Download

Skill UI

Browse and discover 6928+ curated skills

All Development Artificial Intelligence Design & Creative Product & Business Data Science Marketing Soft Skills Productivity Engineering Languages

Search Log Hunting , found 35 results

Default Newest Most Downloaded

Pass Hash Attack Detection

detecting-pass-the-hash-attacks

mukul975/Anthropic-Cybersecurity-Skills

Detects Pass-the-Hash attacks by analyzing NTLM logon patterns and correlating credential dumping telemetry via SIEM/EDR hunting, aiding proactive threat hunting, incident response, and purple-team exercises.

Service Account Abuse Detection

detecting-service-account-abuse

mukul975/Anthropic-Cybersecurity-Skills

Structured threat-hunting workflow that detects anomalous service-account logons, lateral movement, and privilege escalation by guiding analysts through hypothesis formation, SIEM/EDR querying, correlation and validation for proactive response.

Hunt Advanced Persistent Threats

hunting-advanced-persistent-threats

mukul975/Anthropic-Cybersecurity-Skills

Proactively hunt for Advanced Persistent Threats (APTs) by building hypothesis-driven searches across telemetry, network logs, and memory artifacts, using MITRE ATT&CK, Velociraptor, osquery, Zeek, and Sigma-compatible playbooks to validate or rule out known TTPs.

Credential Stuffing Hunting

hunting-credential-stuffing-attacks

mukul975/Anthropic-Cybersecurity-Skills

Detects and investigates credential stuffing by analyzing authentication logs for login velocity anomalies, ASN diversity, password spray behavior, and geographic inconsistencies so SOC teams can build detection rules with Splunk or pandas.

Anomalous PowerShell Hunt

hunting-for-anomalous-powershell-execution

mukul975/Anthropic-Cybersecurity-Skills

Analyzes Script Block Logging (4104), Module Logging (4103), and process creation events in EVTX exports to detect obfuscated PowerShell activity, AMSI bypass attempts, encoded payloads, download cradles, credential dumping, and to prioritize findings for SOC analysts.

Beaconing Frequency Hunting

hunting-for-beaconing-with-frequency-analysis

mukul975/Anthropic-Cybersecurity-Skills

Apply frequency analysis, jitter metrics, and coefficient-of-variation scoring to Zeek/proxy logs and SIEM data to surface periodic C2 beaconing, enrich with threat intelligence, correlate endpoints, and prioritize high-risk callbacks during threat hunting.

DNS Persistence Hunting Guide

hunting-for-dns-based-persistence

mukul975/Anthropic-Cybersecurity-Skills

Step-by-step skill to hunt DNS-based persistence by auditing zone baselines, querying SecurityTrails passive DNS, analyzing provider audit logs, and correlating anomalies to malicious infrastructure for actionable reports.

Zeek DNS Tunnel Detection

hunting-for-dns-tunneling-with-zeek

mukul975/Anthropic-Cybersecurity-Skills

Analyze Zeek dns.log for long queries, high-entropy subdomains, unusual record types, and query volumes to detect DNS tunneling and covert data exfiltration before it reaches other channels.

Domain Fronting Detection

hunting-for-domain-fronting-c2-traffic

mukul975/Anthropic-Cybersecurity-Skills

Detects domain fronting C2 traffic by comparing TLS SNI and HTTP Host headers from proxy logs, leveraging pyOpenSSL to inspect certificate issuers and SANs, correlating CDN providers and IP ranges, and scoring alerts for high-confidence threat hunting.

Detect WMI Lateral Movement

hunting-for-lateral-movement-via-wmi

mukul975/Anthropic-Cybersecurity-Skills

Hunt for WMI-based lateral movement by parsing Windows Event ID 4688 and Sysmon Event ID 1 logs, flagging WmiPrvSE.exe child processes, suspicious command lines, and WMI subscription persistence to produce a structured alert report.

Hunt LOLBins Execution

hunting-for-lolbins-execution-in-endpoint-logs

mukul975/Anthropic-Cybersecurity-Skills

Analyzes endpoint process logs to detect legitimate Windows binaries abused by adversaries, ranking suspicious command lines, parent processes, execution paths, and network cues for prioritized triage.

NTLM Relay Hunting Guide

hunting-for-ntlm-relay-attacks

mukul975/Anthropic-Cybersecurity-Skills

Detect NTLM relay attacks by analyzing Windows Event 4624 type 3 logons, flagging IP-to-hostname mismatches, rapid multi-host authentication, machine account anomalies, SMB signing gaps, and Responder-style traffic for SOC threat hunting.

Language