Sponsored by

Find leads on Reddit on auto pilot

Agent skills
mitre-attack

Topic: mitre-attack

754 skills in this topic.

extracting-iocs-from-malware-samples Extracts indicators of compromise (IOCs) from malware samples including file hashes, network indicators (IPs, domains, URLs), host artifacts (file paths, registry keys, mutexes), and behavioral patterns for threat intelligence sharing and detection rule creation. Activates for requests involving IOC extraction, threat indicator harvesting, malware indicator collection, or building detection content from samples.
mukul975/Anthropic-Cybersecurity-Skills 4,300
extracting-memory-artifacts-with-rekall Uses Rekall memory forensics framework to analyze memory dumps for process hollowing, injected code via VAD anomalies, hidden processes, and rootkit detection. Applies plugins like pslist, psscan, vadinfo, malfind, and dlllist to extract forensic artifacts from Windows memory images. Use during incident response memory analysis.
mukul975/Anthropic-Cybersecurity-Skills 4,300
hunting-for-cobalt-strike-beacons Detect Cobalt Strike beacon network activity using default TLS certificate signatures (serial 8BB00EE), JA3/JA3S/JARM fingerprints, HTTP C2 profile pattern matching, beacon jitter analysis, and named pipe detection via Zeek, Suricata, and Python PCAP analysis.
mukul975/Anthropic-Cybersecurity-Skills 4,300
hunting-for-defense-evasion-via-timestomping Detect NTFS timestamp manipulation (MITRE T1070.006) by comparing $STANDARD_INFORMATION vs $FILE_NAME timestamps in the MFT. Uses analyzeMFT and Python to identify files with anomalous temporal patterns indicating anti-forensic timestomping activity.
mukul975/Anthropic-Cybersecurity-Skills 4,300
hunting-for-domain-fronting-c2-traffic Detect domain fronting C2 traffic by analyzing SNI vs HTTP Host header mismatches in proxy logs and TLS certificate discrepancies using pyOpenSSL for certificate inspection
mukul975/Anthropic-Cybersecurity-Skills 4,300
hunting-for-living-off-the-cloud-techniques Hunt for adversary abuse of legitimate cloud services for C2, data staging, and exfiltration including abuse of Azure, AWS, GCP services, and SaaS platforms.
mukul975/Anthropic-Cybersecurity-Skills 4,300
hunting-for-shadow-copy-deletion Hunt for Volume Shadow Copy deletion activity that indicates ransomware preparation or anti-forensics by monitoring vssadmin, wmic, and PowerShell shadow copy commands.
mukul975/Anthropic-Cybersecurity-Skills 4,300
implementing-anti-phishing-training-program Security awareness training is the human layer of phishing defense. An effective anti-phishing training program combines regular simulations, interactive learning modules, metric tracking, and positiv
mukul975/Anthropic-Cybersecurity-Skills 4,300
implementing-api-abuse-detection-with-rate-limiting Implement API abuse detection using token bucket, sliding window, and adaptive rate limiting algorithms to prevent DDoS, brute force, and credential stuffing attacks.
mukul975/Anthropic-Cybersecurity-Skills 4,300
implementing-api-schema-validation-security Implement API schema validation using OpenAPI specifications and JSON Schema to enforce input/output contracts and prevent injection, data exposure, and mass assignment attacks.
mukul975/Anthropic-Cybersecurity-Skills 4,300
implementing-api-security-posture-management Implement API Security Posture Management to continuously discover, classify, and score APIs based on risk while enforcing security policies across the API lifecycle.
mukul975/Anthropic-Cybersecurity-Skills 4,300
implementing-api-security-testing-with-42crunch Implement comprehensive API security testing using the 42Crunch platform to perform static audit and dynamic conformance scanning of OpenAPI specifications.
mukul975/Anthropic-Cybersecurity-Skills 4,300
implementing-api-threat-protection-with-apigee Implement API threat protection using Google Apigee policies including JSON/XML threat protection, OAuth 2.0, SpikeArrest, and Advanced API Security for OWASP Top 10 defense.
mukul975/Anthropic-Cybersecurity-Skills 4,300
implementing-application-whitelisting-with-applocker Implements application whitelisting using Windows AppLocker to restrict unauthorized software execution on endpoints, reducing attack surface from malware, unauthorized tools, and shadow IT. Use when enforcing application control policies, meeting compliance requirements for software restriction, or preventing execution of unsigned or untrusted binaries. Activates for requests involving AppLocker, application whitelisting, software restriction, or executable control.
mukul975/Anthropic-Cybersecurity-Skills 4,300
implementing-aqua-security-for-container-scanning Deploy Aqua Security's Trivy scanner to detect vulnerabilities, misconfigurations, secrets, and license issues in container images across CI/CD pipelines and registries.
mukul975/Anthropic-Cybersecurity-Skills 4,300
implementing-aws-macie-for-data-classification Implement Amazon Macie to automatically discover, classify, and protect sensitive data in S3 buckets using machine learning and pattern matching for PII, financial data, and credentials detection.
mukul975/Anthropic-Cybersecurity-Skills 4,300
implementing-beyondcorp-zero-trust-access-model Implementing Google's BeyondCorp zero trust access model to eliminate implicit trust from the network perimeter, enforce identity-aware access controls using IAP, Access Context Manager, and Chrome Enterprise Premium for VPN-less secure application access.
mukul975/Anthropic-Cybersecurity-Skills 4,300
implementing-conditional-access-policies-azure-ad Configure Microsoft Entra ID (Azure AD) Conditional Access policies for zero trust access control. Covers signal-based policy design, device compliance requirements, risk-based authentication, named l
mukul975/Anthropic-Cybersecurity-Skills 4,300
implementing-conduit-security-for-ot-remote-access Implement secure conduit architecture for OT remote access following IEC 62443 zones and conduits model, deploying jump servers, MFA-enabled gateways, session recording, and approval-based workflows to control vendor and engineer access to industrial control systems without exposing OT networks directly.
mukul975/Anthropic-Cybersecurity-Skills 4,300
implementing-device-posture-assessment-in-zero-trust Implementing device posture assessment as a zero trust access control by integrating endpoint health signals from CrowdStrike ZTA, Microsoft Intune, and Jamf into conditional access policies that enforce compliance before granting resource access.
mukul975/Anthropic-Cybersecurity-Skills 4,300
implementing-disk-encryption-with-bitlocker Implements full disk encryption using Microsoft BitLocker on Windows endpoints to protect data at rest from unauthorized access in case of device loss or theft. Use when deploying encryption for compliance requirements, securing mobile workstations, or implementing data protection controls across the enterprise. Activates for requests involving BitLocker encryption, disk encryption, TPM configuration, or data-at-rest protection.
mukul975/Anthropic-Cybersecurity-Skills 4,300
implementing-email-sandboxing-with-proofpoint Email sandboxing detonates suspicious attachments and URLs in isolated environments to detect zero-day malware and evasive phishing payloads. Proofpoint Targeted Attack Protection (TAP) is an industry
mukul975/Anthropic-Cybersecurity-Skills 4,300
implementing-honeypot-for-ransomware-detection Deploys canary files, honeypot shares, and decoy systems to detect ransomware activity at the earliest possible stage. Configures canary tokens embedded in strategic file locations that trigger alerts when ransomware attempts encryption, uses honeypot network shares that mimic high-value targets, and deploys Thinkst Canary appliances for comprehensive deception-based detection. Activates for requests involving ransomware honeypots, canary files, deception technology for ransomware, or early ransomware alerting.
mukul975/Anthropic-Cybersecurity-Skills 4,300
implementing-ics-firewall-with-tofino Deploy and configure Tofino industrial firewalls from Belden/Hirschmann to protect SCADA systems and PLCs using deep packet inspection for OT protocols including Modbus, EtherNet/IP, OPC, and S7comm, enforcing granular access control between ICS security zones.
mukul975/Anthropic-Cybersecurity-Skills 4,300