ReddRadar
Topic: mitre-attack
754 skills in this topic.
-
implementing-file-integrity-monitoring-with-aide
Configure AIDE (Advanced Intrusion Detection Environment) for file integrity monitoring including baseline creation, scheduled integrity checks, change detection, and alerting
mukul975/Anthropic-Cybersecurity-Skills 4,300
-
building-phishing-reporting-button-workflow
Implement a phishing report button in email clients with automated triage workflow that analyzes user-reported suspicious emails and provides feedback to reporters.
mukul975/Anthropic-Cybersecurity-Skills 4,300
-
implementing-network-access-control
Implements 802.1X port-based network access control using RADIUS authentication, PacketFence NAC, and switch configurations to enforce identity-based access policies, posture assessment, and automatic VLAN assignment for authorized devices.
mukul975/Anthropic-Cybersecurity-Skills 4,300
-
analyzing-usb-device-connection-history
Investigate USB device connection history from Windows registry, event logs, and setupapi logs to track removable media usage and potential data exfiltration.
mukul975/Anthropic-Cybersecurity-Skills 4,300
-
detecting-anomalous-authentication-patterns
Detects anomalous authentication patterns using UEBA analytics, statistical baselines, and machine learning models to identify impossible travel, credential stuffing, brute force, password spraying, and compromised account behaviors across authentication logs. Activates for requests involving authentication anomaly detection, login behavior analysis, UEBA implementation, or suspicious sign-in investigation.
mukul975/Anthropic-Cybersecurity-Skills 4,300
-
implementing-gdpr-data-subject-access-request
Automates GDPR Data Subject Access Request (DSAR) workflows including identity verification, PII discovery across databases and files using regex and NER, data mapping, response templating per Article 15 requirements, deadline tracking, and audit logging. Covers ICO/EDPB guidance compliance, exemption handling, and scalable batch processing. Use when building or auditing DSAR response capabilities under GDPR/UK GDPR.
mukul975/Anthropic-Cybersecurity-Skills 4,300
-
implementing-security-monitoring-with-datadog
Implements security monitoring using Datadog Cloud SIEM, Cloud Security Management (CSM), and Workload Protection to detect threats, enforce compliance, and respond to security events across cloud and hybrid infrastructure. Covers Agent deployment, log source ingestion, detection rule creation, security dashboards, and automated notification workflows. Activates for requests involving Datadog security setup, Cloud SIEM configuration, CSM threat detection, or security monitoring dashboards.
mukul975/Anthropic-Cybersecurity-Skills 4,300
-
analyzing-sbom-for-supply-chain-vulnerabilities
Parses Software Bill of Materials (SBOM) in CycloneDX and SPDX JSON formats to identify supply chain vulnerabilities by correlating components against the NVD CVE database via the NVD 2.0 API. Builds dependency graphs, calculates risk scores, identifies transitive vulnerability paths, and generates compliance reports. Activates for requests involving SBOM analysis, software composition analysis, supply chain security assessment, dependency vulnerability scanning, CycloneDX/SPDX parsing, or CVE correlation.
mukul975/Anthropic-Cybersecurity-Skills 4,300
-
performing-ios-app-security-assessment
Performs comprehensive iOS application security assessments using Frida for dynamic instrumentation, Objection for runtime exploration, SSL pinning bypass for traffic interception, keychain extraction for credential analysis, and IPA static analysis for binary-level review. Use when conducting authorized iOS penetration tests, evaluating mobile app security posture against OWASP MASTG, or assessing iOS app data protection and transport security controls. Activates for requests involving iOS app pentesting, Frida-based iOS instrumentation, mobile app SSL pinning bypass, or IPA reverse engineering.
mukul975/Anthropic-Cybersecurity-Skills 4,300
-
exploiting-type-juggling-vulnerabilities
Exploit PHP type juggling vulnerabilities caused by loose comparison operators to bypass authentication, circumvent hash verification, and manipulate application logic through type coercion attacks.
mukul975/Anthropic-Cybersecurity-Skills 4,300
-
detecting-container-escape-with-falco-rules
Detect container escape attempts in real-time using Falco runtime security rules that monitor syscalls, file access, and privilege escalation.
mukul975/Anthropic-Cybersecurity-Skills 4,300
-
implementing-jwt-signing-and-verification
JSON Web Tokens (JWT) defined in RFC 7519 are compact, URL-safe tokens used for authentication and authorization in web applications. This skill covers implementing secure JWT signing with HMAC-SHA256
mukul975/Anthropic-Cybersecurity-Skills 4,300
-
implementing-envelope-encryption-with-aws-kms
Envelope encryption is a strategy where data is encrypted with a data encryption key (DEK), and the DEK itself is encrypted with a master key (KEK) managed by AWS KMS. This approach allows encrypting
mukul975/Anthropic-Cybersecurity-Skills 4,300
-
detecting-attacks-on-historian-servers
Detect cyber attacks targeting OT historian servers (OSIsoft PI, Ignition, Wonderware) that sit at the IT/OT boundary and serve as pivot points for lateral movement between enterprise and control networks, including data manipulation, unauthorized queries, and exploitation of historian-specific vulnerabilities.
mukul975/Anthropic-Cybersecurity-Skills 4,300
-
exploiting-server-side-request-forgery
Identifying and exploiting SSRF vulnerabilities to access internal services, cloud metadata, and restricted network resources during authorized penetration tests.
mukul975/Anthropic-Cybersecurity-Skills 4,300
-
reverse-engineering-android-malware-with-jadx
Reverse engineers malicious Android APK files using JADX decompiler to analyze Java/Kotlin source code, identify malicious functionality including data theft, C2 communication, privilege escalation, and overlay attacks. Examines manifest permissions, receivers, services, and native libraries. Activates for requests involving Android malware analysis, APK reverse engineering, mobile malware investigation, or Android threat analysis.
mukul975/Anthropic-Cybersecurity-Skills 4,300
-
exploiting-vulnerabilities-with-metasploit-framework
The Metasploit Framework is the world's most widely used penetration testing platform, maintained by Rapid7. It contains over 2,300 exploits, 1,200 auxiliary modules, and 400 post-exploitation modules
mukul975/Anthropic-Cybersecurity-Skills 4,300
-
remediating-s3-bucket-misconfiguration
This skill provides step-by-step procedures for identifying and remediating Amazon S3 bucket misconfigurations that expose sensitive data to unauthorized access. It covers enabling S3 Block Public Access at account and bucket levels, auditing bucket policies and ACLs, enforcing encryption, configuring access logging, and deploying automated remediation using AWS Config and Lambda.
mukul975/Anthropic-Cybersecurity-Skills 4,300
-
implementing-web-application-logging-with-modsecurity
Configure ModSecurity WAF with OWASP Core Rule Set (CRS) for web application logging, tune rules to reduce false positives, analyze audit logs for attack detection, and implement custom SecRules for application-specific threats. The analyst configures SecRuleEngine, SecAuditEngine, and CRS paranoia levels to balance security coverage with operational stability. Activates for requests involving WAF configuration, ModSecurity rule tuning, web application audit logging, or CRS deployment.
mukul975/Anthropic-Cybersecurity-Skills 4,300
-
performing-second-order-sql-injection
Detect and exploit second-order SQL injection vulnerabilities where malicious input is stored in a database and later executed in an unsafe SQL query during a different application operation.
mukul975/Anthropic-Cybersecurity-Skills 4,300
-
testing-api-for-broken-object-level-authorization
Tests REST and GraphQL APIs for Broken Object Level Authorization (BOLA/IDOR) vulnerabilities where an authenticated user can access or modify resources belonging to other users by manipulating object identifiers in API requests. The tester intercepts API calls, identifies object ID parameters (numeric IDs, UUIDs, slugs), and systematically replaces them with IDs belonging to other users to determine if the server enforces per-object authorization. This is OWASP API Security Top 10 2023 risk API1. Activates for requests involving BOLA testing, IDOR in APIs, object-level authorization testing, or API access control bypass.
mukul975/Anthropic-Cybersecurity-Skills 4,300
-
performing-subdomain-enumeration-with-subfinder
Enumerate subdomains of target domains using ProjectDiscovery's Subfinder passive reconnaissance tool to map the attack surface during security assessments.
mukul975/Anthropic-Cybersecurity-Skills 4,300
-
prioritizing-vulnerabilities-with-cvss-scoring
The Common Vulnerability Scoring System (CVSS) is the industry standard framework maintained by FIRST (Forum of Incident Response and Security Teams) for assessing vulnerability severity. CVSS v4.0 (r
mukul975/Anthropic-Cybersecurity-Skills 4,300
-
performing-web-application-vulnerability-triage
Triage web application vulnerability findings from DAST/SAST scanners using OWASP risk rating methodology to separate true positives from false positives and prioritize remediation.
mukul975/Anthropic-Cybersecurity-Skills 4,300