Download

Skill UI

Browse and discover 6051+ curated skills

All Development Artificial Intelligence Design & Creative Product & Business Data Science Marketing Soft Skills Productivity Engineering Languages

Search Analyzing , found 205 results

Default Newest Most Downloaded

Detect C2 Beaconing Patterns

hunting-for-command-and-control-beaconing

mukul975/Anthropic-Cybersecurity-Skills

Detect C2 beaconing patterns by analyzing network telemetry for regular intervals, jitter, and domain reputation to find compromised endpoints communicating with adversary infrastructure before outbreaks escalate.

Data Exfiltration Hunt

hunting-for-data-exfiltration-indicators

mukul975/Anthropic-Cybersecurity-Skills

Conduct proactive threat hunts for data exfiltration by analyzing network transfers, spotting DNS tunneling, cloud uploads, and encrypted channel abuse to validate suspicious outbound flows in incident response.

Detect DCSync Threats

hunting-for-dcsync-attacks

mukul975/Anthropic-Cybersecurity-Skills

Guide for hunting DCSync credential theft by analyzing Windows Event ID 4662, filtering unauthorized DS-Replication-Get-Changes requests, correlating with known DCs, and validating findings before response actions.

Zeek DNS Tunneling Hunt

hunting-for-dns-tunneling-with-zeek

mukul975/Anthropic-Cybersecurity-Skills

Detect DNS tunneling data exfiltration by analyzing Zeek dns.log for high-entropy subdomains, long queries, unusual record types, and elevated volume, correlating with connection metadata and threat intelligence.

Living Off-the-Land Hunt

hunting-for-living-off-the-land-binaries

mukul975/Anthropic-Cybersecurity-Skills

Proactively hunt for adversary abuse of legitimate system binaries (LOLBins) by analyzing EDR/SIEM telemetry, correlating network activity, and documenting findings to inform detections for defense-evasion scenarios.

WMI Subscription Persistence

hunting-for-persistence-via-wmi-subscriptions

mukul975/Anthropic-Cybersecurity-Skills

Guide to hunting WMI-based persistence by monitoring Sysmon and Windows WMI subscription creation events, enumerating dangerous filters and consumers, analyzing triggers, and correlating WmiPrvSe.exe activity and MOF compilation to detect stealthy threats.

Registry Run Key Hunting

hunting-for-registry-run-key-persistence

mukul975/Anthropic-Cybersecurity-Skills

Detects MITRE ATT&CK T1547.001 persistence by analyzing Sysmon Event ID 13 and related logs to spot malicious registry Run/RunOnce entries, unusual modifying processes, and builds Sigma/Splunk alerts for response.

Scheduled Task Persistence Hunt

hunting-for-scheduled-task-persistence

mukul975/Anthropic-Cybersecurity-Skills

Hunt for adversary persistence via Windows Scheduled Tasks by analyzing creation events, suspicious task actions, and unusual scheduling patterns across EDR and SIEM telemetry to validate detections and inform incident response.

Startup Folder Persistence Detection

hunting-for-startup-folder-persistence

mukul975/Anthropic-Cybersecurity-Skills

Detects MITRE T1547.001 startup folder persistence by scanning Windows startup directories, analyzing file metadata/signatures, and using Python watchdog to raise real-time alerts on suspicious creations.

Suspicious Scheduled Task Hunt

hunting-for-suspicious-scheduled-tasks

mukul975/Anthropic-Cybersecurity-Skills

Hunt for persistence via Windows scheduled tasks by analyzing creation events, suspicious properties, and execution anomalies to catch T1053.005 abuse during threat hunting or incident response.

Webshell Hunting Workflow

hunting-for-webshell-activity

mukul975/Anthropic-Cybersecurity-Skills

Hunt for web shell deployments on internet-facing servers by analyzing file writes, spawned processes, and HTTP anomalies; use this guide during proactive threat-hunting, incident response, and SIEM/EDR detection tuning.

SIEM Detection Tuning

implementing-siem-use-case-tuning

mukul975/Anthropic-Cybersecurity-Skills

Tune SIEM detection rules to reduce false positives and alert fatigue by analyzing alert volumes, building baselines, creating whitelists, and tracking precision/recall for Splunk and Elastic workflows.

Prev 1 2 3...13 14 151617 18 Next

Language