Download

Skill UI

Browse and discover 5987+ curated skills

All Development Artificial Intelligence Design & Creative Product & Business Data Science Marketing Soft Skills Productivity Engineering Languages

Search EDR , found 35 results

Default Newest Most Downloaded

Scheduled Task Persistence Hunt

hunting-for-scheduled-task-persistence

mukul975/Anthropic-Cybersecurity-Skills

Hunt for adversary persistence via Windows Scheduled Tasks by analyzing creation events, suspicious task actions, and unusual scheduling patterns across EDR and SIEM telemetry to validate detections and inform incident response.

Shadow Copy Deletion Hunt

hunting-for-shadow-copy-deletion

mukul975/Anthropic-Cybersecurity-Skills

Workflow for detecting ransomware preparation and anti-forensics by hunting shadow copy deletion commands (vssadmin, WMIC, PowerShell) across EDR, SIEM, Sysmon, and threat intel to validate hypotheses and recommend containment.

Supply Chain Compromise Hunt

hunting-for-supply-chain-compromise

mukul975/Anthropic-Cybersecurity-Skills

Guides proactive hunting for supply chain compromise indicators across EDR and SIEM telemetry, validating results, correlating ATT&CK TTPs, and documenting findings to inform containment and detection tuning.

Unusual Network Connection Hunt

hunting-for-unusual-network-connections

mukul975/Anthropic-Cybersecurity-Skills

Hunt for unusual outbound traffic by reviewing EDR/SIEM telemetry, correlating rare destinations, non-standard ports, and anomalous frequencies to flag compromised hosts, validate true positives, and guide containment or investigation.

Webshell Hunting Workflow

hunting-for-webshell-activity

mukul975/Anthropic-Cybersecurity-Skills

Hunt for web shell deployments on internet-facing servers by analyzing file writes, spawned processes, and HTTP anomalies; use this guide during proactive threat-hunting, incident response, and SIEM/EDR detection tuning.

Continuous Security Validation

implementing-continuous-security-validation-with-bas

mukul975/Anthropic-Cybersecurity-Skills

Deploy BAS platforms to continuously emulate attacker techniques across MITRE ATT&CK, score prevention/detection, and validate controls from email gateways to cloud workloads in a safe automated loop.

USB Device Control Policy

implementing-usb-device-control-policy

mukul975/Anthropic-Cybersecurity-Skills

Implements USB device control policy across GPO, Intune, or EDR to block unauthorized removable media while allowing approved USB devices, preventing data exfiltration and malware introduction while supporting compliance tracking.

Cloud Storage Forensic Acquisition

performing-cloud-storage-forensic-acquisition

mukul975/Anthropic-Cybersecurity-Skills

Performs forensic acquisition of cloud storage services such as Google Drive, OneDrive, Dropbox, and Box by combining API-based remote exports with endpoint sync-client artifacts, while logging each download and export for ongoing investigations.

Privilege Escalation Assessment

performing-privilege-escalation-assessment

mukul975/Anthropic-Cybersecurity-Skills

Performs privilege escalation assessments on compromised Linux and Windows hosts to trace paths from low-privilege shells to root/SYSTEM control. Enumerates misconfigurations, SUID binaries, kernel exploits, and credential stores so testers can demonstrate escalation impact and validate controls like least-privilege policies and EDR detections.

Atomic Threat Emulation

performing-threat-emulation-with-atomic-red-team

mukul975/Anthropic-Cybersecurity-Skills

Uses atomic-operator to execute Atomic Red Team tests and validate MITRE ATT&CK detection coverage, ideal for exercising SIEM/EDR safeguards and documenting detection gaps during purple team assessments.

Security Incident Triage

triaging-security-incident

mukul975/Anthropic-Cybersecurity-Skills

Guides SOC analysts through initial triage of SIEM/EDR alerts using NIST SP 800-61r3 and SANS PICERL, classifying incidents, assessing severity via impact matrices, enriching with threat and asset context, and escalating to the right response team with containment steps.

Language