Login
Download
Skill UI
Browse and discover
6191+
curated skills
All
Development
Artificial Intelligence
Design & Creative
Product & Business
Data Science
Marketing
Soft Skills
Productivity
Engineering
Languages
Search
CI
, found
1848
results
Default
Newest
Most Downloaded
Detect WMI Lateral Movement
hunting-for-lateral-movement-via-wmi
mukul975/Anthropic-Cybersecurity-Skills
422
Detect WMI-based lateral movement by analyzing Windows Event ID 4688 and Sysmon Event ID 1 logs for WmiPrvSE.exe child processes, suspicious command lines, and WMI event subscriptions that signal persistence or remote execution during incident response.
View Details
LOLBin Execution Hunting
hunting-for-lolbins-execution-in-endpoint-logs
mukul975/Anthropic-Cybersecurity-Skills
80
Analyzes endpoint process logs to spot malicious use of legitimate Windows binaries, guiding hunters through watchlists, unusual argument detection, parent-child correlation, and scoring steps for LOLBin-based campaigns.
View Details
NTLM Relay Detection Guide
hunting-for-ntlm-relay-attacks
mukul975/Anthropic-Cybersecurity-Skills
164
Detect NTLM relay attacks by analyzing Windows Security Event 4624 logon type 3 entries with NTLMSSP, correlating WorkstationName/IP inconsistencies, SMB signing state, and named pipe activity to surface suspicious authentication flows with MITRE T1557.001 mapping.
View Details
Process Injection Hunting
hunting-for-process-injection-techniques
mukul975/Anthropic-Cybersecurity-Skills
159
Detects T1055 process injection techniques by parsing Sysmon events (IDs 1, 8, 10), flagging suspicious CreateRemoteThread and access rights, scoring severity, and producing JSON reports plus injection relationship graphs for threat hunting.
View Details
Registry Run Key Hunting
hunting-for-registry-run-key-persistence
mukul975/Anthropic-Cybersecurity-Skills
330
Guides threat hunters through analyzing Sysmon Event ID 13 and related events to detect MITRE ATT&CK T1547.001 registry Run key persistence, highlighting suspicious paths, LOLBin usage, encoded scripts, and how to escalate findings into Sigma/Splunk rules.
View Details
Scheduled Task Persistence Hunt
hunting-for-scheduled-task-persistence
mukul975/Anthropic-Cybersecurity-Skills
290
Hunt for adversary persistence via Windows Scheduled Tasks by analyzing creation events, suspicious task actions, and unusual scheduling patterns across EDR and SIEM telemetry to validate detections and inform incident response.
View Details
Startup Folder Persistence Detection
hunting-for-startup-folder-persistence
mukul975/Anthropic-Cybersecurity-Skills
71
Detect Windows startup folder persistence by scanning user and system autostart directories, flagging suspicious file types, monitoring real-time changes via Python watchdog, and generating T1547.001-aligned threat hunting reports for incident responders.
View Details
Suspicious Scheduled Task Hunt
hunting-for-suspicious-scheduled-tasks
mukul975/Anthropic-Cybersecurity-Skills
284
Hunt for persistence via Windows scheduled tasks by analyzing creation events, suspicious properties, and execution anomalies to catch T1053.005 abuse during threat hunting or incident response.
View Details
Unusual Network Connection Hunt
hunting-for-unusual-network-connections
mukul975/Anthropic-Cybersecurity-Skills
266
Hunt for unusual outbound traffic by reviewing EDR/SIEM telemetry, correlating rare destinations, non-standard ports, and anomalous frequencies to flag compromised hosts, validate true positives, and guide containment or investigation.
View Details
Hunt Unusual Service Installs
hunting-for-unusual-service-installations
mukul975/Anthropic-Cybersecurity-Skills
349
Detect suspicious Windows service installations by parsing System event logs for Event ID 7045, analyzing service binaries and paths, and highlighting persistence indicators tied to MITRE ATT&CK T1543.003 for focused SOC response.
View Details
Webshell Hunting Workflow
hunting-for-webshell-activity
mukul975/Anthropic-Cybersecurity-Skills
174
Hunt for web shell deployments on internet-facing servers by analyzing file writes, spawned processes, and HTTP anomalies; use this guide during proactive threat-hunting, incident response, and SIEM/EDR detection tuning.
View Details
Webshell Hunting Agent
hunting-for-webshells-in-web-servers
mukul975/Anthropic-Cybersecurity-Skills
228
Scans web server roots for high-entropy files, suspicious PHP/JSP/ASP payloads, and recent modifications to flag obfuscated webshells via entropy thresholds, regex signatures, and file metadata.
View Details
Prev
1
2
3
...
127
128
129
130
131
132
133
...
152
153
154
Next
Language
简体中文
English
