From 25b3f278e6f906aa56cac21c8e070258f3a13c7a Mon Sep 17 00:00:00 2001 From: FeelTheFonk Date: Thu, 19 Feb 2026 15:25:33 +0100 Subject: [PATCH] fix: remove CLAUDE.md from repo tracking (dev-only file) --- .gitignore | 1 + CLAUDE.md | 52 ---------------------------------------------------- 2 files changed, 1 insertion(+), 52 deletions(-) delete mode 100644 CLAUDE.md diff --git a/.gitignore b/.gitignore index 7c41557..afd900e 100644 --- a/.gitignore +++ b/.gitignore @@ -3,6 +3,7 @@ # Claude Code local settings (machine-specific) .claude/ +CLAUDE.md # Artifacts & Staging (never commit operational artifacts) *.log diff --git a/CLAUDE.md b/CLAUDE.md deleted file mode 100644 index 35a297f..0000000 --- a/CLAUDE.md +++ /dev/null @@ -1,52 +0,0 @@ -# CLAUDE.md - -This file provides guidance to Claude Code (claude.ai/code) when working with code in this repository. - -## Commands - -### Lint (local) -```powershell -Invoke-ScriptAnalyzer -Path . -Recurse -Severity Error,Warning -Settings ./PSScriptAnalyzerSettings.psd1 -``` -Zero errors and zero warnings are required. `PSAvoidUsingWriteHost` and `PSAvoidUsingPositionalParameters` are intentionally suppressed via `PSScriptAnalyzerSettings.psd1` (uses `ExcludeRules` format). - -### Syntax validation (local) -```powershell -Get-ChildItem -Path . -Filter *.ps1 -Recurse | ForEach-Object { - $err = $null - [System.Management.Automation.PSParser]::Tokenize((Get-Content $_.FullName -Raw), [ref]$err) | Out-Null - if ($err) { Write-Error "Syntax error in $($_.Name)" } -} -``` - -## Architecture - -The project is a three-phase PowerShell suite targeting Windows 11 24H2. Each phase corresponds to one numbered script. - -``` -Normal Mode (Admin) Safe Mode (Networking) Normal Mode (Post-Op) -1_prepare_safemode.ps1 → 2_kill_defender.ps1 → 3_verify_status.ps1 -- Privilege check (auto-run via RunOnce*) - Log audit -- Restore point - Token escalation - Process scan -- Payload staging - Registry ACL takeover - Service registry check -- RunOnce* injection - Service disable (11x) -- BCD safeboot set - Task disable -- Forced reboot - GPO injection (10 vals) - - BCD safeboot removed - - Forced reboot -``` - -**Phase 2 auto-execution mechanism:** Phase 1 writes the payload path into `HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce` under the key `*killSlop_Payload` (the `*` prefix forces execution in Safe Mode) and sets `bcdedit /set "{current}" safeboot network`. - -**Privilege escalation in Phase 2:** An inline C# `TokenManipulator` class is compiled at runtime via `Add-Type` to call `advapi32.dll` directly and enable `SeTakeOwnershipPrivilege`/`SeRestorePrivilege` on the process token. - -**Staging directory:** `C:\DefenderKill\` — contains the staged payload, the structured log `killSlop_log.txt`, and the raw PowerShell transcript `killSlop_transcript.txt`. - -## Commit conventions - -Semantic versioning is automated via GitHub Actions (`release.yml`) based on commit message prefixes: -- `fix:` → patch bump -- `feat:` → minor bump -- `BREAKING:` → major bump - -Releases are only cut from `main`. The `dev` branch is for development; open PRs to `main` to trigger a release.