Skill UI

A proactive, hypothesis-driven skill designed to hunt for Advanced Persistent Threats (APT) within complex enterprise environments. It analyzes endpoint telemetry, network logs, and memory artifacts using frameworks like MITRE ATT&CK. Use this skill when investigating anomalous behavior flagged by UEBA, conducting scheduled threat sprints, or validating exposure to known TTPs using tools like Velociraptor and osquery.

This guide provides a structured methodology for proactively hunting adversaries who establish persistence using Windows Scheduled Tasks (T1053). It outlines the necessary prerequisites (EDR, SIEM, Sysmon) and a comprehensive workflow—from hypothesis formulation to threat correlation—for detecting suspicious task creation, unusual scheduling patterns, and attacker TTPs during incident response or red teaming.