Login
Download
Skill UI
Browse and discover
10704+
curated skills
All
Development
Artificial Intelligence
Design & Creative
Product & Business
Data Science
Marketing
Soft Skills
Productivity
Engineering
Languages
Search
IDE
, found
7509
results
Default
Newest
Most Downloaded
Hunting Process Injection Techniques via Sysmon
hunting-for-process-injection-techniques
mukul975/Anthropic-Cybersecurity-Skills
121
This skill provides a structured methodology for detecting process injection techniques (MITRE ATT&CK T1055), which adversaries use for defense evasion and privilege escalation. It analyzes granular security logs, specifically utilizing Sysmon Event IDs 8 (CreateRemoteThread) and 10 (ProcessAccess), alongside source-target process relationship mapping to identify suspicious malicious behavior over general system activity.
View Details
Hunting Registry Persistence Mechanisms In Windows
hunting-for-registry-persistence-mechanisms
mukul975/Anthropic-Cybersecurity-Skills
460
A detailed methodology for proactive threat hunting focused on identifying deep-seated persistence mechanisms within Windows operating systems. This guide covers advanced techniques such as monitoring Run keys, analyzing Winlogon modifications, detecting IFEO injection, and identifying COM object hijacking. It is crucial for incident response, purple teaming, and ensuring system integrity against advanced persistent threats (APTs).
View Details
Detecting Registry Run Key Persistence
hunting-for-registry-run-key-persistence
mukul975/Anthropic-Cybersecurity-Skills
429
This guide details a threat hunting technique for detecting persistence mechanisms utilizing Windows Registry Run keys (T1547.001). By analyzing Sysmon Event ID 13 logs, it identifies suspicious auto-start entries pointing to temporary directories, encoded PowerShell commands, or abused LOLBins. Essential for SOC analysts and security engineers investigating incidents and developing robust detection rules.
View Details
Scheduled Task Persistence Hunting Guide
hunting-for-scheduled-task-persistence
mukul975/Anthropic-Cybersecurity-Skills
130
This guide provides a structured methodology for proactively hunting adversaries who establish persistence using Windows Scheduled Tasks (T1053). It outlines the necessary prerequisites (EDR, SIEM, Sysmon) and a comprehensive workflow—from hypothesis formulation to threat correlation—for detecting suspicious task creation, unusual scheduling patterns, and attacker TTPs during incident response or red teaming.
View Details
Hunting Shadow Copy Deletion Activity
hunting-for-shadow-copy-deletion
mukul975/Anthropic-Cybersecurity-Skills
424
This methodology guides security professionals in proactively hunting for suspicious activity related to Volume Shadow Copy deletion. By monitoring commands like vssadmin, wmic, and PowerShell usage, it helps detect anti-forensics techniques and preparatory steps often executed by ransomware actors, crucial during incident response or threat hunting exercises.
View Details
Hunting For Spearphishing Indicators Detection
hunting-for-spearphishing-indicators
mukul975/Anthropic-Cybersecurity-Skills
443
This guide details a structured threat hunting methodology designed to proactively detect sophisticated spearphishing campaigns. It instructs users on correlating indicators across email logs, endpoint telemetry (EDR), and network data (SIEM) to identify targeted threats, supporting incident response and security posture improvement.
View Details
Hunting Startup Folder Persistence Mechanisms
hunting-for-startup-folder-persistence
mukul975/Anthropic-Cybersecurity-Skills
246
Detects persistence mechanisms (T1547.001) by monitoring critical Windows startup directories. This skill analyzes autoruns entries, monitors for real-time file system changes using Python watchdog, and examines file metadata (like creation timestamps and digital signatures) to identify suspicious implants and unauthorized execution points.
View Details
Hunting For Supply Chain Compromise Indicators
hunting-for-supply-chain-compromise
mukul975/Anthropic-Cybersecurity-Skills
487
This guide details proactive threat hunting techniques focused on detecting supply chain compromises. Use it when investigating trojanized software updates, compromised dependencies (npm/PyPI), or tampered build artifacts. It outlines a structured workflow using EDR/SIEM data (CrowdStrike, Splunk) to identify hidden threats and scope the impact of sophisticated attacks.
View Details
Detecting Suspicious Scheduled Tasks
hunting-for-suspicious-scheduled-tasks
mukul975/Anthropic-Cybersecurity-Skills
173
A comprehensive threat hunting methodology designed to detect adversary persistence and execution mechanisms utilizing Windows Scheduled Tasks (T1053.005). This guide covers analyzing task creation events (Event ID 4698), suspicious properties, unusual triggers, and correlating activity with process execution logs (Sysmon). Ideal for incident responders and security analysts conducting proactive threat hunting on compromised endpoints.
View Details
Hunting for Account Manipulation Techniques
hunting-for-t1098-account-manipulation
mukul975/Anthropic-Cybersecurity-Skills
404
This skill guides threat hunters in detecting MITRE ATT&CK T1098 account manipulation techniques. It focuses on analyzing Windows Security Event Logs (like 4738, 4728) to uncover shadow administration creation, suspicious group membership changes, SID history injection, and unauthorized credential modifications, crucial for incident response and building robust detection rules.
View Details
Hunting Unusual Network Connections
hunting-for-unusual-network-connections
mukul975/Anthropic-Cybersecurity-Skills
404
A proactive methodology for detecting signs of compromise by analyzing outbound network traffic. This technique focuses on identifying anomalous patterns, such as connections to rare destinations, non-standard ports (T1571), or unusual connection frequencies, which often indicate Command and Control (C2) activity or data exfiltration.
View Details
Detect Suspicious Windows Service Installations
hunting-for-unusual-service-installations
mukul975/Anthropic-Cybersecurity-Skills
117
A specialized threat hunting skill that analyzes System event logs (Event ID 7045) to detect suspicious Windows service installations. It parses service binary paths, identifies indicators of persistence mechanisms, and maps findings to MITRE ATT&CK techniques (T1543.003), helping security analysts uncover covert persistence methods.
View Details
Prev
1
2
3
...
288
289
290
291
292
293
294
...
624
625
626
Next
Language
简体中文
English