Sponsored by

Find leads on Reddit on auto pilot

Topic: llm

10,059 skills in this topic.

conducting-wireless-network-penetration-test Conducts authorized wireless network penetration tests to assess the security of WiFi infrastructure by testing for weak encryption protocols, captive portal bypasses, evil twin attacks, WPA2/WPA3 handshake capture, rogue access point detection, and client-side attacks. The tester evaluates wireless authentication, network segmentation, and the effectiveness of wireless intrusion detection systems. Activates for requests involving wireless pentest, WiFi security assessment, WPA2/WPA3 testing, or rogue access point detection.
mukul975/Anthropic-Cybersecurity-Skills 4,300
analyzing-apt-group-with-mitre-navigator Analyze advanced persistent threat (APT) group techniques using MITRE ATT&CK Navigator to create layered heatmaps of adversary TTPs for detection gap analysis and threat-informed defense.
mukul975/Anthropic-Cybersecurity-Skills 4,300
conducting-social-engineering-penetration-test Design and execute a social engineering penetration test including phishing, vishing, smishing, and physical pretexting campaigns to measure human security resilience and identify training gaps.
mukul975/Anthropic-Cybersecurity-Skills 4,300
hunting-advanced-persistent-threats Proactively hunts for Advanced Persistent Threat (APT) activity within enterprise environments using hypothesis-driven searches across endpoint telemetry, network logs, and memory artifacts. Use when conducting scheduled threat hunting cycles, investigating anomalous behavior flagged by UEBA, or validating that known APT TTPs are not present in the environment. Activates for requests involving MITRE ATT&CK, Velociraptor, osquery, Zeek, or threat hunting playbooks.
mukul975/Anthropic-Cybersecurity-Skills 4,300
configuring-oauth2-authorization-flow Configure secure OAuth 2.0 authorization flows including Authorization Code with PKCE, Client Credentials, and Device Authorization Grant. This skill covers flow selection, PKCE implementation, token
mukul975/Anthropic-Cybersecurity-Skills 4,300
building-automated-malware-submission-pipeline Builds an automated malware submission and analysis pipeline that collects suspicious files from endpoints and email gateways, submits them to sandbox environments and multi-engine scanners, and generates verdicts with IOCs for SIEM integration. Use when SOC teams need to scale malware analysis beyond manual sandbox submissions for high-volume alert triage.
mukul975/Anthropic-Cybersecurity-Skills 4,300
detecting-process-hollowing-technique Detect process hollowing (T1055.012) by analyzing memory-mapped sections, hollowed process indicators, and parent-child process anomalies in EDR telemetry.
mukul975/Anthropic-Cybersecurity-Skills 4,300
analyzing-prefetch-files-for-execution-history Parse Windows Prefetch files to determine program execution history including run counts, timestamps, and referenced files for forensic investigation.
mukul975/Anthropic-Cybersecurity-Skills 4,300
detecting-arp-poisoning-in-network-traffic Detect and prevent ARP spoofing attacks using ARPWatch, Dynamic ARP Inspection, Wireshark analysis, and custom monitoring scripts to protect against man-in-the-middle interception.
mukul975/Anthropic-Cybersecurity-Skills 4,300
hunting-for-dcsync-attacks Detect DCSync attacks by analyzing Windows Event ID 4662 for unauthorized DS-Replication-Get-Changes requests from non-domain-controller accounts.
mukul975/Anthropic-Cybersecurity-Skills 4,300
detecting-t1548-abuse-elevation-control-mechanism Detect abuse of elevation control mechanisms including UAC bypass, sudo exploitation, and setuid/setgid manipulation by monitoring registry modifications, process elevation flags, and unusual parent-child process relationships.
mukul975/Anthropic-Cybersecurity-Skills 4,300
building-incident-response-playbook Designs and documents structured incident response playbooks that define step-by-step procedures for specific incident types aligned with NIST SP 800-61r3 and SANS PICERL frameworks. Covers playbook structure, decision trees, escalation criteria, RACI matrices, and integration with SOAR platforms. Activates for requests involving IR playbook creation, incident response procedure documentation, response runbook development, or SOAR playbook design.
mukul975/Anthropic-Cybersecurity-Skills 4,300
configuring-network-segmentation-with-vlans Designs and implements VLAN-based network segmentation on managed switches to isolate network zones, enforce access control between segments, and reduce the attack surface by limiting lateral movement paths in enterprise network environments.
mukul975/Anthropic-Cybersecurity-Skills 4,300
analyzing-linux-system-artifacts Examine Linux system artifacts including auth logs, cron jobs, shell history, and system configuration to uncover evidence of compromise or unauthorized activity.
mukul975/Anthropic-Cybersecurity-Skills 4,300
detecting-process-injection-techniques Detects and analyzes process injection techniques used by malware including classic DLL injection, process hollowing, APC injection, thread hijacking, and reflective loading. Uses memory forensics, API monitoring, and behavioral analysis to identify injection artifacts. Activates for requests involving process injection detection, code injection analysis, hollowed process investigation, or in-memory threat detection.
mukul975/Anthropic-Cybersecurity-Skills 4,300
correlating-security-events-in-qradar Correlates security events in IBM QRadar SIEM using AQL (Ariel Query Language), custom rules, building blocks, and offense management to detect multi-stage attacks across network, endpoint, and application log sources. Use when SOC analysts need to investigate QRadar offenses, build correlation rules, or tune detection logic for reducing false positives.
mukul975/Anthropic-Cybersecurity-Skills 4,300
analyzing-bootkit-and-rootkit-samples Analyzes bootkit and advanced rootkit malware that infects the Master Boot Record (MBR), Volume Boot Record (VBR), or UEFI firmware to gain persistence below the operating system. Covers boot sector analysis, UEFI module inspection, and anti-rootkit detection techniques. Activates for requests involving bootkit analysis, MBR malware investigation, UEFI persistence analysis, or pre-OS malware detection.
mukul975/Anthropic-Cybersecurity-Skills 4,300
conducting-full-scope-red-team-engagement Plan and execute a comprehensive red team engagement covering reconnaissance through post-exploitation using MITRE ATT&CK-aligned TTPs to evaluate an organization's detection and response capabilities.
mukul975/Anthropic-Cybersecurity-Skills 4,300
analyzing-network-traffic-of-malware Analyzes network traffic generated by malware during sandbox execution or live incident response to identify C2 protocols, data exfiltration channels, payload downloads, and lateral movement patterns using Wireshark, Zeek, and Suricata. Activates for requests involving malware network analysis, C2 traffic decoding, malware PCAP analysis, or network-based malware detection.
mukul975/Anthropic-Cybersecurity-Skills 4,300
eradicating-malware-from-infected-systems Systematically remove malware, backdoors, and attacker persistence mechanisms from infected systems while ensuring complete eradication and preventing re-infection.
mukul975/Anthropic-Cybersecurity-Skills 4,300
detecting-aws-credential-exposure-with-trufflehog Detecting exposed AWS credentials in source code repositories, CI/CD pipelines, and configuration files using TruffleHog, git-secrets, and AWS-native detection mechanisms to prevent credential theft and unauthorized account access.
mukul975/Anthropic-Cybersecurity-Skills 4,300
detecting-lateral-movement-in-network Identifies lateral movement techniques in enterprise networks by analyzing authentication logs, network flows, SMB traffic, and RDP sessions using Zeek, Velociraptor, and SIEM correlation rules to detect attackers moving between systems.
mukul975/Anthropic-Cybersecurity-Skills 4,300
detecting-sql-injection-via-waf-logs Analyze WAF (ModSecurity/AWS WAF/Cloudflare) logs to detect SQL injection attack campaigns. Parses ModSecurity audit logs and JSON WAF event logs to identify SQLi patterns (UNION SELECT, OR 1=1, SLEEP(), BENCHMARK()), tracks attack sources, correlates multi-stage injection attempts, and generates incident reports with OWASP classification.
mukul975/Anthropic-Cybersecurity-Skills 4,300
hardening-windows-endpoint-with-cis-benchmark Hardens Windows endpoints using CIS (Center for Internet Security) Benchmark recommendations to reduce attack surface, enforce security baselines, and meet compliance requirements. Use when deploying new Windows workstations or servers, remediating audit findings, or establishing organization-wide security baselines. Activates for requests involving Windows hardening, CIS benchmarks, GPO security baselines, or endpoint configuration compliance.
mukul975/Anthropic-Cybersecurity-Skills 4,300