Tornado Cash on-chain heuristics, cross-chain bridge obfuscation, privacy-coin research limits, regulatory event timeline

Security / Analysis

  • sop-smart-contract-audit — audit lifecycle, SWC registry, vulnerability classes (reentrancy / oracle / MEV / upgrade / governance), tooling (Slither / Echidna / Foundry / Halmos), formal verification
  • sop-cloud-forensics — IaaS-plane forensics across AWS / Azure / GCP: control-plane log collection, IAM principal-action reconstruction, region-sweep, log-tampering detection, container-runtime artifacts
  • sop-saas-log-forensics — SaaS-tenant identity / collaboration plane: M365 UAL + Purview, Workspace Reports + Vault, Okta System Log + ITP, Slack Audit + Discovery, Salesforce Setup Audit Trail, GitHub / GitLab audit, OAuth consent-grant abuse
  • sop-email-bec-forensics — header forensics, SPF / DKIM / DMARC / ARC mechanics, lookalike-domain detection, M365 / Workspace message-trace, secure-email-gateway forensics, wire-recall pathway, BEC scenario taxonomy

Security / Pentesting

  • sop-cloud-pentest — AWS / Azure / GCP offensive: IAM enumeration, federated-trust abuse, metadata-service exploitation, Workload Identity bridges, with §12 SaaS Collaboration Plane (M365 / Workspace / Slack / Salesforce / GitHub offensive)
  • sop-wireless-rf-pentest — Wi-Fi / Bluetooth / Zigbee / Matter / SDR / NFC authorized testing
  • sop-container-k8s-pentest — pod escapes, RBAC abuse, admission-controller bypass, Workload Identity → Cloud bridge, runtime CVE landscape (Leaky Vessels), supply-chain & persistence

🛠️ New Tooling Layer (.omc/)

  • tools/build-vault-state.sh — generates .omc/vault-state.md (SOP inventory + per-folder counts) from filesystem
  • tools/check-vault.sh — vault hygiene linter: front-matter updated: field, Legal & Ethics cross-reference presence, [verify YYYY-MM-DD] marker freshness (180-day staleness gate), wikilink-target resolution, vault-state count parity
  • .omc/watchlist.md — manually-authored field-evolution rotation tiers (Fast / Medium / Slow) by SOP, used to schedule periodic refresh passes
  • .omc/gaps.md — capability-gap registry (no auto-promotion; SOP additions require explicit user decision)
  • .omc/refresh-log.md — change-history journal for periodic audit and production-readiness passes

📐 Structural & Quality Improvements

  • Forensics relocationsop-forensics-investigation.md moved from Security/Pentesting/ to Security/Analysis/ (defensive scope match)
  • Phase-3 refactorsop-financial-aml-osint §5 Cryptocurrency Tracing trimmed from ~100 lines to ~30 lines (analyst quick-reference); deep tracing methodology now lives in dedicated sop-blockchain-investigation and sop-mixer-tracing
  • Production-readiness pass on every Security SOP — fixed inaccuracies (deprecated tool renames, modern Suricata syntax, packed-sample handling, modern EDR / AV evasion techniques, HTA / disk-image analysis), removed [inferred] markers in favor of grounded references
  • Cross-link contract enforcement — every wikilink now resolves to a live file; (planned) sop-... reference graph is empty
  • Production-readiness pass on Telegram SOP — added top blockquote, Table of Contents, Telegram-ID structure note, and Legal & Ethical Considerations block; cross-links to legal-ethics + opsec-plan + sensitive-crime-escalation
  • CLAUDE.md anchor — project conventions, authoring rules, and folder-placement guidance consolidated; SOP inventory + counts + watchlist + gaps moved out of CLAUDE.md into the new generated .omc/vault-state.md (regenerable, lintable)

🔧 Build & Publishing

  • GitHub Actions workflow added (.github/workflows/mirror.yml) to mirror main to Codeberg
  • Docusaurus site compatibility verified — MDX-unsafe brace expressions fixed across the vault ({customDestinations,...}, {names}, {{date}}); future builds gate on tools/check-vault.sh lint clean

🎯 Compatibility

  • Obsidian v1.0+ — vault is the source of truth; uses Wikilinks, Dataview (one file only: Investigations-Index.md), and YAML front matter
  • Docusaurus — mirrored via an out-of-tree vault-sync plugin; index.md = Docusaurus landing, README.md = Obsidian / GitHub landing (kept in sync; counts verified by tools/check-vault.sh)
  • GitHub — README renders cleanly on the repository page; Cases content uses Markdown relative paths (Cases is outside the Docusaurus sync scope)

📚 Documentation

  • README.md — Obsidian / GitHub landing page with section map, learning paths, and quick start
  • index.md — Docusaurus landing page (mirror of README content with Docusaurus-specific link forms)
  • CLAUDE.md — authoring conventions and folder-placement rules
  • Cases/Investigation-Workflow.md — visual end-to-end investigation flow
  • Cases/Glossary.md — 100+ OSINT terms defined
  • Cases/2025-001-Example-Investigation/ — complete crypto-scammer investigation walkthrough

⚖️ License

Licensed under the MIT License. Educational and authorized investigative use only — review Investigations/Techniques/sop-legal-ethics.md before any engagement.

Full Changelog: v1.0.0...v2.0.0

Assets 2
Loading

Intel Codex - v1.0.0

21 Oct 19:53
@gl0bal01 gl0bal01
v1.0.0
127270b
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode.

Choose a tag to compare

View all tags
Intel Codex - v1.0.0

🧠 Intel Codex (v1.0.0)

Intel Codex is an operational manual for digital investigators, security analysts, and OSINT practitioners, designed for integration within Obsidian vaults and markdown-based systems.

🔍 Overview

This release introduces the Obsidian Edition of Intel Codex — a modular intelligence framework providing:

  • Standard Operating Procedures (SOPs) for digital investigations & security assessments
  • Platform-specific OSINT & COMINT collection guides
  • Practical case studies demonstrating real-world application
  • Malware analysis and penetration testing workflows
  • Legal, ethical, and OPSEC frameworks
  • Obsidian YAML metadata structure for clean indexing
Loading