Download

Skill UI

Browse and discover 6186+ curated skills

All Development Artificial Intelligence Design & Creative Product & Business Data Science Marketing Soft Skills Productivity Engineering Languages

Search threat-hunting , found 35 results

Default Newest Most Downloaded

Threat Hunt Hypothesis

building-threat-hunt-hypothesis-framework

mukul975/Anthropic-Cybersecurity-Skills

Establishes a systematic process that turns threat intelligence, ATT&CK gaps, and telemetry into testable hunting hypotheses, guiding analysts through data selection, query execution, and reporting for proactive detection and response.

Deploy Osquery Endpoint Monitoring

deploying-osquery-for-endpoint-monitoring

mukul975/Anthropic-Cybersecurity-Skills

Guides deploying and configuring osquery agents across Windows, macOS, and Linux to gain SQL-based visibility into running processes, ports, installed software, and compliance state for fleet monitoring, threat hunting, and SIEM integration.

Detecting BOPLA Vulnerabilities

detecting-broken-object-property-level-authorization

mukul975/Anthropic-Cybersecurity-Skills

Helps security testers detect Broken Object Property Level Authorization flaws by checking for excessive data exposure and mass assignment in APIs, supporting rule development and automated threat hunting workflows.

Insider Threat Detection

detecting-insider-threat-behaviors

mukul975/Anthropic-Cybersecurity-Skills

Detects insider threat behaviors by hunting for unusual data access, privilege abuse, mass downloads, and resignation-linked exfiltration across EDR, SIEM, and intelligence sources to guide incident response actions.

Mimikatz Execution Detection

detecting-mimikatz-execution-patterns

mukul975/Anthropic-Cybersecurity-Skills

Detect execution patterns of Mimikatz by correlating command-line signatures, LSASS access anomalies, binary indicators, and in-memory modules across EDR and SIEM telemetry, supporting proactive threat hunting and incident response.

Zeek Network Anomaly Detection

detecting-network-anomalies-with-zeek

mukul975/Anthropic-Cybersecurity-Skills

Deploys Zeek to passively monitor network traffic, emit structured connection/DNS/HTTP/SSL logs, and run custom scripts that flag anomalous behavior for threat hunting and incident response teams.

Sysmon Injection Detection

detecting-t1055-process-injection-with-sysmon

mukul975/Anthropic-Cybersecurity-Skills

Detects MITRE T1055 process injection techniques by correlating Sysmon events for remote thread creation, suspicious process access, anomalous DLL loading, and process hollowing to validate detections and feed SIEM alerts in threat-hunting workflows.

Advanced Threat Hunting

hunting-advanced-persistent-threats

mukul975/Anthropic-Cybersecurity-Skills

Hunt for Advanced Persistent Threats across endpoints, network logs, and memory using MITRE ATT&CK hypotheses, Velociraptor/osquery queries, and SIEM pivots to validate threats or gaps before escalation.

Anomalous PowerShell Hunting

hunting-for-anomalous-powershell-execution

mukul975/Anthropic-Cybersecurity-Skills

Analyzes PowerShell EVTX logs to flag obfuscated script block execution, encoded commands, AMSI bypass attempts, download cradles, credential dumping keywords, and other anomalous behaviors, helping SOC analysts and threat hunters prioritize findings.

Detect DCSync Threats

hunting-for-dcsync-attacks

mukul975/Anthropic-Cybersecurity-Skills

Guide for hunting DCSync credential theft by analyzing Windows Event ID 4662, filtering unauthorized DS-Replication-Get-Changes requests, correlating with known DCs, and validating findings before response actions.

Zeek DNS Tunneling Hunt

hunting-for-dns-tunneling-with-zeek

mukul975/Anthropic-Cybersecurity-Skills

Detect DNS tunneling data exfiltration by analyzing Zeek dns.log for high-entropy subdomains, long queries, unusual record types, and elevated volume, correlating with connection metadata and threat intelligence.

WMI Subscription Persistence

hunting-for-persistence-via-wmi-subscriptions

mukul975/Anthropic-Cybersecurity-Skills

Guide to hunting WMI-based persistence by monitoring Sysmon and Windows WMI subscription creation events, enumerating dangerous filters and consumers, analyzing triggers, and correlating WmiPrvSe.exe activity and MOF compilation to detect stealthy threats.

Language