Sponsored by

Find leads on Reddit on auto pilot

Agent skills
ai-agents

Topic: ai-agents

18,135 skills in this topic.

analyzing-linux-kernel-rootkits Detect kernel-level rootkits in Linux memory dumps using Volatility3 linux plugins (check_syscall, lsmod, hidden_modules), rkhunter system scanning, and /proc vs /sys discrepancy analysis to identify hooked syscalls, hidden kernel modules, and tampered system structures.
mukul975/Anthropic-Cybersecurity-Skills 4,300
analyzing-cloud-storage-access-patterns Detect abnormal access patterns in AWS S3, GCS, and Azure Blob Storage by analyzing CloudTrail Data Events, GCS audit logs, and Azure Storage Analytics. Identifies after-hours bulk downloads, access from new IP addresses, unusual API calls (GetObject spikes), and potential data exfiltration using statistical baselines and time-series anomaly detection.
mukul975/Anthropic-Cybersecurity-Skills 4,300
configuring-zscaler-private-access-for-ztna Configuring Zscaler Private Access (ZPA) to replace traditional VPN with zero trust network access by deploying App Connectors, defining application segments, configuring access policies based on user identity and device posture, and integrating with IdPs.
mukul975/Anthropic-Cybersecurity-Skills 4,300
containing-active-breach Executes containment strategies to stop active adversary operations and prevent lateral movement during a confirmed security breach. Implements short-term and long-term containment using network segmentation, endpoint isolation, credential revocation, and access control modifications. Activates for requests involving breach containment, lateral movement prevention, network isolation, active threat containment, or live incident response.
mukul975/Anthropic-Cybersecurity-Skills 4,300
building-soc-playbook-for-ransomware Builds a structured SOC incident response playbook for ransomware attacks covering detection, containment, eradication, and recovery phases with specific SIEM queries, isolation procedures, and decision trees. Use when SOC teams need formalized response procedures for ransomware incidents aligned to NIST SP 800-61 and MITRE ATT&CK ransomware techniques.
mukul975/Anthropic-Cybersecurity-Skills 4,300
detecting-ntlm-relay-with-event-correlation Detect NTLM relay attacks through Windows Security Event correlation by analyzing Event 4624 LogonType 3 for IP-to-hostname mismatches, identifying Responder/LLMNR poisoning artifacts, auditing SMB and LDAP signing enforcement across the domain, and detecting NTLM downgrade attacks from NTLMv2 to NTLMv1 using event log analysis.
mukul975/Anthropic-Cybersecurity-Skills 4,300
hunting-for-dns-tunneling-with-zeek Detect DNS tunneling and data exfiltration by analyzing Zeek dns.log for high-entropy subdomain queries, excessive query volume, long query lengths, and unusual DNS record types indicating covert channel communication.
mukul975/Anthropic-Cybersecurity-Skills 4,300
implementing-attack-path-analysis-with-xm-cyber Deploy XM Cyber's continuous exposure management platform to map attack paths, identify choke points, and prioritize the 2% of exposures that threaten critical assets.
mukul975/Anthropic-Cybersecurity-Skills 4,300
hardening-docker-daemon-configuration Harden the Docker daemon by configuring daemon.json with user namespace remapping, TLS authentication, rootless mode, and CIS benchmark controls.
mukul975/Anthropic-Cybersecurity-Skills 4,300
detecting-t1003-credential-dumping-with-edr Detect OS credential dumping techniques targeting LSASS memory, SAM database, NTDS.dit, and cached credentials using EDR telemetry, Sysmon process access monitoring, and Windows security event correlation.
mukul975/Anthropic-Cybersecurity-Skills 4,300
analyzing-email-headers-for-phishing-investigation Parse and analyze email headers to trace the origin of phishing emails, verify sender authenticity, and identify spoofing through SPF, DKIM, and DMARC validation.
mukul975/Anthropic-Cybersecurity-Skills 4,300
deploying-ransomware-canary-files Deploys and monitors ransomware canary files across critical directories using Python's watchdog library for real-time filesystem event detection. Places strategically named decoy files that mimic high-value targets (financial records, credentials, database exports) in locations ransomware typically enumerates first. Monitors for any read, modify, rename, or delete operations on canary files and triggers immediate alerts via email, Slack webhook, or syslog when interaction is detected, providing early warning before full encryption begins.
mukul975/Anthropic-Cybersecurity-Skills 4,300
hunting-for-living-off-the-land-binaries Proactively hunt for adversary abuse of legitimate system binaries (LOLBins) to execute malicious payloads while evading detection.
mukul975/Anthropic-Cybersecurity-Skills 4,300
deobfuscating-powershell-obfuscated-malware Systematically deobfuscate multi-layer PowerShell malware using AST analysis, dynamic tracing, and tools like PSDecode and PowerDecode to reveal hidden payloads and C2 infrastructure.
mukul975/Anthropic-Cybersecurity-Skills 4,300
detecting-email-forwarding-rules-attack Detect malicious email forwarding rules created by adversaries to maintain persistent access to email communications for intelligence collection and BEC attacks.
mukul975/Anthropic-Cybersecurity-Skills 4,300
detecting-deepfake-audio-in-vishing-attacks Detects AI-generated deepfake audio used in voice phishing (vishing) attacks by extracting spectral features (MFCC, spectral centroid, spectral contrast, zero-crossing rate) and classifying samples with machine learning models. Supports batch analysis of audio files, generates confidence scores, and produces forensic reports. Activates for requests involving deepfake voice detection, vishing investigation, AI-generated speech analysis, voice cloning detection, or audio authenticity verification.
mukul975/Anthropic-Cybersecurity-Skills 4,300
analyzing-powershell-script-block-logging Parse Windows PowerShell Script Block Logs (Event ID 4104) from EVTX files to detect obfuscated commands, encoded payloads, and living-off-the-land techniques. Uses python-evtx to extract and reconstruct multi-block scripts, applies entropy analysis and pattern matching for Base64-encoded commands, Invoke-Expression abuse, download cradles, and AMSI bypass attempts.
mukul975/Anthropic-Cybersecurity-Skills 4,300
analyzing-malicious-url-with-urlscan URLScan.io is a free service for scanning and analyzing suspicious URLs. It captures screenshots, DOM content, HTTP transactions, JavaScript behavior, and network connections of web pages in an isolat
mukul975/Anthropic-Cybersecurity-Skills 4,300
building-malware-incident-communication-template Build structured communication templates for malware incidents including stakeholder notifications, executive briefings, technical advisories, and regulatory disclosures with severity-based escalation procedures.
mukul975/Anthropic-Cybersecurity-Skills 4,300
implementing-aws-security-hub This skill covers deploying AWS Security Hub as a centralized cloud security posture management platform that aggregates findings from GuardDuty, Inspector, Macie, and third-party tools. It details enabling security standards like CIS AWS Foundations Benchmark, configuring automated remediation, and building executive dashboards for compliance tracking across multi-account AWS organizations.
mukul975/Anthropic-Cybersecurity-Skills 4,300
analyzing-golang-malware-with-ghidra Reverse engineer Go-compiled malware using Ghidra with specialized scripts for function recovery, string extraction, and type reconstruction in stripped Go binaries.
mukul975/Anthropic-Cybersecurity-Skills 4,300
configuring-ldap-security-hardening Harden LDAP directory services against common attacks including credential harvesting, LDAP injection, anonymous binding, and channel binding bypass. Covers LDAPS enforcement, channel binding, LDAP si
mukul975/Anthropic-Cybersecurity-Skills 4,300
conducting-pass-the-ticket-attack Pass-the-Ticket (PtT) is a lateral movement technique that uses stolen Kerberos tickets (TGT or TGS) to authenticate to services without knowing the user's password. By extracting Kerberos tickets fro
mukul975/Anthropic-Cybersecurity-Skills 4,300
exploiting-template-injection-vulnerabilities Detecting and exploiting Server-Side Template Injection (SSTI) vulnerabilities across Jinja2, Twig, Freemarker, and other template engines to achieve remote code execution.
mukul975/Anthropic-Cybersecurity-Skills 4,300