Sponsored by

Find leads on Reddit on auto pilot

Agent skills
cybersecurity

Topic: cybersecurity

768 skills in this topic.

detecting-golden-ticket-attacks-in-kerberos-logs Detect Golden Ticket attacks in Active Directory by analyzing Kerberos TGT anomalies including mismatched encryption types, impossible ticket lifetimes, non-existent accounts, and forged PAC signatures in domain controller event logs.
mukul975/Anthropic-Cybersecurity-Skills 4,300
performing-threat-emulation-with-atomic-red-team Executes Atomic Red Team tests for MITRE ATT&CK technique validation using the atomic-operator Python framework. Loads test definitions from YAML atomics, runs attack simulations, and validates detection coverage. Use when testing SIEM detection rules, validating EDR coverage, or conducting purple team exercises.
mukul975/Anthropic-Cybersecurity-Skills 4,300
detecting-evasion-techniques-in-endpoint-logs Detects defense evasion techniques used by adversaries in endpoint logs including log tampering, timestomping, process injection, and security tool disabling. Use when investigating suspicious endpoint behavior, building detection rules for evasion tactics, or conducting threat hunting for stealthy adversary activity. Activates for requests involving evasion detection, defense evasion analysis, log tampering detection, or MITRE ATT&CK TA0005.
mukul975/Anthropic-Cybersecurity-Skills 4,300
performing-indicator-lifecycle-management Indicator lifecycle management tracks IOCs from initial discovery through validation, enrichment, deployment, monitoring, and eventual retirement. This skill covers implementing systematic processes f
mukul975/Anthropic-Cybersecurity-Skills 4,300
detecting-email-account-compromise Detect compromised O365 and Google Workspace email accounts by analyzing inbox rule creation, suspicious sign-in locations, mail forwarding rules, and unusual API access patterns via Microsoft Graph and audit logs.
mukul975/Anthropic-Cybersecurity-Skills 4,300
performing-initial-access-with-evilginx3 Perform authorized initial access using EvilGinx3 adversary-in-the-middle phishing framework to capture session tokens and bypass multi-factor authentication during red team engagements.
mukul975/Anthropic-Cybersecurity-Skills 4,300
implementing-kubernetes-network-policy-with-calico Implement Kubernetes network segmentation using Calico NetworkPolicy and GlobalNetworkPolicy for zero-trust pod-to-pod communication.
mukul975/Anthropic-Cybersecurity-Skills 4,300
performing-steganography-detection Detect and extract hidden data embedded in images, audio, and other media files using steganalysis tools to uncover covert communication channels.
mukul975/Anthropic-Cybersecurity-Skills 4,300
detecting-dcsync-attack-in-active-directory Detect DCSync attacks where adversaries abuse Active Directory replication privileges to extract password hashes by monitoring for non-domain-controller accounts requesting directory replication via DsGetNCChanges.
mukul975/Anthropic-Cybersecurity-Skills 4,300
building-ioc-enrichment-pipeline-with-opencti OpenCTI is an open-source platform for managing cyber threat intelligence knowledge, built on STIX 2.1 as its native data model. This skill covers building an automated IOC enrichment pipeline using O
mukul975/Anthropic-Cybersecurity-Skills 4,300
performing-ip-reputation-analysis-with-shodan Analyze IP address reputation using the Shodan API to identify open ports, running services, known vulnerabilities, and hosting context for threat intelligence enrichment and incident triage.
mukul975/Anthropic-Cybersecurity-Skills 4,300
performing-jwt-none-algorithm-attack Execute and test the JWT none algorithm attack to bypass signature verification by manipulating the alg header field in JSON Web Tokens.
mukul975/Anthropic-Cybersecurity-Skills 4,300
detecting-command-and-control-over-dns Detects command-and-control (C2) communications tunneled through DNS protocol including DNS tunneling tools (Iodine, dnscat2, dns2tcp, Cobalt Strike DNS beacon), domain generation algorithms (DGA), encoded payload delivery via TXT/CNAME records, and DNS beaconing patterns. Covers Shannon entropy analysis of query subdomains, statistical anomaly detection, ML-based DGA classification, passive DNS correlation, and Zeek/Suricata signature development. Activates for requests involving DNS-based C2 detection, DNS tunnel identification, suspicious DNS traffic investigation, or DGA domain classification.
mukul975/Anthropic-Cybersecurity-Skills 4,300
detecting-cloud-threats-with-guardduty This skill teaches security teams how to deploy and operationalize Amazon GuardDuty for continuous threat detection across AWS accounts and workloads. It covers enabling protection plans for S3, EKS, EC2 runtime monitoring, and Lambda, interpreting finding severity levels, and building automated response workflows using EventBridge and Lambda.
mukul975/Anthropic-Cybersecurity-Skills 4,300
detecting-business-email-compromise-with-ai Deploy AI and NLP-powered detection systems to identify business email compromise attacks by analyzing writing style, behavioral patterns, and contextual anomalies that evade traditional rule-based filters.
mukul975/Anthropic-Cybersecurity-Skills 4,300
performing-kubernetes-cis-benchmark-with-kube-bench Audit Kubernetes cluster security posture against CIS benchmarks using kube-bench with automated checks for control plane, worker nodes, and RBAC.
mukul975/Anthropic-Cybersecurity-Skills 4,300
building-role-mining-for-rbac-optimization Apply bottom-up and top-down role mining techniques to discover optimal RBAC roles from existing user-permission assignments, reducing role explosion and enforcing least privilege.
mukul975/Anthropic-Cybersecurity-Skills 4,300
performing-lateral-movement-detection Detects lateral movement techniques including Pass-the-Hash, PsExec, WMI execution, RDP pivoting, and SMB-based spreading using SIEM correlation of Windows event logs, network flow data, and endpoint telemetry mapped to MITRE ATT&CK Lateral Movement (TA0008) techniques.
mukul975/Anthropic-Cybersecurity-Skills 4,300
building-soc-escalation-matrix Build a structured SOC escalation matrix defining severity tiers, response SLAs, escalation paths, and notification procedures for security incidents.
mukul975/Anthropic-Cybersecurity-Skills 4,300
performing-log-analysis-for-forensic-investigation Collect, parse, and correlate system, application, and security logs to reconstruct events and establish timelines during forensic investigations.
mukul975/Anthropic-Cybersecurity-Skills 4,300
performing-sqlite-database-forensics Perform forensic analysis of SQLite databases to recover deleted records from freelists and WAL files, decode encoded timestamps, and extract evidence from browser history, messaging apps, and mobile device databases.
mukul975/Anthropic-Cybersecurity-Skills 4,300
building-threat-hunt-hypothesis-framework Build a systematic threat hunt hypothesis framework that transforms threat intelligence, attack patterns, and environmental data into testable hunting hypotheses.
mukul975/Anthropic-Cybersecurity-Skills 4,300
detecting-api-enumeration-attacks Detect and prevent API enumeration attacks including BOLA and IDOR exploitation by monitoring sequential identifier access patterns and authorization failures.
mukul975/Anthropic-Cybersecurity-Skills 4,300
conducting-mobile-app-penetration-test Conducts penetration testing of iOS and Android mobile applications following the OWASP Mobile Application Security Testing Guide (MASTG) to identify vulnerabilities in data storage, network communication, authentication, cryptography, and platform-specific security controls. The tester performs static analysis of application binaries, dynamic analysis at runtime, and API security testing to evaluate the complete mobile attack surface. Activates for requests involving mobile app pentest, iOS security assessment, Android security testing, or OWASP MASTG assessment.
mukul975/Anthropic-Cybersecurity-Skills 4,300