Sponsored by

Find leads on Reddit on auto pilot

Topic: red-team

873 skills in this topic.

performing-indicator-lifecycle-management Indicator lifecycle management tracks IOCs from initial discovery through validation, enrichment, deployment, monitoring, and eventual retirement. This skill covers implementing systematic processes f
mukul975/Anthropic-Cybersecurity-Skills 4,300
analyzing-browser-forensics-with-hindsight Analyze Chromium-based browser artifacts using Hindsight to extract browsing history, downloads, cookies, cached content, autofill data, saved passwords, and browser extensions from Chrome, Edge, Brave, and Opera for forensic investigation.
mukul975/Anthropic-Cybersecurity-Skills 4,300
analyzing-disk-image-with-autopsy Perform comprehensive forensic analysis of disk images using Autopsy to recover files, examine artifacts, and build investigation timelines.
mukul975/Anthropic-Cybersecurity-Skills 4,300
performing-file-carving-with-foremost Recover files from disk images and unallocated space using Foremost's header-footer signature carving to extract evidence regardless of file system state.
mukul975/Anthropic-Cybersecurity-Skills 4,300
analyzing-heap-spray-exploitation Detect and analyze heap spray attacks in memory dumps using Volatility3 plugins to identify NOP sled patterns, shellcode landing zones, and suspicious large allocations in process virtual address space.
mukul975/Anthropic-Cybersecurity-Skills 4,300
analyzing-kubernetes-audit-logs Parses Kubernetes API server audit logs (JSON lines) to detect exec-into-pod, secret access, RBAC modifications, privileged pod creation, and anonymous API access. Builds threat detection rules from audit event patterns. Use when investigating Kubernetes cluster compromise or building k8s-specific SIEM detection rules.
mukul975/Anthropic-Cybersecurity-Skills 4,300
performing-endpoint-vulnerability-remediation Performs vulnerability remediation on endpoints by prioritizing CVEs based on risk scoring, deploying patches, applying configuration changes, and validating fixes. Use when remediating findings from vulnerability scans, responding to critical CVE advisories, or maintaining endpoint compliance with patch management SLAs. Activates for requests involving vulnerability remediation, CVE patching, endpoint vulnerability management, or security fix deployment.
mukul975/Anthropic-Cybersecurity-Skills 4,300
analyzing-malware-family-relationships-with-malpedia Use the Malpedia platform and API to research malware family relationships, track variant evolution, link families to threat actors, and integrate YARA rules for detection across malware lineages.
mukul975/Anthropic-Cybersecurity-Skills 4,300
analyzing-memory-dumps-with-volatility Analyzes RAM memory dumps from compromised systems using the Volatility framework to identify malicious processes, injected code, network connections, loaded modules, and extracted credentials. Supports Windows, Linux, and macOS memory forensics. Activates for requests involving memory forensics, RAM analysis, volatile data examination, process injection detection, or memory-resident malware investigation.
mukul975/Anthropic-Cybersecurity-Skills 4,300
analyzing-memory-forensics-with-lime-and-volatility Performs Linux memory acquisition using LiME (Linux Memory Extractor) kernel module and analysis with Volatility 3 framework. Extracts process lists, network connections, bash history, loaded kernel modules, and injected code from Linux memory images. Use when performing incident response on compromised Linux systems.
mukul975/Anthropic-Cybersecurity-Skills 4,300
performing-cloud-forensics-with-aws-cloudtrail Perform forensic investigation of AWS environments using CloudTrail logs to reconstruct attacker activity, identify compromised credentials, and analyze API call patterns.
mukul975/Anthropic-Cybersecurity-Skills 4,300
auditing-tls-certificate-transparency-logs Monitors Certificate Transparency (CT) logs to detect unauthorized certificate issuance, discover subdomains via CT data, and alert on suspicious certificate activity for owned domains. Uses the crt.sh API and direct CT log querying based on RFC 6962 to build continuous monitoring pipelines that catch rogue certificates, track CA behavior, and map the external attack surface. Activates for requests involving certificate transparency monitoring, CT log auditing, subdomain discovery via certificates, or certificate issuance alerting.
mukul975/Anthropic-Cybersecurity-Skills 4,300
auditing-kubernetes-cluster-rbac Auditing Kubernetes cluster RBAC configurations to identify overly permissive roles, wildcard permissions, dangerous ClusterRoleBindings, service account abuse, and privilege escalation paths using kubectl, rbac-tool, KubiScan, and Kubeaudit.
mukul975/Anthropic-Cybersecurity-Skills 4,300
auditing-gcp-iam-permissions Auditing Google Cloud Platform IAM permissions to identify overly permissive bindings, primitive role usage, service account key proliferation, and cross-project access risks using gcloud CLI, Policy Analyzer, and IAM Recommender.
mukul975/Anthropic-Cybersecurity-Skills 4,300
analyzing-windows-registry-for-artifacts Extract and analyze Windows Registry hives to uncover user activity, installed software, autostart entries, and evidence of system compromise.
mukul975/Anthropic-Cybersecurity-Skills 4,300
analyzing-web-server-logs-for-intrusion Parse Apache and Nginx access logs to detect SQL injection attempts, local file inclusion, directory traversal, web scanner fingerprints, and brute-force patterns. Uses regex-based pattern matching against OWASP attack signatures, GeoIP enrichment for source attribution, and statistical anomaly detection for request frequency and response size outliers.
mukul975/Anthropic-Cybersecurity-Skills 4,300
performing-cloud-forensics-investigation Conduct forensic investigations in cloud environments by collecting and analyzing logs, snapshots, and metadata from AWS, Azure, and GCP services.
mukul975/Anthropic-Cybersecurity-Skills 4,300
analyzing-typosquatting-domains-with-dnstwist Detect typosquatting, homograph phishing, and brand impersonation domains using dnstwist to generate domain permutations and identify registered lookalike domains targeting your organization.
mukul975/Anthropic-Cybersecurity-Skills 4,300
analyzing-supply-chain-malware-artifacts Investigate supply chain attack artifacts including trojanized software updates, compromised build pipelines, and sideloaded dependencies to identify intrusion vectors and scope of compromise.
mukul975/Anthropic-Cybersecurity-Skills 4,300
performing-container-security-scanning-with-trivy Scan container images, filesystems, and Kubernetes manifests for vulnerabilities, misconfigurations, exposed secrets, and license compliance issues using Aqua Security Trivy with SBOM generation and CI/CD integration.
mukul975/Anthropic-Cybersecurity-Skills 4,300
performing-container-escape-detection Detects container escape attempts by analyzing namespace configurations, privileged container checks, dangerous capability assignments, and host path mounts using the kubernetes Python client. Identifies CVE-2022-0492 style escapes via cgroup abuse. Use when auditing container security posture or investigating escape attempts.
mukul975/Anthropic-Cybersecurity-Skills 4,300
performing-cloud-storage-forensic-acquisition Perform forensic acquisition and analysis of cloud storage services including Google Drive, OneDrive, Dropbox, and Box by collecting both API-based remote data and local sync client artifacts from endpoint devices.
mukul975/Anthropic-Cybersecurity-Skills 4,300
analyzing-threat-actor-ttps-with-mitre-navigator Map advanced persistent threat (APT) group tactics, techniques, and procedures (TTPs) to the MITRE ATT&CK framework using the ATT&CK Navigator and attackcti Python library. The analyst queries STIX/TAXII data for group-technique associations, generates Navigator layer files for visualization, and compares defensive coverage against adversary profiles. Activates for requests involving APT TTP mapping, ATT&CK Navigator layers, threat actor profiling, or MITRE technique coverage analysis.
mukul975/Anthropic-Cybersecurity-Skills 4,300
performing-cloud-incident-containment-procedures Execute cloud-native incident containment across AWS, Azure, and GCP by isolating compromised resources, revoking credentials, preserving forensic evidence, and applying security group restrictions to prevent lateral movement.
mukul975/Anthropic-Cybersecurity-Skills 4,300