3062e435ca
chore: Full consistency scan — AOC->PULSAR, fix training-data claims, fix 90% claim
...
AOC -> PULSAR across 10 files (engagement-model, retained-capability,
modular-engagements, blue-purple-team-foundation, about-cqre, about-cqre-cs,
consultant-field-guide, ai-assisted-tvm, m365-e3-hardening,
sovereign-tool-stack, risk-register-example).
Training-data framing corrected in:
- executive-summary.md: opening paragraph and risk table
- README.md: 90% solution claim -> 30-60% in 180 days
- modular-engagements.md: public API data use claim
- cis-controls-mapping.md: data protection framing
- antifragile-risk-register.md: risk entry softened to accurate framing
- azure-openai-sovereignty-bridge.md: consumer vs enterprise API distinction
Co-Authored-By: Tom Kracmar <tom+claude@cat6.cz >
2026-06-05 07:05:13 +00:00
48f891db36
feat: Fix review issues and integrate ASTRAL, PULSAR, AURORA product suite
...
Framework fixes:
- antifragile-manifest.md: Correct AI Sovereignty pillar (data residency/audit rights framing); add consultant note
- executive-summary.md: Same AI sovereignty correction; add EU Regulatory Context (NIS2, DORA, GDPR)
- README.md: Add Brownhat brand explanation; expand Standards Alignment with NIS2/DORA/GDPR
- core/about-cqre.md: Prominent TEMPLATE WARNING banner to prevent accidental sharing
- index.md: Add CQRE Product Suite; renumber consultant nav 1-26 consistently
New: playbooks/cqre-product-suite.md - ASTRAL/PULSAR/AURORA product reference with antifragile pillar alignment, regulatory mapping, deployment prerequisites, and objection handling
Updated: sovereign-tool-stack.md - ASTRAL updated to GitHub product spec; AOC replaced with PULSAR; AURORA section added
Co-Authored-By: Tom Kracmar <tom+claude@cat6.cz >
2026-06-05 04:59:20 +00:00
tomas.kracmar
64f73371c9
feat: Add engagement model, consultant field guide, deliverable templates, CQRE tools integration, and Czech localization
...
New documents:
- core/engagement-model.md: Full client-facing engagement lifecycle (Sections 1-6) plus consultant delivery discipline (Section 7)
- core/consultant-field-guide.md: Decision models, client qualification, module selection, 10 common mistakes, technical onboarding, proposal writing
- core/about-cqre.md: Company overview template with [PLACEHOLDER] markers for client-facing use
- core/about-cqre-cs.md: Czech version of company overview (O společnosti CQRE)
- core/executive-summary-cs.md: Czech translation of the board executive summary
- assessment-templates/nist-csf-baseline.md: Full Brownhat Diagnostic workshop methodology (NIST CSF 2.0)
- assessment-templates/nist-csf-baseline-cs.md: Czech version of Brownhat Diagnostic (for Czech-language workshops)
- assessment-templates/module-completion-report.md: Module completion package template
- assessment-templates/risk-register-example.md: 8 fully populated risk entries (Meridian Logistics GmbH fictional engagement)
- playbooks/privileged-access-architecture.md: Module 13 - Teleport, Tailscale/Headscale, JIT access, vendor governance
- playbooks/sovereign-communications.md: Module 14 - Delta Chat chatmail relay, Matrix/Element, crisis channels
Updated documents:
- playbooks/sovereign-tool-stack.md: Added Elysium, CAExporter, E8-CAT, macOS_IntuneManagement, IntunePolicyParser, M365-Scripts; updated capability matrix and module pairings
- core/modular-engagements.md: Module 2 now includes CAExporter as first step; Module 6 includes Elysium password audit
- reference/nist-csf-mapping.md: Added back-reference to nist-csf-baseline.md
- assessment-templates/README.md: Changed Q1/Q2/Q3/Q4 to Phase 1/2/3/4, added Status column
- index.md: Registered all new documents; restructured consultant navigation into three labeled groups (1-25)
- README.md: Updated directory tree; updated Quick Start for Consultants
Czech localization pointers:
- executive-summary.md: Added Česká verze pointer
- nist-csf-baseline.md: Added Česká verze pointer
- engagement-model.md: Added note that client-facing Czech translation is planned
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com >
2026-05-27 21:33:52 +02:00
tomas.kracmar
8228ed55c4
feat: Add commercial partnership strategy to sovereign tool stack
...
New section: 'When to Partner Commercially: The Partnership Doctrine'
Addresses the practical reality of a 5-person consultancy growing to
15-20: where open-source wins, where commercial wins, and the decision
framework for choosing between them.
Partnership Decision Framework:
- Capability (24/7 eyes-on-glass = partner)
- Compliance (audit demands vendor logo = partner)
- Scale (>5,000 endpoints = partner)
- Time to value (<30 days = partner)
- Margin (recurring revenue without proportional labour = partner)
- Differentiation (partner makes us generic = refuse)
Tier 1 Strategic Partnerships (deeply integrated):
- Huntress: Managed EDR for 24/7 coverage we cannot staff
- Thinkst Canary: Enterprise deception, high margin, low touch
- Tenable: Compliance-auditable VM for regulated clients
Tier 2 Situational Partnerships (deploy as needed):
- Delinea (PAM), KnowBe4 (awareness), Veeam (backup),
Proofpoint/Mimecast (email gateway)
Tier 3 Consultant Productivity (not resold):
- Burp Suite Pro, Cobalt Strike/Sliver, training
Also documents what we REFUSE to partner with (all-in-one platforms,
generic SIEM, opaque AI startups, M365 management competitors) and
provides a Year 1 vs Year 3 partnership portfolio roadmap.
2026-05-09 17:21:59 +02:00
tomas.kracmar
97222b0498
feat: Extended arsenal — 13 additional tools for red team, forensics, cloud offensive, and DevSecOps
...
Added to sovereign-tool-stack.md:
Red Team & Adversary Simulation:
- Sliver: open-source C2 replacing Cobalt Strike for adversary simulation
- Stratus Red Team: executes real cloud attack techniques (AWS/Azure/GCP)
- CloudFox: attacker-view cloud privilege mapping and exploitation
Container & Runtime Security:
- Falco: runtime threat detection for Kubernetes and Linux
- Tetragon: eBPF-based security observability (noted as alternative)
Endpoint Forensics & IR:
- Velociraptor: remote forensic artefact collection and hunting across
thousands of endpoints via VQL
Threat Intelligence:
- OpenCTI: structured threat actor/TTP/IOC correlation from Filigran
Deception:
- OpenCanary: lightweight honeypot for early network reconnaissance warning
Code & Secrets Security:
- GitLeaks: scans repositories for hardcoded secrets
- Semgrep: lightweight static analysis with full data sovereignty
Email Security Testing:
- GoPhish: open-source phishing simulation and user training
Certificate Monitoring:
- CertStream + crt.sh: real-time and historical certificate transparency
monitoring for subdomain discovery
Updated: Complete Capability Matrix, Per-Module Tool Pairing (Module 9
and 10 now include extended tools), Deployment Complexity table, and
Integration With Existing Frameworks cross-references.
2026-05-09 17:13:41 +02:00
tomas.kracmar
2b969af2a8
feat: Add sovereign tool stack and integrate ASTRAL/AOC across playbooks
...
New document: Sovereign Tool Stack — complete capability map for our
open-source consulting arsenal.
Documents updated:
- sovereign-tool-stack.md (new): Maps Prowler, BloodHound, CISO Assistant,
Purple Knight/Forest Druid, ASTRAL, and AOC to engagement modules and
antifragile pillars. Identifies 6 gaps with recommended closes:
Wazuh+Sysmon (EDR), Shuffle (SOAR), TheHive+Cortex (case management),
Cartography (cloud asset mapping), Syft+Grype+Trivy (containers),
Zeek+Suricata (network analysis). Includes per-module tool pairing,
deployment complexity matrix, and integration architecture.
- m365-e3-hardening.md: Added ASTRAL 'configuration immunity' section
and AOC audit log integration references
- endpoint-management-entry-vector.md: Added ASTRAL for Intune
configuration backup and drift detection
- modular-engagements.md: Added ASTRAL and AOC to Module 1/2/3
deliverables; linked sovereign tool stack
- retained-capability.md: Added AOC and Wazuh to detection engineering
description
- ai-assisted-tvm.md: Added AOC and Prowler to discovery layer table
- blue-purple-team-foundation.md: Added sovereign tool stack reference
for open-source SOC architecture
- zero-budget-hardening.md: Linked sovereign tool stack
- README.md + index.md: Added sovereign-tool-stack.md to navigation
2026-05-09 17:05:18 +02:00
Claude Sonnet 4.6
tomas.kracmar