Download

Skill UI

Browse and discover 6201+ curated skills

All Development Artificial Intelligence Design & Creative Product & Business Data Science Marketing Soft Skills Productivity Engineering Languages

Search Events , found 117 results

Default Newest Most Downloaded

Living Off Land Detection

detecting-living-off-the-land-attacks

mukul975/Anthropic-Cybersecurity-Skills

Detects suspicious use of legitimate Windows binaries (LOLBins) by monitoring process creation, command-line arguments, parent relationships, and network events, supporting Sysmon, Sigma, and SIEM workflows when hunting fileless/living-off-the-land attacks.

Detect Pass-The-Ticket Attacks

detecting-pass-the-ticket-attacks

mukul975/Anthropic-Cybersecurity-Skills

Analyzes Windows Security events in Splunk or Elastic to surface anomalous Kerberos ticket use, highlighting RC4 downgrades, cross-host reuse, and high-volume service requests to expose Pass-the-Ticket attacks.

Detecting S3 Exfiltration

detecting-s3-data-exfiltration-attempts

mukul975/Anthropic-Cybersecurity-Skills

Detect S3 data exfiltration by correlating CloudTrail data events, GuardDuty findings, Macie alerts, and access patterns to flag bulk downloads or cross-account transfers.

EDR Credential Dumping Detection

detecting-t1003-credential-dumping-with-edr

mukul975/Anthropic-Cybersecurity-Skills

Detects credential dumping T1003 activity by correlating EDR telemetry, Sysmon process access, and Windows security events to flag suspicious LSASS, SAM, NTDS, and cached credential access, guiding SOCs through containment and lateral movement analysis.

Sysmon Injection Detection

detecting-t1055-process-injection-with-sysmon

mukul975/Anthropic-Cybersecurity-Skills

Detects MITRE T1055 process injection techniques by correlating Sysmon events for remote thread creation, suspicious process access, anomalous DLL loading, and process hollowing to validate detections and feed SIEM alerts in threat-hunting workflows.

WMI Subscription Persistence

hunting-for-persistence-via-wmi-subscriptions

mukul975/Anthropic-Cybersecurity-Skills

Guide to hunting WMI-based persistence by monitoring Sysmon and Windows WMI subscription creation events, enumerating dangerous filters and consumers, analyzing triggers, and correlating WmiPrvSe.exe activity and MOF compilation to detect stealthy threats.

Process Injection Hunting

hunting-for-process-injection-techniques

mukul975/Anthropic-Cybersecurity-Skills

Detects T1055 process injection techniques by parsing Sysmon events (IDs 1, 8, 10), flagging suspicious CreateRemoteThread and access rights, scoring severity, and producing JSON reports plus injection relationship graphs for threat hunting.

Registry Run Key Hunting

hunting-for-registry-run-key-persistence

mukul975/Anthropic-Cybersecurity-Skills

Guides threat hunters through analyzing Sysmon Event ID 13 and related events to detect MITRE ATT&CK T1547.001 registry Run key persistence, highlighting suspicious paths, LOLBin usage, encoded scripts, and how to escalate findings into Sigma/Splunk rules.

Scheduled Task Persistence Hunt

hunting-for-scheduled-task-persistence

mukul975/Anthropic-Cybersecurity-Skills

Hunt for adversary persistence via Windows Scheduled Tasks by analyzing creation events, suspicious task actions, and unusual scheduling patterns across EDR and SIEM telemetry to validate detections and inform incident response.

Suspicious Scheduled Task Hunt

hunting-for-suspicious-scheduled-tasks

mukul975/Anthropic-Cybersecurity-Skills

Hunt for persistence via Windows scheduled tasks by analyzing creation events, suspicious properties, and execution anomalies to catch T1053.005 abuse during threat hunting or incident response.

LOLBAS Detection Rules

hunting-living-off-the-land-binaries

mukul975/Anthropic-Cybersecurity-Skills

Monitors Windows process creation events to flag Living Off The Land Binary abuse by matching Event ID 4688/Sysmon 1 logs against LOLBAS database entries, supporting threat hunting and SIEM rule creation for fileless attacks.

Diamond Model Intrusion Analysis

implementing-diamond-model-analysis

mukul975/Anthropic-Cybersecurity-Skills

Implements the Diamond Model of Intrusion Analysis in Python to classify events, link them into activity threads, and pivot on shared adversaries, capabilities, or infrastructure for richer intelligence reporting.

Prev 1 2 3...6 7 8910 Next

Language