Sponsored by

Find leads on Reddit on auto pilot

Topic: security

1,299 skills in this topic.

performing-paste-site-monitoring-for-credentials Monitor paste sites like Pastebin and GitHub Gists for leaked credentials, API keys, and sensitive data dumps using automated scraping and keyword matching to detect breaches early.
mukul975/Anthropic-Cybersecurity-Skills 4,300
extracting-windows-event-logs-artifacts Extract, parse, and analyze Windows Event Logs (EVTX) using Chainsaw, Hayabusa, and EvtxECmd to detect lateral movement, persistence, and privilege escalation.
mukul975/Anthropic-Cybersecurity-Skills 4,300
implementing-log-integrity-with-blockchain Build an append-only log integrity chain using SHA-256 hash chaining for tamper detection. Each log entry is hashed with the previous entry's hash to create a blockchain-like structure where modifying any entry invalidates all subsequent hashes. Implements log ingestion, chain verification, tamper detection with pinpoint identification, and periodic checkpoint anchoring to external timestamping services.
mukul975/Anthropic-Cybersecurity-Skills 4,300
detecting-qr-code-phishing-with-email-security Detect and prevent QR code phishing (quishing) attacks that bypass traditional email security by embedding malicious URLs in QR code images within emails.
mukul975/Anthropic-Cybersecurity-Skills 4,300
exploiting-zerologon-vulnerability-cve-2020-1472 Exploit the Zerologon vulnerability (CVE-2020-1472) in the Netlogon Remote Protocol to achieve domain controller compromise by resetting the machine account password to empty.
mukul975/Anthropic-Cybersecurity-Skills 4,300
correlating-security-events-in-qradar Correlates security events in IBM QRadar SIEM using AQL (Ariel Query Language), custom rules, building blocks, and offense management to detect multi-stage attacks across network, endpoint, and application log sources. Use when SOC analysts need to investigate QRadar offenses, build correlation rules, or tune detection logic for reducing false positives.
mukul975/Anthropic-Cybersecurity-Skills 4,300
analyzing-linux-system-artifacts Examine Linux system artifacts including auth logs, cron jobs, shell history, and system configuration to uncover evidence of compromise or unauthorized activity.
mukul975/Anthropic-Cybersecurity-Skills 4,300
detecting-ransomware-encryption-behavior Detects ransomware encryption activity in real time using entropy analysis, file system I/O monitoring, and behavioral heuristics. Identifies mass file modification patterns, abnormal entropy spikes in written data, and suspicious process behavior characteristic of ransomware encryption routines. Activates for requests involving ransomware behavioral detection, entropy-based file monitoring, I/O anomaly detection, or real-time encryption activity alerting.
mukul975/Anthropic-Cybersecurity-Skills 4,300
analyzing-azure-activity-logs-for-threats Queries Azure Monitor activity logs and sign-in logs via azure-monitor-query to detect suspicious administrative operations, impossible travel, privilege escalation, and resource modifications. Builds KQL queries for threat hunting in Azure environments. Use when investigating suspicious Azure tenant activity or building cloud SIEM detections.
mukul975/Anthropic-Cybersecurity-Skills 4,300
analyzing-windows-prefetch-with-python Parse Windows Prefetch files using the windowsprefetch Python library to reconstruct application execution history, detect renamed or masquerading binaries, and identify suspicious program execution patterns.
mukul975/Anthropic-Cybersecurity-Skills 4,300
performing-threat-hunting-with-yara-rules Use YARA pattern-matching rules to hunt for malware, suspicious files, and indicators of compromise across filesystems and memory dumps. Covers rule authoring, yara-python scanning, and integration with threat intel feeds.
mukul975/Anthropic-Cybersecurity-Skills 4,300
implementing-aws-iam-permission-boundaries Configure IAM permission boundaries in AWS to delegate role creation to developers while enforcing maximum privilege limits set by the security team.
mukul975/Anthropic-Cybersecurity-Skills 4,300
implementing-semgrep-for-custom-sast-rules Write custom Semgrep SAST rules in YAML to detect application-specific vulnerabilities, enforce coding standards, and integrate into CI/CD pipelines.
mukul975/Anthropic-Cybersecurity-Skills 4,300
implementing-saml-sso-with-okta Implement SAML 2.0 Single Sign-On (SSO) using Okta as the Identity Provider (IdP). This skill covers end-to-end configuration of SAML authentication flows, attribute mapping, certificate management, a
mukul975/Anthropic-Cybersecurity-Skills 4,300
analyzing-slack-space-and-file-system-artifacts Examine file system slack space, MFT entries, USN journal, and alternate data streams to recover hidden data and reconstruct file activity on NTFS volumes.
mukul975/Anthropic-Cybersecurity-Skills 4,300
detecting-rootkit-activity Detects rootkit presence on compromised systems by identifying hidden processes, hooked system calls, modified kernel structures, hidden files, and covert network connections using memory forensics, cross-view detection, and integrity checking techniques. Activates for requests involving rootkit detection, hidden process discovery, kernel integrity checking, or system call hook analysis.
mukul975/Anthropic-Cybersecurity-Skills 4,300
analyzing-apt-group-with-mitre-navigator Analyze advanced persistent threat (APT) group techniques using MITRE ATT&CK Navigator to create layered heatmaps of adversary TTPs for detection gap analysis and threat-informed defense.
mukul975/Anthropic-Cybersecurity-Skills 4,300
building-threat-actor-profile-from-osint Build comprehensive threat actor profiles using open-source intelligence (OSINT) techniques to document adversary motivations, capabilities, infrastructure, and TTPs for proactive defense.
mukul975/Anthropic-Cybersecurity-Skills 4,300
implementing-usb-device-control-policy Implements USB device control policies to restrict unauthorized removable media access on endpoints, preventing data exfiltration and malware introduction via USB devices. Use when deploying device control via Group Policy, Intune, or EDR platforms to enforce USB restrictions. Activates for requests involving USB control, removable media policy, device control, or data loss prevention via USB.
mukul975/Anthropic-Cybersecurity-Skills 4,300
configuring-oauth2-authorization-flow Configure secure OAuth 2.0 authorization flows including Authorization Code with PKCE, Client Credentials, and Device Authorization Grant. This skill covers flow selection, PKCE implementation, token
mukul975/Anthropic-Cybersecurity-Skills 4,300
deobfuscating-javascript-malware Deobfuscates malicious JavaScript code used in web-based attacks, phishing pages, and dropper scripts by reversing encoding layers, eval chains, string manipulation, and control flow obfuscation to reveal the original malicious logic. Activates for requests involving JavaScript malware analysis, script deobfuscation, web skimmer analysis, or obfuscated dropper investigation.
mukul975/Anthropic-Cybersecurity-Skills 4,300
detecting-insider-threat-with-ueba Implement User and Entity Behavior Analytics using Elasticsearch/OpenSearch to build behavioral baselines, calculate anomaly scores, perform peer group analysis, and detect insider threat indicators such as data exfiltration, privilege abuse, and unauthorized access patterns.
mukul975/Anthropic-Cybersecurity-Skills 4,300
performing-oil-gas-cybersecurity-assessment This skill covers conducting cybersecurity assessments specific to oil and gas facilities including upstream (exploration/production), midstream (pipeline/transport), and downstream (refining/distribution) operations. It addresses SCADA systems controlling pipeline operations, DCS for refinery process control, safety instrumented systems for hazardous processes, remote terminal units at unmanned wellhead sites, and compliance with API 1164, TSA Pipeline Security Directives, IEC 62443, and NIST Cybersecurity Framework for critical infrastructure.
mukul975/Anthropic-Cybersecurity-Skills 4,300
automating-ioc-enrichment Automates the enrichment of raw indicators of compromise with multi-source threat intelligence context using SOAR platforms, Python pipelines, or TIP playbooks to reduce analyst triage time and standardize enrichment outputs. Use when building automated enrichment workflows integrated with SIEM alerts, email submission pipelines, or bulk IOC processing from threat feeds. Activates for requests involving SOAR enrichment, Cortex XSOAR, Splunk SOAR, TheHive, Python enrichment pipelines, or automated IOC processing.
mukul975/Anthropic-Cybersecurity-Skills 4,300