Sponsored by

Find leads on Reddit on auto pilot

Topic: llm

10,059 skills in this topic.

analyzing-azure-activity-logs-for-threats Queries Azure Monitor activity logs and sign-in logs via azure-monitor-query to detect suspicious administrative operations, impossible travel, privilege escalation, and resource modifications. Builds KQL queries for threat hunting in Azure environments. Use when investigating suspicious Azure tenant activity or building cloud SIEM detections.
mukul975/Anthropic-Cybersecurity-Skills 4,300
analyzing-prefetch-files-for-execution-history Parse Windows Prefetch files to determine program execution history including run counts, timestamps, and referenced files for forensic investigation.
mukul975/Anthropic-Cybersecurity-Skills 4,300
analyzing-windows-prefetch-with-python Parse Windows Prefetch files using the windowsprefetch Python library to reconstruct application execution history, detect renamed or masquerading binaries, and identify suspicious program execution patterns.
mukul975/Anthropic-Cybersecurity-Skills 4,300
building-automated-malware-submission-pipeline Builds an automated malware submission and analysis pipeline that collects suspicious files from endpoints and email gateways, submits them to sandbox environments and multi-engine scanners, and generates verdicts with IOCs for SIEM integration. Use when SOC teams need to scale malware analysis beyond manual sandbox submissions for high-volume alert triage.
mukul975/Anthropic-Cybersecurity-Skills 4,300
analyzing-command-and-control-communication Analyzes malware command-and-control (C2) communication protocols to understand beacon patterns, command structures, data encoding, and infrastructure. Covers HTTP, HTTPS, DNS, and custom protocol C2 analysis for detection development and threat intelligence. Activates for requests involving C2 analysis, beacon detection, C2 protocol reverse engineering, or command-and-control infrastructure mapping.
mukul975/Anthropic-Cybersecurity-Skills 4,300
auditing-aws-s3-bucket-permissions Systematically audit AWS S3 bucket permissions to identify publicly accessible buckets, overly permissive ACLs, misconfigured bucket policies, and missing encryption settings using AWS CLI, S3audit, and Prowler to enforce least-privilege data access controls.
mukul975/Anthropic-Cybersecurity-Skills 4,300
analyzing-network-traffic-for-incidents Analyzes network traffic captures and flow data to identify adversary activity during security incidents, including command-and-control communications, lateral movement, data exfiltration, and exploitation attempts. Uses Wireshark, Zeek, and NetFlow analysis techniques. Activates for requests involving network traffic analysis, packet capture investigation, PCAP analysis, network forensics, C2 traffic detection, or exfiltration detection.
mukul975/Anthropic-Cybersecurity-Skills 4,300
analyzing-windows-lnk-files-for-artifacts Parse Windows LNK shortcut files to extract target paths, timestamps, volume information, and machine identifiers for forensic timeline reconstruction.
mukul975/Anthropic-Cybersecurity-Skills 4,300
analyzing-threat-intelligence-feeds Analyzes structured and unstructured threat intelligence feeds to extract actionable indicators, adversary tactics, and campaign context. Use when ingesting commercial or open-source CTI feeds, evaluating feed quality, normalizing data into STIX 2.1 format, or enriching existing IOCs with campaign attribution. Activates for requests involving ThreatConnect, Recorded Future, Mandiant Advantage, MISP, AlienVault OTX, or automated feed aggregation pipelines.
mukul975/Anthropic-Cybersecurity-Skills 4,300
automating-ioc-enrichment Automates the enrichment of raw indicators of compromise with multi-source threat intelligence context using SOAR platforms, Python pipelines, or TIP playbooks to reduce analyst triage time and standardize enrichment outputs. Use when building automated enrichment workflows integrated with SIEM alerts, email submission pipelines, or bulk IOC processing from threat feeds. Activates for requests involving SOAR enrichment, Cortex XSOAR, Splunk SOAR, TheHive, Python enrichment pipelines, or automated IOC processing.
mukul975/Anthropic-Cybersecurity-Skills 4,300
analyzing-slack-space-and-file-system-artifacts Examine file system slack space, MFT entries, USN journal, and alternate data streams to recover hidden data and reconstruct file activity on NTFS volumes.
mukul975/Anthropic-Cybersecurity-Skills 4,300
analyzing-linux-system-artifacts Examine Linux system artifacts including auth logs, cron jobs, shell history, and system configuration to uncover evidence of compromise or unauthorized activity.
mukul975/Anthropic-Cybersecurity-Skills 4,300
auditing-azure-active-directory-configuration Auditing Microsoft Entra ID (Azure Active Directory) configuration to identify risky authentication policies, overly permissive role assignments, stale accounts, conditional access gaps, and guest user risks using AzureAD PowerShell, Microsoft Graph API, and ScoutSuite.
mukul975/Anthropic-Cybersecurity-Skills 4,300
analyzing-certificate-transparency-for-phishing Monitor Certificate Transparency logs using crt.sh and Certstream to detect phishing domains, lookalike certificates, and unauthorized certificate issuance targeting your organization.
mukul975/Anthropic-Cybersecurity-Skills 4,300
analyzing-ransomware-leak-site-intelligence Monitor and analyze ransomware group data leak sites (DLS) to track victim postings, extract threat intelligence on group tactics, and assess sector-specific ransomware risk for proactive defense.
mukul975/Anthropic-Cybersecurity-Skills 4,300
analyzing-cobalt-strike-beacon-configuration Extract and analyze Cobalt Strike beacon configuration from PE files and memory dumps to identify C2 infrastructure, malleable profiles, and operator tradecraft.
mukul975/Anthropic-Cybersecurity-Skills 4,300
building-cloud-siem-with-sentinel This skill covers deploying Microsoft Sentinel as a cloud-native SIEM and SOAR platform for centralized security operations. It details configuring data connectors for multi-cloud log ingestion, writing KQL detection queries, building automated response playbooks with Logic Apps, and leveraging the Sentinel data lake for petabyte-scale threat hunting across AWS, Azure, and GCP security telemetry.
mukul975/Anthropic-Cybersecurity-Skills 4,300
analyzing-bootkit-and-rootkit-samples Analyzes bootkit and advanced rootkit malware that infects the Master Boot Record (MBR), Volume Boot Record (VBR), or UEFI firmware to gain persistence below the operating system. Covers boot sector analysis, UEFI module inspection, and anti-rootkit detection techniques. Activates for requests involving bootkit analysis, MBR malware investigation, UEFI persistence analysis, or pre-OS malware detection.
mukul975/Anthropic-Cybersecurity-Skills 4,300
analyzing-apt-group-with-mitre-navigator Analyze advanced persistent threat (APT) group techniques using MITRE ATT&CK Navigator to create layered heatmaps of adversary TTPs for detection gap analysis and threat-informed defense.
mukul975/Anthropic-Cybersecurity-Skills 4,300
building-incident-response-playbook Designs and documents structured incident response playbooks that define step-by-step procedures for specific incident types aligned with NIST SP 800-61r3 and SANS PICERL frameworks. Covers playbook structure, decision trees, escalation criteria, RACI matrices, and integration with SOAR platforms. Activates for requests involving IR playbook creation, incident response procedure documentation, response runbook development, or SOAR playbook design.
mukul975/Anthropic-Cybersecurity-Skills 4,300
analyzing-powershell-empire-artifacts Detect PowerShell Empire framework artifacts in Windows event logs by identifying Base64 encoded launcher patterns, default user agents, staging URL structures, stager IOCs, and known Empire module signatures in Script Block Logging events.
mukul975/Anthropic-Cybersecurity-Skills 4,300
analyzing-persistence-mechanisms-in-linux Detect and analyze Linux persistence mechanisms including crontab entries, systemd service units, LD_PRELOAD hijacking, bashrc modifications, and authorized_keys backdoors using auditd and file integrity monitoring
mukul975/Anthropic-Cybersecurity-Skills 4,300
building-patch-tuesday-response-process Establish a structured operational process to triage, test, and deploy Microsoft Patch Tuesday security updates within risk-based remediation SLAs.
mukul975/Anthropic-Cybersecurity-Skills 4,300
analyzing-linux-elf-malware Analyzes malicious Linux ELF (Executable and Linkable Format) binaries including botnets, cryptominers, ransomware, and rootkits targeting Linux servers, containers, and cloud infrastructure. Covers static analysis, dynamic tracing, and reverse engineering of x86_64 and ARM ELF samples. Activates for requests involving Linux malware analysis, ELF binary investigation, Linux server compromise assessment, or container malware analysis.
mukul975/Anthropic-Cybersecurity-Skills 4,300