Skill UI

This skill guides the detection of Golden Ticket attacks within Active Directory by analyzing Kerberos logs (Event IDs 4768, 4769, 4771). It hunts for critical anomalies, such as mismatched encryption types (e.g., RC4 in AES environments), impossible ticket lifetimes, or service tickets appearing without a prior ticket grant request. This is essential for post-breach assessment and advanced threat hunting in domain environments.

This skill utilizes the Thinkst Canary REST API to programmatically deploy various decoy tokens, including web bugs, DNS records, MS Word documents, and AWS API keys. By monitoring these fake resources, the system detects unauthorized internal or external access attempts, providing early warnings and generating detailed deception coverage reports to strengthen security architecture.

This skill guides the deployment of canary tokens and honeytokens across critical systems, such as fake AWS credentials, DNS records, and document beacons. These decoys are designed to trigger immediate alerts via webhooks when accessed by attackers, serving as a powerful early warning system for breach detection and intrusion detection.

This comprehensive benchmark suite evaluates the performance of Vision-Language Models (VLM) on complex video anomaly detection tasks using the SmartHome-Bench dataset. It covers a wide range of real-world smart home scenarios, including security breaches, elderly fall detection, and unusual pet behavior. Unlike single-frame analysis, this benchmark requires deep multi-frame video understanding, making it a robust tool for testing the advanced AI capabilities of video monitoring systems.