// runnable playbook

supply chain compromise

package compromise, build-system intrusion, signed-update poisoning. needs SBOM + dependency + build artifact analysis.

a guided path, not automation — each step opens a tool you run yourself; nothing uploads. progress is saved only in this browser.

// based on the curated pipeline

wraps the supply chain — binary triage preset — drop suspect binaries → YARA → PE header → compiler ID → similarity → DNA hash → IOC extract → report

methodology guide →worked example →full tool list + 11 more pipelines →

guided steps

0/8 done

01
evidence manifest generator
hash every binary before static analysis
open tool →methodology
your note (local only)
02
yara rule tester
run YARA rules against the suspect file set
open tool →methodology
your note (local only)
03
PE header in-memory anomaly detector
PE header anomalies that suggest packing or tampering
open tool →methodology
your note (local only)
04
binary compiler and language identifier
compiler / toolchain fingerprint from binary artifacts
open tool →methodology
your note (local only)
05
binary structural similarity scorer
similarity scoring across the input binary set
open tool →methodology
your note (local only)
06
file dna structural fingerprinter
structural DNA hash for cross-sample correlation
open tool →methodology
your note (local only)
07
ioc extractor
pull URLs, domains, and IPs from embedded strings
suggested options · format: json · aggregate: true
open tool →methodology
your note (local only)
08
case report generator
draft a report linking binary similarities to the compromise hypothesis
suggested options · title: supply chain — binary triage
open tool →methodology
your note (local only)

when you're done

export a run summary — a small JSON record of which steps you marked done, your notes, and a self-hash so the record can't be silently altered. it is your reproducibility note, not a per-tool receipt: each tool emits its own input→output receipt when you run it.