Sponsored by

Find leads on Reddit on auto pilot

Agent skills
claude-code

Topic: claude-code

35,830 skills in this topic.

hunting-for-process-injection-techniques Detect process injection techniques (T1055) including CreateRemoteThread, process hollowing, and DLL injection via Sysmon Event IDs 8 and 10 and EDR process telemetry
mukul975/Anthropic-Cybersecurity-Skills 4,300
detecting-email-forwarding-rules-attack Detect malicious email forwarding rules created by adversaries to maintain persistent access to email communications for intelligence collection and BEC attacks.
mukul975/Anthropic-Cybersecurity-Skills 4,300
performing-bandwidth-throttling-attack-simulation Simulates bandwidth throttling and network degradation attacks using tc, iperf3, and Scapy in authorized environments to test quality-of-service controls, application resilience, and network monitoring detection of traffic manipulation attacks.
mukul975/Anthropic-Cybersecurity-Skills 4,300
hunting-for-spearphishing-indicators Hunt for spearphishing campaign indicators across email logs, endpoint telemetry, and network data to detect targeted email attacks.
mukul975/Anthropic-Cybersecurity-Skills 4,300
hunting-for-webshell-activity Hunt for web shell deployments on internet-facing servers by analyzing file creation in web directories, suspicious process spawning from web servers, and anomalous HTTP patterns.
mukul975/Anthropic-Cybersecurity-Skills 4,300
implementing-ticketing-system-for-incidents Implements an integrated incident ticketing system connecting SIEM alerts to ServiceNow, Jira, or TheHive for structured incident tracking, SLA management, escalation workflows, and compliance documentation. Use when SOC teams need formalized incident lifecycle management with automated ticket creation, assignment routing, and resolution tracking.
mukul975/Anthropic-Cybersecurity-Skills 4,300
containing-active-breach Executes containment strategies to stop active adversary operations and prevent lateral movement during a confirmed security breach. Implements short-term and long-term containment using network segmentation, endpoint isolation, credential revocation, and access control modifications. Activates for requests involving breach containment, lateral movement prevention, network isolation, active threat containment, or live incident response.
mukul975/Anthropic-Cybersecurity-Skills 4,300
implementing-epss-score-for-vulnerability-prioritization Integrate FIRST's Exploit Prediction Scoring System (EPSS) API to prioritize vulnerability remediation based on real-world exploitation probability within 30 days.
mukul975/Anthropic-Cybersecurity-Skills 4,300
deploying-osquery-for-endpoint-monitoring Deploys and configures osquery for real-time endpoint monitoring using SQL-based queries to inspect running processes, open ports, installed software, and system configuration. Use when building visibility into endpoint state, threat hunting across fleet, or implementing compliance monitoring. Activates for requests involving osquery deployment, endpoint visibility, fleet management, or SQL-based endpoint querying.
mukul975/Anthropic-Cybersecurity-Skills 4,300
implementing-rbac-hardening-for-kubernetes Harden Kubernetes Role-Based Access Control by implementing least-privilege policies, auditing role bindings, eliminating cluster-admin sprawl, and integrating external identity providers.
mukul975/Anthropic-Cybersecurity-Skills 4,300
deploying-software-defined-perimeter Deploy a Software-Defined Perimeter using the CSA v2.0 specification with Single Packet Authorization, mutual TLS, and SDP controller/gateway configuration to enforce zero trust network access.
mukul975/Anthropic-Cybersecurity-Skills 4,300
performing-privilege-escalation-on-linux Linux privilege escalation involves elevating from a low-privilege user account to root access on a compromised system. Red teams exploit misconfigurations, vulnerable services, kernel exploits, and w
mukul975/Anthropic-Cybersecurity-Skills 4,300
detecting-exfiltration-over-dns-with-zeek Detect DNS-based data exfiltration by analyzing Zeek dns.log for high-entropy subdomains and anomalous query patterns
mukul975/Anthropic-Cybersecurity-Skills 4,300
performing-container-image-hardening This skill covers hardening container images by minimizing attack surface, removing unnecessary packages, implementing multi-stage builds, configuring non-root users, and applying CIS Docker Benchmark recommendations to produce secure production-ready images.
mukul975/Anthropic-Cybersecurity-Skills 4,300
implementing-network-segmentation-for-ot This skill covers implementing network segmentation in Operational Technology environments using VLANs, industrial firewalls, data diodes, and software-defined networking. It addresses the Purdue Model-based segmentation strategy, migration from flat networks to segmented architectures without disrupting operations, configuring OT-aware firewalls with industrial protocol deep packet inspection, and validating segmentation effectiveness through traffic analysis.
mukul975/Anthropic-Cybersecurity-Skills 4,300
analyzing-powershell-script-block-logging Parse Windows PowerShell Script Block Logs (Event ID 4104) from EVTX files to detect obfuscated commands, encoded payloads, and living-off-the-land techniques. Uses python-evtx to extract and reconstruct multi-block scripts, applies entropy analysis and pattern matching for Base64-encoded commands, Invoke-Expression abuse, download cradles, and AMSI bypass attempts.
mukul975/Anthropic-Cybersecurity-Skills 4,300
hunting-for-living-off-the-land-binaries Proactively hunt for adversary abuse of legitimate system binaries (LOLBins) to execute malicious payloads while evading detection.
mukul975/Anthropic-Cybersecurity-Skills 4,300
performing-post-quantum-cryptography-migration Assesses organizational readiness for post-quantum cryptography migration per NIST FIPS 203/204/205 standards. Performs cryptographic inventory scanning to identify quantum-vulnerable algorithms (RSA, ECDH, ECDSA), evaluates hybrid TLS configurations with X25519MLKEM768, and validates CRYSTALS-Kyber (ML-KEM) and CRYSTALS-Dilithium (ML-DSA) readiness. Implements crypto-agility assessment using oqs-provider for OpenSSL. Use when planning or executing the transition from classical to post-quantum cryptographic algorithms across enterprise infrastructure.
mukul975/Anthropic-Cybersecurity-Skills 4,300
performing-malware-ioc-extraction Malware IOC extraction is the process of analyzing malicious software to identify actionable indicators of compromise including file hashes, network indicators (C2 domains, IP addresses, URLs), regist
mukul975/Anthropic-Cybersecurity-Skills 4,300
detecting-spearphishing-with-email-gateway Spearphishing targets specific individuals using personalized, researched content that bypasses generic spam filters. Email security gateways (SEGs) like Microsoft Defender for Office 365, Proofpoint,
mukul975/Anthropic-Cybersecurity-Skills 4,300
implementing-cloud-trail-log-analysis Implementing AWS CloudTrail log analysis for security monitoring, threat detection, and forensic investigation using Athena, CloudWatch Logs Insights, and SIEM integration to identify unauthorized access, privilege escalation, and suspicious API activity.
mukul975/Anthropic-Cybersecurity-Skills 4,300
deploying-ransomware-canary-files Deploys and monitors ransomware canary files across critical directories using Python's watchdog library for real-time filesystem event detection. Places strategically named decoy files that mimic high-value targets (financial records, credentials, database exports) in locations ransomware typically enumerates first. Monitors for any read, modify, rename, or delete operations on canary files and triggers immediate alerts via email, Slack webhook, or syslog when interaction is detected, providing early warning before full encryption begins.
mukul975/Anthropic-Cybersecurity-Skills 4,300
analyzing-malware-sandbox-evasion-techniques Detect sandbox evasion techniques in malware samples by analyzing timing checks, VM artifact queries, user interaction detection, and sleep inflation patterns from Cuckoo/AnyRun behavioral reports
mukul975/Anthropic-Cybersecurity-Skills 4,300
performing-privilege-escalation-assessment Performs privilege escalation assessments on compromised Linux and Windows systems to identify paths from low-privilege access to root or SYSTEM-level control. The tester enumerates misconfigurations, vulnerable services, kernel exploits, SUID binaries, unquoted service paths, and credential stores to demonstrate the full impact of an initial compromise. Activates for requests involving privilege escalation testing, local exploitation, post-compromise escalation, or OS-level security assessment.
mukul975/Anthropic-Cybersecurity-Skills 4,300