Skill UI

This tool provides a comprehensive framework for analyzing web server logs (Apache/Nginx) to detect various security threats. It uses advanced regex matching against OWASP attack signatures to identify SQL injection, Local File Inclusion, and Directory Traversal attempts, alongside behavioral analysis for brute-force attacks and web scanner fingerprints. The system also enriches data using GeoIP for source attribution, generating a prioritized report for SOC analysts.

This guide provides advanced detection methods and threat hunting queries (KQL/SPL) to identify abuse of Azure service principals. It covers techniques such as privilege escalation, credential compromise, unauthorized role assignment, and enumeration, essential for SOC analysts and security teams monitoring Microsoft Entra ID.

This framework detects NTLM relay attacks across Active Directory environments by correlating Windows Security Event 4624 (LogonType 3). It identifies key indicators such as IP-to-hostname mismatches, Responder/LLMNR poisoning artifacts, and non-enforced SMB/LDAP signing, providing comprehensive threat detection for T1557.001.