ReddRadar
Topic: security-automation
787 skills in this topic.
-
implementing-google-workspace-admin-security
Implements comprehensive Google Workspace security hardening including admin console configuration, phishing-resistant MFA enforcement, DLP policies, email authentication (SPF/DKIM/DMARC), OAuth app control, and external sharing restrictions. Activates for requests involving Google Workspace hardening, G Suite security configuration, or cloud office security administration.
mukul975/Anthropic-Cybersecurity-Skills 4,300
-
analyzing-typosquatting-domains-with-dnstwist
Detect typosquatting, homograph phishing, and brand impersonation domains using dnstwist to generate domain permutations and identify registered lookalike domains targeting your organization.
mukul975/Anthropic-Cybersecurity-Skills 4,300
-
implementing-purdue-model-network-segmentation
Implement network segmentation based on the Purdue Enterprise Reference Architecture (PERA) model to separate industrial control system networks into hierarchical security zones from Level 0 physical process through Level 5 enterprise, enforcing strict traffic control between OT and IT domains.
mukul975/Anthropic-Cybersecurity-Skills 4,300
-
analyzing-web-server-logs-for-intrusion
Parse Apache and Nginx access logs to detect SQL injection attempts, local file inclusion, directory traversal, web scanner fingerprints, and brute-force patterns. Uses regex-based pattern matching against OWASP attack signatures, GeoIP enrichment for source attribution, and statistical anomaly detection for request frequency and response size outliers.
mukul975/Anthropic-Cybersecurity-Skills 4,300
-
implementing-ransomware-backup-strategy
Designs and implements a ransomware-resilient backup strategy following the 3-2-1-1-0 methodology (3 copies, 2 media types, 1 offsite, 1 immutable/air-gapped, 0 errors on restore verification). Configures backup schedules aligned to RPO/RTO requirements, implements backup credential isolation to prevent ransomware from compromising backup infrastructure, and establishes automated restore testing. Activates for requests involving ransomware backup planning, backup resilience, air-gapped backup design, or backup recovery point objective configuration.
mukul975/Anthropic-Cybersecurity-Skills 4,300
-
implementing-gcp-organization-policy-constraints
Implement GCP Organization Policy constraints to enforce security guardrails across the entire resource hierarchy, restricting risky configurations and ensuring compliance at organization, folder, and project levels.
mukul975/Anthropic-Cybersecurity-Skills 4,300
-
implementing-ransomware-kill-switch-detection
Detects and exploits ransomware kill switch mechanisms including mutex-based execution guards, domain-based kill switches, and registry-based termination checks. Implements proactive mutex vaccination and kill switch domain monitoring to prevent ransomware from executing. Activates for requests involving ransomware kill switch analysis, mutex vaccination, WannaCry-style domain kill switches, or malware execution guard detection.
mukul975/Anthropic-Cybersecurity-Skills 4,300
-
implementing-fuzz-testing-in-cicd-with-aflplusplus
Integrate AFL++ coverage-guided fuzz testing into CI/CD pipelines to discover memory corruption, input handling, and logic vulnerabilities in C/C++ and compiled applications.
mukul975/Anthropic-Cybersecurity-Skills 4,300
-
performing-red-team-phishing-with-gophish
Automate GoPhish phishing simulation campaigns using the Python gophish library. Creates email templates with tracking pixels, configures SMTP sending profiles, builds target groups from CSV, launches campaigns, and analyzes results including open rates, click rates, and credential submission statistics for security awareness assessment.
mukul975/Anthropic-Cybersecurity-Skills 4,300
-
implementing-endpoint-dlp-controls
Implements endpoint Data Loss Prevention (DLP) controls to detect and prevent sensitive data exfiltration through email, USB, cloud storage, and printing. Use when deploying DLP agents, creating content inspection policies, or preventing unauthorized data movement from endpoints. Activates for requests involving DLP, data exfiltration prevention, content inspection, or sensitive data protection on endpoints.
mukul975/Anthropic-Cybersecurity-Skills 4,300
-
performing-sqlite-database-forensics
Perform forensic analysis of SQLite databases to recover deleted records from freelists and WAL files, decode encoded timestamps, and extract evidence from browser history, messaging apps, and mobile device databases.
mukul975/Anthropic-Cybersecurity-Skills 4,300
-
implementing-cloud-vulnerability-posture-management
Implement Cloud Security Posture Management using AWS Security Hub, Azure Defender for Cloud, and open-source tools like Prowler and ScoutSuite for multi-cloud vulnerability detection.
mukul975/Anthropic-Cybersecurity-Skills 4,300
-
implementing-security-information-sharing-with-stix2
Create, validate, and share STIX 2.1 threat intelligence objects using the stix2 Python library. Covers indicators, malware, campaigns, relationships, bundles, and TAXII 2.1 publishing.
mukul975/Anthropic-Cybersecurity-Skills 4,300
-
implementing-cloud-security-posture-management
Implementing Cloud Security Posture Management (CSPM) to continuously monitor multi-cloud environments for misconfigurations, compliance violations, and security risks using Prowler, ScoutSuite, AWS Security Hub, Azure Defender, and GCP Security Command Center.
mukul975/Anthropic-Cybersecurity-Skills 4,300
-
implementing-cisa-zero-trust-maturity-model
Implement the CISA Zero Trust Maturity Model v2.0 across the five pillars of identity, devices, networks, applications, and data to achieve progressive organizational zero trust maturity.
mukul975/Anthropic-Cybersecurity-Skills 4,300
-
auditing-gcp-iam-permissions
Auditing Google Cloud Platform IAM permissions to identify overly permissive bindings, primitive role usage, service account key proliferation, and cross-project access risks using gcloud CLI, Policy Analyzer, and IAM Recommender.
mukul975/Anthropic-Cybersecurity-Skills 4,300
-
implementing-browser-isolation-for-zero-trust
Deploys remote browser isolation (RBI) as a core component of a Zero Trust architecture. Implements isolation policies with URL categorization and risk-based routing, content disarming and reconstruction (CDR) for file sanitization, data loss prevention controls within isolated sessions, and integration with Secure Web Gateway and ZTNA platforms. Based on Cloudflare Browser Isolation, Menlo Security, and Zscaler RBI approaches. Use when hardening web access against zero-day exploits, phishing, credential theft, and browser-based data exfiltration.
mukul975/Anthropic-Cybersecurity-Skills 4,300
-
auditing-kubernetes-cluster-rbac
Auditing Kubernetes cluster RBAC configurations to identify overly permissive roles, wildcard permissions, dangerous ClusterRoleBindings, service account abuse, and privilege escalation paths using kubectl, rbac-tool, KubiScan, and Kubeaudit.
mukul975/Anthropic-Cybersecurity-Skills 4,300
-
performing-network-traffic-analysis-with-tshark
Automate network traffic analysis using tshark and pyshark for protocol statistics, suspicious flow detection, DNS anomaly identification, and IOC extraction from PCAP files
mukul975/Anthropic-Cybersecurity-Skills 4,300
-
implementing-attack-surface-management
Implements external attack surface management (EASM) using Shodan, Censys, and ProjectDiscovery tools (subfinder, httpx, nuclei) for asset discovery, subdomain enumeration, service fingerprinting, and exposure scoring. Includes a weighted risk scoring algorithm based on OWASP attack surface analysis methodology and the Relative Attack Surface Quotient (RSQ). Use when building continuous ASM programs or performing external reconnaissance for security assessments.
mukul975/Anthropic-Cybersecurity-Skills 4,300
-
auditing-tls-certificate-transparency-logs
Monitors Certificate Transparency (CT) logs to detect unauthorized certificate issuance, discover subdomains via CT data, and alert on suspicious certificate activity for owned domains. Uses the crt.sh API and direct CT log querying based on RFC 6962 to build continuous monitoring pipelines that catch rogue certificates, track CA behavior, and map the external attack surface. Activates for requests involving certificate transparency monitoring, CT log auditing, subdomain discovery via certificates, or certificate issuance alerting.
mukul975/Anthropic-Cybersecurity-Skills 4,300
-
performing-service-account-audit
Audit service accounts across enterprise infrastructure to identify orphaned, over-privileged, and non-compliant accounts. This skill covers discovery of service accounts in Active Directory, cloud pl
mukul975/Anthropic-Cybersecurity-Skills 4,300
-
implementing-siem-correlation-rules-for-apt
Write multi-event correlation rules that detect APT lateral movement by chaining Windows authentication events, process execution telemetry, and network connection logs across hosts. Uses Splunk SPL and Sigma rule format to correlate Event IDs 4624, 4648, 4688, and Sysmon Events 1/3 within sliding time windows to surface attack sequences invisible to single-event detections.
mukul975/Anthropic-Cybersecurity-Skills 4,300
-
implementing-azure-defender-for-cloud
Implementing Microsoft Defender for Cloud to enable cloud security posture management, workload protection across VMs, containers, databases, and storage, configure security recommendations, and set up adaptive security controls with automated remediation.
mukul975/Anthropic-Cybersecurity-Skills 4,300