Sponsored by

Find leads on Reddit on auto pilot

Topic: nist-csf

754 skills in this topic.

analyzing-apt-group-with-mitre-navigator Analyze advanced persistent threat (APT) group techniques using MITRE ATT&CK Navigator to create layered heatmaps of adversary TTPs for detection gap analysis and threat-informed defense.
mukul975/Anthropic-Cybersecurity-Skills 4,300
analyzing-azure-activity-logs-for-threats Queries Azure Monitor activity logs and sign-in logs via azure-monitor-query to detect suspicious administrative operations, impossible travel, privilege escalation, and resource modifications. Builds KQL queries for threat hunting in Azure environments. Use when investigating suspicious Azure tenant activity or building cloud SIEM detections.
mukul975/Anthropic-Cybersecurity-Skills 4,300
performing-active-directory-compromise-investigation Investigate Active Directory compromise by analyzing authentication logs, replication metadata, Group Policy changes, and Kerberos ticket anomalies to identify attacker persistence and lateral movement paths.
mukul975/Anthropic-Cybersecurity-Skills 4,300
analyzing-bootkit-and-rootkit-samples Analyzes bootkit and advanced rootkit malware that infects the Master Boot Record (MBR), Volume Boot Record (VBR), or UEFI firmware to gain persistence below the operating system. Covers boot sector analysis, UEFI module inspection, and anti-rootkit detection techniques. Activates for requests involving bootkit analysis, MBR malware investigation, UEFI persistence analysis, or pre-OS malware detection.
mukul975/Anthropic-Cybersecurity-Skills 4,300
performing-subdomain-enumeration-with-subfinder Enumerate subdomains of target domains using ProjectDiscovery's Subfinder passive reconnaissance tool to map the attack surface during security assessments.
mukul975/Anthropic-Cybersecurity-Skills 4,300
performing-supply-chain-attack-simulation Simulate and detect software supply chain attacks including typosquatting detection via Levenshtein distance, dependency confusion testing against private registries, package hash verification with pip, and known vulnerability scanning with pip-audit.
mukul975/Anthropic-Cybersecurity-Skills 4,300
conducting-full-scope-red-team-engagement Plan and execute a comprehensive red team engagement covering reconnaissance through post-exploitation using MITRE ATT&CK-aligned TTPs to evaluate an organization's detection and response capabilities.
mukul975/Anthropic-Cybersecurity-Skills 4,300
analyzing-certificate-transparency-for-phishing Monitor Certificate Transparency logs using crt.sh and Certstream to detect phishing domains, lookalike certificates, and unauthorized certificate issuance targeting your organization.
mukul975/Anthropic-Cybersecurity-Skills 4,300
implementing-digital-signatures-with-ed25519 Ed25519 is a high-performance digital signature algorithm using the Edwards curve Curve25519. It provides 128-bit security with 64-byte signatures and 32-byte keys, offering significant advantages ove
mukul975/Anthropic-Cybersecurity-Skills 4,300
conducting-domain-persistence-with-dcsync Perform DCSync attacks to replicate Active Directory credentials and establish domain persistence by extracting KRBTGT, Domain Admin, and service account hashes for Golden Ticket creation.
mukul975/Anthropic-Cybersecurity-Skills 4,300
performing-active-directory-bloodhound-analysis Use BloodHound and SharpHound to enumerate Active Directory relationships and identify attack paths from compromised users to Domain Admin.
mukul975/Anthropic-Cybersecurity-Skills 4,300
performing-access-review-and-certification Conduct systematic access reviews and certifications to ensure users have appropriate access rights aligned with their roles. This skill covers review campaign design, reviewer selection, risk-based p
mukul975/Anthropic-Cybersecurity-Skills 4,300
analyzing-cobalt-strike-beacon-configuration Extract and analyze Cobalt Strike beacon configuration from PE files and memory dumps to identify C2 infrastructure, malleable profiles, and operator tradecraft.
mukul975/Anthropic-Cybersecurity-Skills 4,300
testing-ransomware-recovery-procedures Test and validate ransomware recovery procedures including backup restore operations, RTO/RPO target verification, recovery sequencing, and clean restore validation to ensure organizational resilience against destructive ransomware attacks.
mukul975/Anthropic-Cybersecurity-Skills 4,300
analyzing-command-and-control-communication Analyzes malware command-and-control (C2) communication protocols to understand beacon patterns, command structures, data encoding, and infrastructure. Covers HTTP, HTTPS, DNS, and custom protocol C2 analysis for detection development and threat intelligence. Activates for requests involving C2 analysis, beacon detection, C2 protocol reverse engineering, or command-and-control infrastructure mapping.
mukul975/Anthropic-Cybersecurity-Skills 4,300
testing-jwt-token-security Assessing JSON Web Token implementations for cryptographic weaknesses, algorithm confusion attacks, and authorization bypass vulnerabilities during security engagements.
mukul975/Anthropic-Cybersecurity-Skills 4,300
implementing-ebpf-security-monitoring Implements eBPF-based security monitoring using Cilium Tetragon for real-time process execution tracking, network connection observability, file access auditing, and runtime enforcement. Covers TracingPolicy CRD authoring with kprobe/tracepoint hooks, in-kernel filtering via matchArgs/matchBinaries selectors, JSON event export, and integration with SIEM pipelines. Use when building kernel-level runtime security observability for Linux hosts or Kubernetes clusters.
mukul975/Anthropic-Cybersecurity-Skills 4,300
performing-threat-hunting-with-elastic-siem Performs proactive threat hunting in Elastic Security SIEM using KQL/EQL queries, detection rules, and Timeline investigation to identify threats that evade automated detection. Use when SOC teams need to hunt for specific ATT&CK techniques, investigate anomalous behaviors, or validate detection coverage gaps using Elasticsearch and Kibana Security.
mukul975/Anthropic-Cybersecurity-Skills 4,300
performing-threat-hunting-with-yara-rules Use YARA pattern-matching rules to hunt for malware, suspicious files, and indicators of compromise across filesystems and memory dumps. Covers rule authoring, yara-python scanning, and integration with threat intel feeds.
mukul975/Anthropic-Cybersecurity-Skills 4,300
bypassing-authentication-with-forced-browsing Discovering and accessing unprotected pages, APIs, and administrative interfaces by enumerating URLs and bypassing authentication controls during authorized security assessments.
mukul975/Anthropic-Cybersecurity-Skills 4,300
building-vulnerability-scanning-workflow Builds a structured vulnerability scanning workflow using tools like Nessus, Qualys, and OpenVAS to discover, prioritize, and track remediation of security vulnerabilities across infrastructure. Use when SOC teams need to establish recurring vulnerability assessment processes, integrate scan results with SIEM alerting, and build remediation tracking dashboards.
mukul975/Anthropic-Cybersecurity-Skills 4,300
building-vulnerability-exception-tracking-system Build a vulnerability exception and risk acceptance tracking system with approval workflows, compensating controls documentation, and expiration management.
mukul975/Anthropic-Cybersecurity-Skills 4,300
testing-for-xss-vulnerabilities Tests web applications for Cross-Site Scripting (XSS) vulnerabilities by injecting JavaScript payloads into reflected, stored, and DOM-based contexts to demonstrate client-side code execution, session hijacking, and user impersonation. The tester identifies all injection points and output contexts, crafts context-appropriate payloads, and bypasses sanitization and CSP protections. Activates for requests involving XSS testing, cross-site scripting assessment, client-side injection testing, or JavaScript injection vulnerability testing.
mukul975/Anthropic-Cybersecurity-Skills 4,300
performing-vlan-hopping-attack Simulates VLAN hopping attacks using switch spoofing and double tagging techniques in authorized environments to test VLAN segmentation effectiveness and validate switch port security configurations against Layer 2 bypass attacks.
mukul975/Anthropic-Cybersecurity-Skills 4,300