Login
Download
Skill UI
Browse and discover
10704+
curated skills
All
Development
Artificial Intelligence
Design & Creative
Product & Business
Data Science
Marketing
Soft Skills
Productivity
Engineering
Languages
Search
threat-hunting
, found
30
results
Default
Newest
Most Downloaded
Detecting Fileless Malware And Persistence Techniques
detecting-fileless-malware-techniques
mukul975/Anthropic-Cybersecurity-Skills
233
This script detects and analyzes sophisticated fileless malware techniques that operate entirely in system memory. It specializes in identifying threats that utilize Living Off the Land Binaries (LOLBins), WMI event subscriptions, and registry-resident payloads, bypassing traditional file-based security controls. It is ideal for forensic investigations, threat hunting, and building advanced detection rules in modern enterprise environments.
View Details
Detecting Suspicious PowerShell Execution Patterns
detecting-suspicious-powershell-execution
mukul975/Anthropic-Cybersecurity-Skills
168
This utility provides a comprehensive framework for proactive threat hunting, focusing on detecting advanced and suspicious PowerShell execution patterns. It covers common attacker techniques such as encoded command usage, download cradles (IEX), AMSI bypass attempts, and constrained language mode evasion. It is designed for security analysts during incident response and threat intelligence validation, requiring EDR and SIEM telemetry.
View Details
Detecting C2 Beaconing Via Frequency Analysis
hunting-for-beaconing-with-frequency-analysis
mukul975/Anthropic-Cybersecurity-Skills
403
This skill provides a systematic methodology for detecting Command and Control (C2) beaconing patterns in network traffic. It utilizes advanced statistical techniques, including Coefficient of Variation (CV) and jitter analysis, applied to network flow logs (Zeek, proxy, firewall). It is crucial for proactive threat hunting and incident response to identify compromised endpoints communicating periodically with malicious infrastructure.
View Details
Hunting For Data Exfiltration Indicators
hunting-for-data-exfiltration-indicators
mukul975/Anthropic-Cybersecurity-Skills
237
This skill provides advanced threat hunting techniques to detect unauthorized data exfiltration. It guides the analysis of network traffic, DNS queries, and cloud uploads to identify unusual data flows, DNS tunneling, and abuse of encrypted channels, essential for incident response and preventing data loss.
View Details
Detecting Timestomping via MFT Analysis
hunting-for-defense-evasion-via-timestomping
mukul975/Anthropic-Cybersecurity-Skills
70
This skill detects anti-forensic timestomping by analyzing NTFS Master File Table (MFT) entries. It compares timestamps from the $STANDARD_INFORMATION attribute (user-modifiable) against the $FILE_NAME attribute (kernel-protected). Discrepancies, such as SI Created < FN Created, strongly indicate malicious manipulation and defense evasion. This methodology is crucial for advanced threat hunting and digital forensic investigations.
View Details
Detecting Domain Fronting C2 Traffic
hunting-for-domain-fronting-c2-traffic
mukul975/Anthropic-Cybersecurity-Skills
459
This skill detects domain fronting, an advanced technique used by attackers to mask Command and Control (C2) traffic. It analyzes proxy/web gateway logs for mismatches between the TLS SNI field and the HTTP Host header, combined with deep TLS certificate inspection using pyOpenSSL. This is crucial for security teams investigating sophisticated network threats and validating detection coverage.
View Details
Hunting for NTLM Relay Attacks Detection
hunting-for-ntlm-relay-attacks
mukul975/Anthropic-Cybersecurity-Skills
389
This skill provides advanced threat hunting capabilities to detect NTLM relay attacks within Active Directory environments. It analyzes critical Windows Security Event 4624 logs, specifically focusing on logon type 3 using NTLMSSP authentication. The detection logic identifies suspicious patterns, including IP-to-hostname mismatches, rapid multi-host authentications, and lack of SMB signing enforcement, helping SOC analysts pinpoint unauthorized credential access attempts.
View Details
Detect WMI Persistence Via Event Subscriptions
hunting-for-persistence-via-wmi-subscriptions
mukul975/Anthropic-Cybersecurity-Skills
115
This guide details advanced threat hunting techniques to proactively uncover adversary persistence mechanisms leveraging Windows Management Instrumentation (WMI) event subscriptions. It monitors the creation and binding of WMI events (Filter, Consumer, Binding) to detect malicious, fileless backdoors used by sophisticated threat actors, especially when standard persistence locations are clean.
View Details
Hunting Registry Persistence Mechanisms In Windows
hunting-for-registry-persistence-mechanisms
mukul975/Anthropic-Cybersecurity-Skills
460
A detailed methodology for proactive threat hunting focused on identifying deep-seated persistence mechanisms within Windows operating systems. This guide covers advanced techniques such as monitoring Run keys, analyzing Winlogon modifications, detecting IFEO injection, and identifying COM object hijacking. It is crucial for incident response, purple teaming, and ensuring system integrity against advanced persistent threats (APTs).
View Details
Detecting Registry Run Key Persistence
hunting-for-registry-run-key-persistence
mukul975/Anthropic-Cybersecurity-Skills
429
This guide details a threat hunting technique for detecting persistence mechanisms utilizing Windows Registry Run keys (T1547.001). By analyzing Sysmon Event ID 13 logs, it identifies suspicious auto-start entries pointing to temporary directories, encoded PowerShell commands, or abused LOLBins. Essential for SOC analysts and security engineers investigating incidents and developing robust detection rules.
View Details
Hunting for Account Manipulation Techniques
hunting-for-t1098-account-manipulation
mukul975/Anthropic-Cybersecurity-Skills
404
This skill guides threat hunters in detecting MITRE ATT&CK T1098 account manipulation techniques. It focuses on analyzing Windows Security Event Logs (like 4738, 4728) to uncover shadow administration creation, suspicious group membership changes, SID history injection, and unauthorized credential modifications, crucial for incident response and building robust detection rules.
View Details
LOLBAS Detection Rules
hunting-living-off-the-land-binaries
mukul975/Anthropic-Cybersecurity-Skills
103
Monitors Windows process creation events to flag Living Off The Land Binary abuse by matching Event ID 4688/Sysmon 1 logs against LOLBAS database entries, supporting threat hunting and SIEM rule creation for fileless attacks.
View Details
Prev
1
2
3
Next
Language
简体中文
English