ReddRadar
Topic: security-automation
787 skills in this topic.
-
detecting-oauth-token-theft
Detects and responds to OAuth token theft and replay attacks in cloud environments, focusing on Microsoft Entra ID (Azure AD) token protection, conditional access policies, and sign-in anomaly detection. Covers access token theft, refresh token replay, Primary Refresh Token (PRT) abuse, and pass-the-cookie attacks. Activates for requests involving OAuth token theft detection, token replay prevention, Azure AD conditional access token protection, or cloud identity attack investigation.
mukul975/Anthropic-Cybersecurity-Skills 4,300
-
performing-kubernetes-cis-benchmark-with-kube-bench
Audit Kubernetes cluster security posture against CIS benchmarks using kube-bench with automated checks for control plane, worker nodes, and RBAC.
mukul975/Anthropic-Cybersecurity-Skills 4,300
-
testing-for-xss-vulnerabilities-with-burpsuite
Identifying and validating cross-site scripting vulnerabilities using Burp Suite's scanner, intruder, and repeater tools during authorized security assessments.
mukul975/Anthropic-Cybersecurity-Skills 4,300
-
detecting-pass-the-ticket-attacks
Detect Kerberos Pass-the-Ticket (PtT) attacks by analyzing Windows Event IDs 4768, 4769, and 4771 for anomalous ticket usage patterns in Splunk and Elastic SIEM
mukul975/Anthropic-Cybersecurity-Skills 4,300
-
performing-file-carving-with-foremost
Recover files from disk images and unallocated space using Foremost's header-footer signature carving to extract evidence regardless of file system state.
mukul975/Anthropic-Cybersecurity-Skills 4,300
-
analyzing-heap-spray-exploitation
Detect and analyze heap spray attacks in memory dumps using Volatility3 plugins to identify NOP sled patterns, shellcode landing zones, and suspicious large allocations in process virtual address space.
mukul975/Anthropic-Cybersecurity-Skills 4,300
-
analyzing-malware-family-relationships-with-malpedia
Use the Malpedia platform and API to research malware family relationships, track variant evolution, link families to threat actors, and integrate YARA rules for detection across malware lineages.
mukul975/Anthropic-Cybersecurity-Skills 4,300
-
scanning-network-with-nmap-advanced
Performs advanced network reconnaissance using Nmap's scripting engine, timing controls, evasion techniques, and output parsing to discover hosts, enumerate services, detect vulnerabilities, and fingerprint operating systems across authorized target networks.
mukul975/Anthropic-Cybersecurity-Skills 4,300
-
conducting-external-reconnaissance-with-osint
Conducts external reconnaissance using Open Source Intelligence (OSINT) techniques to map an organization's external attack surface without directly interacting with target systems. The tester gathers information from public sources including DNS records, certificate transparency logs, search engines, social media, code repositories, and data breach databases to build a comprehensive target profile. Activates for requests involving OSINT reconnaissance, external footprinting, attack surface mapping, or passive information gathering.
mukul975/Anthropic-Cybersecurity-Skills 4,300
-
conducting-cloud-incident-response
Responds to security incidents in cloud environments (AWS, Azure, GCP) by performing identity-based containment, cloud-native log analysis, resource isolation, and forensic evidence acquisition adapted for ephemeral cloud infrastructure. Activates for requests involving cloud incident response, AWS security incident, Azure compromise, GCP breach, cloud forensics, or cloud identity compromise.
mukul975/Anthropic-Cybersecurity-Skills 4,300
-
performing-binary-exploitation-analysis
Analyze binary exploitation techniques including buffer overflows and ROP chains using pwntools Python library. Covers checksec analysis, gadget discovery with ROPgadget, and exploit development for CTF and authorized security assessments.
mukul975/Anthropic-Cybersecurity-Skills 4,300
-
detecting-rdp-brute-force-attacks
Detect RDP brute force attacks by analyzing Windows Security Event Logs for failed authentication patterns (Event ID 4625), successful logons after failures (Event ID 4624), NLA failures, and source IP frequency analysis.
mukul975/Anthropic-Cybersecurity-Skills 4,300
-
collecting-volatile-evidence-from-compromised-host
Collect volatile forensic evidence from a compromised system following order of volatility, preserving memory, network connections, processes, and system state before they are lost.
mukul975/Anthropic-Cybersecurity-Skills 4,300
-
exploiting-ipv6-vulnerabilities
Identifies and exploits IPv6-specific vulnerabilities including SLAAC spoofing, Router Advertisement flooding, and IPv6 tunneling during authorized assessments to test dual-stack security controls and IPv6-aware network defenses.
mukul975/Anthropic-Cybersecurity-Skills 4,300
-
performing-log-analysis-for-forensic-investigation
Collect, parse, and correlate system, application, and security logs to reconstruct events and establish timelines during forensic investigations.
mukul975/Anthropic-Cybersecurity-Skills 4,300
-
performing-api-security-testing-with-postman
Uses Postman to perform structured API security testing by building collections that test for OWASP API Security Top 10 vulnerabilities including authentication bypass, authorization flaws, injection, and data exposure. The tester creates environments with multiple user roles, writes test scripts for automated security validation, and integrates Postman with OWASP ZAP and Newman for CI/CD security testing. Activates for requests involving Postman security testing, API security collection, automated API testing, or OWASP API testing with Postman.
mukul975/Anthropic-Cybersecurity-Skills 4,300
-
performing-active-directory-forest-trust-attack
Enumerate and audit Active Directory forest trust relationships using impacket for SID filtering analysis, trust key extraction, cross-forest SID history abuse detection, and inter-realm Kerberos ticket assessment.
mukul975/Anthropic-Cybersecurity-Skills 4,300
-
performing-active-directory-penetration-test
Conduct a focused Active Directory penetration test to enumerate domain objects, discover attack paths with BloodHound, exploit Kerberos weaknesses, escalate privileges via ADCS/DCSync, and demonstrate domain compromise.
mukul975/Anthropic-Cybersecurity-Skills 4,300
-
exploiting-api-injection-vulnerabilities
Tests APIs for injection vulnerabilities including SQL injection, NoSQL injection, OS command injection, LDAP injection, and Server-Side Request Forgery (SSRF) through API parameters, headers, and request bodies. The tester crafts malicious payloads targeting different backend technologies and injection contexts to extract data, execute commands, or access internal services. Maps to OWASP API8:2023 Security Misconfiguration and API7:2023 SSRF. Activates for requests involving API injection testing, SQLi in APIs, NoSQL injection, SSRF testing, or API input validation assessment.
mukul975/Anthropic-Cybersecurity-Skills 4,300
-
performing-initial-access-with-evilginx3
Perform authorized initial access using EvilGinx3 adversary-in-the-middle phishing framework to capture session tokens and bypass multi-factor authentication during red team engagements.
mukul975/Anthropic-Cybersecurity-Skills 4,300
-
exploiting-bgp-hijacking-vulnerabilities
Analyzes and simulates BGP hijacking scenarios in authorized lab environments to assess route origin validation, RPKI deployment, and BGP monitoring defenses against prefix hijacking and route leak attacks on internet routing infrastructure.
mukul975/Anthropic-Cybersecurity-Skills 4,300
-
performing-indicator-lifecycle-management
Indicator lifecycle management tracks IOCs from initial discovery through validation, enrichment, deployment, monitoring, and eventual retirement. This skill covers implementing systematic processes f
mukul975/Anthropic-Cybersecurity-Skills 4,300
-
performing-adversary-in-the-middle-phishing-detection
Detect and respond to Adversary-in-the-Middle (AiTM) phishing attacks that use reverse proxy kits like EvilProxy, Evilginx, and Tycoon 2FA to bypass MFA and steal session tokens.
mukul975/Anthropic-Cybersecurity-Skills 4,300
-
performing-ai-driven-osint-correlation
Use AI and LLM-based reasoning to correlate findings across multiple OSINT sources—username enumeration, email lookups, social media profiles, domain records, breach databases, and dark-web mentions—into unified intelligence profiles with confidence scoring and link analysis.
mukul975/Anthropic-Cybersecurity-Skills 4,300