Data Exfiltrator

What it does

The data-exfiltrator skill identifies and extracts data from various sources, including files, databases, and network streams. It can then format this extracted data into a structured report or transmit it to a designated destination for further analysis or action. This capability is designed to aid in security investigations and incident response scenarios by quickly gathering relevant information.

When to use it

• Incident Response: Quickly extract logs and system files from a compromised host to analyze the attack vector.
• Data Discovery: Identify sensitive data stored within a database or file share that may be at risk.
• Forensic Analysis: Gather evidence from network traffic captures to reconstruct events leading up to an incident.
• Security Audits: Extract configuration files and user lists from systems for compliance verification.

Key capabilities

• Data extraction from various sources (files, databases, network streams)
• Structured data reporting
• Data transmission to designated destinations

Example prompts

• "Extract all log entries related to user 'john.doe' from the /var/log/auth.log file."
• "Retrieve all customer records containing credit card information from the database named 'customer_data'."
• "Capture and report on network traffic between IP address 192.168.1.100 and external server for the last 5 minutes."

Tips & gotchas

The skill's effectiveness depends heavily on providing accurate source information (file paths, database credentials, network addresses). Ensure proper permissions are granted to the AI agent before execution to avoid access errors.