Skill UI

This skill provides comprehensive detection methods for credential dumping techniques, a critical post-exploitation phase in cyber attacks. It targets the extraction of sensitive credentials from LSASS memory, SAM registry hives, and NTDS.dit using advanced security visibility. Detection relies on analyzing Sysmon Event ID 10 (ProcessAccess), Windows Security logs, and complex SIEM correlation rules, making it essential for SOC analysts and threat hunters investigating advanced persistent threats (APTs).

This skill focuses on threat hunting techniques to detect adversaries leveraging Living Off the Land Binaries (LOLBins). By analyzing detailed endpoint process creation logs (e.g., Sysmon), practitioners can identify suspicious execution patterns of legitimate Windows system binaries (like certutil, mshta, rundll32) used for malicious fileless attacks or defense evasion. It is crucial for improving detection coverage against advanced persistent threats.

This guide details the implementation of robust API abuse detection mechanisms. It covers advanced rate limiting techniques, such as the Token Bucket and Sliding Window algorithms, to defend APIs against DDoS attacks, brute force attempts, and credential stuffing. It emphasizes using distributed stores like Redis for accurate, scalable, and adaptive security controls in an API gateway context.

This guide details how to implement advanced SIEM correlation rules to detect sophisticated Advanced Persistent Threats (APTs). By chaining multiple event types—including Windows authentication events, process execution telemetry, and network connection logs—across hosts, users can surface complex attack sequences that are invisible to single-event detections. It utilizes Splunk SPL and Sigma rule formats for robust security posture enhancement.

Provides Playwright-driven browser automation for scraping structured data, driving multi-step workflows, managing sessions and anti-detection tactics, and capturing screenshots/PDFs in production pipelines.

A comprehensive skill for conducting authorized Bluetooth Low Energy (BLE) security assessments. It covers detecting various attacks, including sniffing, Man-in-the-Middle interception, replay attacks, and GATT enumeration abuse. The workflow guides users through packet capture using specialized sniffers (Ubertooth, nRF Sniffer), analyzing services and characteristics via Python/bleak, and performing cryptographic analysis using tools like crackle.

A comprehensive tool for creating high-quality training datasets for custom object detection and segmentation models. It supports multiple advanced annotation methods including BBox drawing, SAM2 pixel-perfect segmentation, and DINOv3 visual grounding. Features include AI auto-detection, object tracking, and standardized COCO format export, streamlining the entire data pipeline from capture to training.

This skill provides a deep dive into the architecture of low-level keyloggers. It covers techniques such as kernel driver hooks, using WH_KEYBOARD_LL, ETW-based input capture, and analyzing user-mode vs. kernel-mode approaches. Use this methodology to understand input capture mechanisms, research EDR evasion methods, or analyze malware architecture for advanced security threat detection.