Sponsored by

Find leads on Reddit on auto pilot

Agent skills
claude-code

Topic: claude-code

35,830 skills in this topic.

conducting-internal-reconnaissance-with-bloodhound-ce Conduct internal Active Directory reconnaissance using BloodHound Community Edition to map attack paths, identify privilege escalation chains, and discover misconfigurations in domain environments.
mukul975/Anthropic-Cybersecurity-Skills 4,300
configuring-active-directory-tiered-model Implement Microsoft's Enhanced Security Admin Environment (ESAE) tiered administration model for Active Directory. Covers Tier 0/1/2 separation, privileged access workstations (PAWs), administrative f
mukul975/Anthropic-Cybersecurity-Skills 4,300
analyzing-malware-persistence-with-autoruns Use Sysinternals Autoruns to systematically identify and analyze malware persistence mechanisms across registry keys, scheduled tasks, services, drivers, and startup locations on Windows systems.
mukul975/Anthropic-Cybersecurity-Skills 4,300
analyzing-malware-behavior-with-cuckoo-sandbox Executes malware samples in Cuckoo Sandbox to observe runtime behavior including process creation, file system modifications, registry changes, network communications, and API calls. Generates comprehensive behavioral reports for malware classification and IOC extraction. Activates for requests involving dynamic malware analysis, sandbox detonation, behavioral analysis, or automated malware execution.
mukul975/Anthropic-Cybersecurity-Skills 4,300
configuring-aws-verified-access-for-ztna Configure AWS Verified Access to provide VPN-less zero trust network access to internal applications using identity and device posture verification with Cedar policy language.
mukul975/Anthropic-Cybersecurity-Skills 4,300
deploying-decoy-files-for-ransomware-detection Deploys canary files (honeytokens) across file systems to detect ransomware encryption activity in real time. Uses strategically placed decoy documents monitored via file integrity monitoring or OS-level watchdogs to trigger alerts when ransomware modifies or encrypts them. Activates for requests involving ransomware canary deployment, honeyfile setup, deception-based ransomware detection, or file integrity monitoring for encryption.
mukul975/Anthropic-Cybersecurity-Skills 4,300
analyzing-outlook-pst-for-email-forensics Analyze Microsoft Outlook PST and OST files for email forensic evidence including message content, headers, attachments, deleted items, and metadata using libpff, pst-utils, and forensic email analysis tools for legal investigations and incident response.
mukul975/Anthropic-Cybersecurity-Skills 4,300
configuring-identity-aware-proxy-with-google-iap Configuring Google Cloud Identity-Aware Proxy (IAP) to enforce per-request identity verification for Compute Engine, App Engine, Cloud Run, and GKE services using access levels, context-aware policies, and programmatic access with service accounts.
mukul975/Anthropic-Cybersecurity-Skills 4,300
analyzing-campaign-attribution-evidence Campaign attribution analysis involves systematically evaluating evidence to determine which threat actor or group is responsible for a cyber operation. This skill covers collecting and weighting attr
mukul975/Anthropic-Cybersecurity-Skills 4,300
analyzing-lnk-file-and-jump-list-artifacts Analyze Windows LNK shortcut files and Jump List artifacts to establish evidence of file access, program execution, and user activity using LECmd, JLECmd, and manual binary parsing of the Shell Link Binary format.
mukul975/Anthropic-Cybersecurity-Skills 4,300
analyzing-threat-landscape-with-misp Analyze the threat landscape using MISP (Malware Information Sharing Platform) by querying event statistics, attribute distributions, threat actor galaxy clusters, and tag trends over time. Uses PyMISP to pull event data, compute IOC type breakdowns, identify top threat actors and malware families, and generate threat landscape reports with temporal trends.
mukul975/Anthropic-Cybersecurity-Skills 4,300
analyzing-network-traffic-with-wireshark Captures and analyzes network packet data using Wireshark and tshark to identify malicious traffic patterns, diagnose protocol issues, extract artifacts, and support incident response investigations on authorized network segments.
mukul975/Anthropic-Cybersecurity-Skills 4,300
detecting-living-off-the-land-with-lolbas Detect Living Off the Land Binaries (LOLBins/LOLBAS) abuse including certutil, regsvr32, mshta, and rundll32 via process telemetry, Sigma rules, and parent-child process analysis
mukul975/Anthropic-Cybersecurity-Skills 4,300
detecting-credential-dumping-techniques Detect LSASS credential dumping, SAM database extraction, and NTDS.dit theft using Sysmon Event ID 10, Windows Security logs, and SIEM correlation rules
mukul975/Anthropic-Cybersecurity-Skills 4,300
detecting-living-off-the-land-attacks Detect abuse of legitimate Windows binaries (LOLBins) used for living off the land attacks. Monitors process creation, command-line arguments, and parent-child relationships to identify suspicious LOLBin execution patterns.
mukul975/Anthropic-Cybersecurity-Skills 4,300
analyzing-windows-amcache-artifacts Parses and analyzes the Windows Amcache.hve registry hive to extract evidence of program execution, application installation, and driver loading for digital forensics investigations. Uses Eric Zimmerman's AmcacheParser and Timeline Explorer for artifact extraction, SHA-1 hash correlation with threat intel, and timeline reconstruction. Activates for requests involving Amcache forensics, program execution evidence, Windows artifact analysis, or application compatibility cache investigation.
mukul975/Anthropic-Cybersecurity-Skills 4,300
building-threat-feed-aggregation-with-misp Deploy MISP (Malware Information Sharing Platform) to aggregate, correlate, and distribute threat intelligence feeds from multiple sources for centralized IOC management and automated SIEM integration.
mukul975/Anthropic-Cybersecurity-Skills 4,300
analyzing-ios-app-security-with-objection Performs runtime mobile security exploration of iOS applications using Objection, a Frida-powered toolkit that enables security testers to interact with app internals without jailbreaking. Use when assessing iOS app security posture, bypassing client-side protections, dumping keychain items, inspecting filesystem storage, and evaluating runtime behavior. Activates for requests involving iOS security testing, Objection runtime analysis, Frida-based iOS assessment, or mobile runtime exploration.
mukul975/Anthropic-Cybersecurity-Skills 4,300
deploying-edr-agent-with-crowdstrike Deploys and configures CrowdStrike Falcon EDR agents across enterprise endpoints to enable real-time threat detection, behavioral analysis, and automated response. Use when onboarding endpoints to EDR coverage, configuring detection policies, or integrating Falcon telemetry with SIEM platforms. Activates for requests involving CrowdStrike deployment, Falcon sensor installation, EDR policy configuration, or endpoint detection and response.
mukul975/Anthropic-Cybersecurity-Skills 4,300
building-incident-response-dashboard Builds real-time incident response dashboards in Splunk, Elastic, or Grafana to provide SOC analysts and leadership with situational awareness during active incidents, tracking affected systems, containment status, IOC spread, and response timeline. Use when IR teams need unified visibility during incident coordination and post-incident reporting.
mukul975/Anthropic-Cybersecurity-Skills 4,300
acquiring-disk-image-with-dd-and-dcfldd Create forensically sound bit-for-bit disk images using dd and dcfldd while preserving evidence integrity through hash verification.
mukul975/Anthropic-Cybersecurity-Skills 4,300
collecting-threat-intelligence-with-misp MISP (Malware Information Sharing Platform) is an open-source threat intelligence platform for gathering, sharing, storing, and correlating Indicators of Compromise (IOCs) of targeted attacks, threat
mukul975/Anthropic-Cybersecurity-Skills 4,300
building-ioc-defanging-and-sharing-pipeline Build an automated pipeline to defang indicators of compromise (URLs, IPs, domains, emails) for safe sharing and distribute them in STIX format through TAXII feeds and threat intelligence platforms.
mukul975/Anthropic-Cybersecurity-Skills 4,300
detecting-golden-ticket-forgery Detect Kerberos Golden Ticket forgery by analyzing Windows Event ID 4769 for RC4 encryption downgrades (0x17), abnormal ticket lifetimes, and krbtgt account anomalies in Splunk and Elastic SIEM
mukul975/Anthropic-Cybersecurity-Skills 4,300