Sponsored by

Find leads on Reddit on auto pilot

Topic: security

1,299 skills in this topic.

performing-hardware-security-module-integration Integrate Hardware Security Modules (HSMs) using PKCS#11 interface for cryptographic key management, signing operations, and secure key storage with python-pkcs11, AWS CloudHSM, and YubiHSM2.
mukul975/Anthropic-Cybersecurity-Skills 4,300
implementing-api-threat-protection-with-apigee Implement API threat protection using Google Apigee policies including JSON/XML threat protection, OAuth 2.0, SpikeArrest, and Advanced API Security for OWASP Top 10 defense.
mukul975/Anthropic-Cybersecurity-Skills 4,300
implementing-iso-27001-information-security-management ISO/IEC 27001:2022 is the international standard for establishing, implementing, maintaining, and continually improving an Information Security Management System (ISMS). This skill covers the complete
mukul975/Anthropic-Cybersecurity-Skills 4,300
implementing-disk-encryption-with-bitlocker Implements full disk encryption using Microsoft BitLocker on Windows endpoints to protect data at rest from unauthorized access in case of device loss or theft. Use when deploying encryption for compliance requirements, securing mobile workstations, or implementing data protection controls across the enterprise. Activates for requests involving BitLocker encryption, disk encryption, TPM configuration, or data-at-rest protection.
mukul975/Anthropic-Cybersecurity-Skills 4,300
implementing-zero-trust-in-cloud This skill guides organizations through implementing zero trust architecture in cloud environments following NIST SP 800-207 and Google BeyondCorp principles. It covers identity-centric access controls, micro-segmentation, continuous verification, device trust assessment, and deploying Identity-Aware Proxy to eliminate implicit network trust in AWS, Azure, and GCP environments.
mukul975/Anthropic-Cybersecurity-Skills 4,300
implementing-api-security-testing-with-42crunch Implement comprehensive API security testing using the 42Crunch platform to perform static audit and dynamic conformance scanning of OpenAPI specifications.
mukul975/Anthropic-Cybersecurity-Skills 4,300
implementing-infrastructure-as-code-security-scanning This skill covers implementing automated security scanning for Infrastructure as Code (IaC) templates using tools like Checkov, tfsec, and KICS. It addresses detecting misconfigurations in Terraform, CloudFormation, Kubernetes manifests, and Helm charts before deployment, establishing policy-based governance, and integrating IaC scanning into CI/CD pipelines to prevent insecure cloud resource provisioning.
mukul975/Anthropic-Cybersecurity-Skills 4,300
performing-memory-forensics-with-volatility3-plugins Analyze memory dumps using Volatility3 plugins to detect injected code, rootkits, credential theft, and malware artifacts in Windows, Linux, and macOS memory images.
mukul975/Anthropic-Cybersecurity-Skills 4,300
performing-oauth-scope-minimization-review Performs OAuth 2.0 scope minimization review to identify over-permissioned third-party application integrations, excessive API scopes, unused token grants, and risky OAuth consent patterns across identity providers and SaaS platforms. Activates for requests involving OAuth scope audit, API permission review, third-party app risk assessment, or consent grant minimization.
mukul975/Anthropic-Cybersecurity-Skills 4,300
implementing-api-security-posture-management Implement API Security Posture Management to continuously discover, classify, and score APIs based on risk while enforcing security policies across the API lifecycle.
mukul975/Anthropic-Cybersecurity-Skills 4,300
hunting-for-cobalt-strike-beacons Detect Cobalt Strike beacon network activity using default TLS certificate signatures (serial 8BB00EE), JA3/JA3S/JARM fingerprints, HTTP C2 profile pattern matching, beacon jitter analysis, and named pipe detection via Zeek, Suricata, and Python PCAP analysis.
mukul975/Anthropic-Cybersecurity-Skills 4,300
implementing-api-schema-validation-security Implement API schema validation using OpenAPI specifications and JSON Schema to enforce input/output contracts and prevent injection, data exposure, and mass assignment attacks.
mukul975/Anthropic-Cybersecurity-Skills 4,300
exploiting-deeplink-vulnerabilities Tests and exploits deep link (URL scheme and App Link) vulnerabilities in Android and iOS mobile applications to identify unauthorized access, data injection, intent hijacking, and redirect manipulation. Use when assessing mobile app attack surface through custom URI schemes, Android App Links, iOS Universal Links, or intent-based navigation. Activates for requests involving deep link security testing, URL scheme exploitation, mobile intent abuse, or link hijacking.
mukul975/Anthropic-Cybersecurity-Skills 4,300
exploiting-constrained-delegation-abuse Exploit Kerberos Constrained Delegation misconfigurations in Active Directory to impersonate privileged users via S4U2self and S4U2proxy extensions for lateral movement and privilege escalation.
mukul975/Anthropic-Cybersecurity-Skills 4,300
hunting-for-domain-fronting-c2-traffic Detect domain fronting C2 traffic by analyzing SNI vs HTTP Host header mismatches in proxy logs and TLS certificate discrepancies using pyOpenSSL for certificate inspection
mukul975/Anthropic-Cybersecurity-Skills 4,300
performing-ot-vulnerability-scanning-safely Perform vulnerability scanning in OT/ICS environments safely using passive monitoring, native protocol queries, and carefully controlled active scanning with Tenable OT Security to identify vulnerabilities without disrupting industrial processes or crashing legacy controllers.
mukul975/Anthropic-Cybersecurity-Skills 4,300
implementing-anti-phishing-training-program Security awareness training is the human layer of phishing defense. An effective anti-phishing training program combines regular simulations, interactive learning modules, metric tracking, and positiv
mukul975/Anthropic-Cybersecurity-Skills 4,300
hunting-for-defense-evasion-via-timestomping Detect NTFS timestamp manipulation (MITRE T1070.006) by comparing $STANDARD_INFORMATION vs $FILE_NAME timestamps in the MFT. Uses analyzeMFT and Python to identify files with anomalous temporal patterns indicating anti-forensic timestomping activity.
mukul975/Anthropic-Cybersecurity-Skills 4,300
performing-endpoint-forensics-investigation Performs digital forensics investigation on compromised endpoints including memory acquisition, disk imaging, artifact analysis, and timeline reconstruction. Use when investigating security incidents, collecting evidence for legal proceedings, or analyzing endpoint compromise scope. Activates for requests involving endpoint forensics, memory analysis, disk forensics, or incident investigation.
mukul975/Anthropic-Cybersecurity-Skills 4,300
exploiting-jwt-algorithm-confusion-attack Exploits JWT algorithm confusion vulnerabilities where the server's token verification library accepts the algorithm specified in the JWT header rather than enforcing a fixed algorithm. The tester manipulates the alg header to switch from RS256 to HS256 (using the RSA public key as the HMAC secret), sets alg to none to bypass signature verification, or exploits kid/jku/x5u header injection to supply attacker-controlled keys. Activates for requests involving JWT algorithm confusion, alg none attack, key confusion attack, or JWT signature bypass.
mukul975/Anthropic-Cybersecurity-Skills 4,300
performing-hash-cracking-with-hashcat Hash cracking is an essential skill for penetration testers and security auditors to evaluate password strength. Hashcat is the world's fastest password recovery tool, supporting over 300 hash types w
mukul975/Anthropic-Cybersecurity-Skills 4,300
exploiting-smb-vulnerabilities-with-metasploit Identifies and exploits SMB protocol vulnerabilities using Metasploit Framework during authorized penetration tests to demonstrate risks from unpatched Windows systems, misconfigured shares, and weak authentication in enterprise networks.
mukul975/Anthropic-Cybersecurity-Skills 4,300
executing-red-team-engagement-planning Red team engagement planning is the foundational phase that defines scope, objectives, rules of engagement (ROE), threat model selection, and operational timelines before any offensive testing begins.
mukul975/Anthropic-Cybersecurity-Skills 4,300
implementing-zero-trust-for-saas-applications Implementing zero trust access controls for SaaS applications using CASB, SSPM, conditional access policies, OAuth app governance, and session controls to enforce identity verification, device compliance, and data protection for cloud-hosted services.
mukul975/Anthropic-Cybersecurity-Skills 4,300