Login
Download

Skill UI

Browse and discover 6011+ curated skills
All Development Artificial Intelligence Design & Creative Product & Business Data Science Marketing Soft Skills Productivity Engineering Languages
Search Event Detection , found 21 results
Default Newest Most Downloaded

RDP Brute Force Detection

detecting-rdp-brute-force-attacks
mukul975/Anthropic-Cybersecurity-Skills
147
Detect RDP brute-force attacks by parsing Windows Security EVTX logs, correlating Event ID 4625 failures with subsequent 4624 successes, spotting NLA bypass patterns, and summarizing source-IP trends for actionable alerts.
View Details

EDR Credential Dumping Detection

detecting-t1003-credential-dumping-with-edr
mukul975/Anthropic-Cybersecurity-Skills
437
Detects credential dumping T1003 activity by correlating EDR telemetry, Sysmon process access, and Windows security events to flag suspicious LSASS, SAM, NTDS, and cached credential access, guiding SOCs through containment and lateral movement analysis.
View Details

Sysmon Injection Detection

detecting-t1055-process-injection-with-sysmon
mukul975/Anthropic-Cybersecurity-Skills
294
Detects MITRE T1055 process injection techniques by correlating Sysmon events for remote thread creation, suspicious process access, anomalous DLL loading, and process hollowing to validate detections and feed SIEM alerts in threat-hunting workflows.
View Details

NTLM Relay Hunting

hunting-for-ntlm-relay-attacks
mukul975/Anthropic-Cybersecurity-Skills
207
Analyzes Windows Event 4624 logon type 3 with NTLMSSP to flag IP-hostname mismatches, Responder indicators, SMB signing weaknesses, and rapid domain authentications for NTLM relay detection.
View Details

Scheduled Task Persistence Hunt

hunting-for-scheduled-task-persistence
mukul975/Anthropic-Cybersecurity-Skills
145
Hunt for adversary persistence via Windows Scheduled Tasks by analyzing creation events, suspicious task actions, and unusual scheduling patterns across EDR and SIEM telemetry to validate detections and inform incident response.
View Details

LOLBAS Detection Rules

hunting-living-off-the-land-binaries
mukul975/Anthropic-Cybersecurity-Skills
103
Monitors Windows process creation events to flag Living Off The Land Binary abuse by matching Event ID 4688/Sysmon 1 logs against LOLBAS database entries, supporting threat hunting and SIEM rule creation for fileless attacks.
View Details

Continuous Security Validation

implementing-continuous-security-validation-with-bas
mukul975/Anthropic-Cybersecurity-Skills
107
Deploy BAS platforms to continuously emulate attacker techniques across MITRE ATT&CK, score prevention/detection, and validate controls from email gateways to cloud workloads in a safe automated loop.
View Details

Datadog Security Monitoring

implementing-security-monitoring-with-datadog
mukul975/Anthropic-Cybersecurity-Skills
54
Set up Datadog Cloud SIEM with log analysis, detection rules, dashboards, and automated alerts to monitor and respond to security events across cloud and hybrid infrastructure.
View Details

Lateral Movement Detection

performing-lateral-movement-detection
mukul975/Anthropic-Cybersecurity-Skills
156
Detects lateral movement techniques such as Pass-the-Hash, PsExec, WMI, RDP, and SMB pivots through SIEM correlation of Windows event logs, network flows, and endpoint telemetry aligned with MITRE ATT&CK TA0008 for SOC response and investigation.
View Details
Prev12
Language
简体中文
English