Skill UI

This skill analyzes behavioral reports (Cuckoo/AnyRun) to detect anti-analysis techniques used by malware, such as timing checks, VM artifact queries, user interaction monitoring, and environment fingerprinting. It provides a structured method for security researchers and SOC analysts to understand malware's true capabilities and detect evasion attempts.

A comprehensive skill for detecting advanced malware techniques, including DLL injection, process hollowing, APC injection, and thread hijacking. Utilizes memory forensics (Volatility), API monitoring (Sysmon), and behavioral analysis to identify malicious code artifacts and suspicious process activities in a deep defense context.

This skill provides a comprehensive workflow for analyzing malicious software to extract actionable Indicators of Compromise (IOCs). It covers static analysis (PE parsing, hashing, string extraction) and dynamic analysis techniques. Users learn how to identify file hashes, network indicators (C2 IPs, domains), registry modifications, and behavioral artifacts, ultimately formatting the findings into standard STIX 2.1 formats for sharing and incident response.

This system detects ransomware by combining multiple advanced techniques: real-time entropy analysis, file system I/O monitoring, and behavioral heuristics. It identifies abnormal mass file modification patterns, sudden spikes in data entropy (indicating encryption), and suspicious process activities like shadow copy deletion. Ideal for building advanced EDR detection layers to catch zero-day and unknown ransomware variants.