Skill UI

A specialized tool designed for incident responders and threat hunters. It extracts critical configuration data—such as C2 server addresses, malleable profiles, watermarks, and communication settings—from Cobalt Strike beacon payloads found in PE files or memory dumps. This analysis is crucial for mapping attacker infrastructure and improving defensive detection rules.

Parses Cobalt Strike malleable C2 profiles via pyMalleableC2 to pull beacon configs, HTTP communication patterns, sleep/jitter settings, and combines JARM scans for C2 detection when hunting suspected infrastructure or building IDS signatures.

A comprehensive toolset for analyzing Cobalt Strike Malleable C2 profiles. It parses advanced C2 communication configurations to extract crucial Indicators of Compromise (IOCs) such as HTTP headers, DNS settings, URI patterns, and user agents. The analysis is vital for threat hunting, developing network detection signatures (Suricata/Snort), and understanding evasion techniques used by advanced persistent threats (APTs).

A comprehensive guide for deploying and configuring CrowdStrike Falcon EDR agents across diverse endpoints (Windows, macOS, Linux). This skill covers silent installation via SCCM, Intune, GPO, and command-line methods, alongside establishing robust prevention and response policies. Ideal for onboarding endpoints, enhancing threat detection capabilities, and integrating Falcon telemetry into SIEM platforms for advanced security operations.

A comprehensive skill for detecting early-stage ransomware indicators before data encryption occurs. It utilizes advanced network detection tools such as Zeek and Suricata, combined with SIEM correlation rules and threat intelligence feeds. This method monitors the entire pre-encryption kill chain, identifying precursor behaviors like initial access broker activity, Cobalt Strike C2 beaconing, credential harvesting (e.g., Mimikatz signatures), and data staging attempts, enabling timely incident response and containment.

This skill guides threat hunters in detecting Cobalt Strike Command and Control (C2) beacons. It utilizes advanced network forensic techniques, including analyzing default TLS certificate serials, JA3/JA3S/JARM fingerprints, beacon jitter, and HTTP profile matching. Detection is achieved by correlating data from Zeek logs, Suricata rules, and Python PCAP analysis to identify suspicious outbound communications.

This guide details proactive threat hunting techniques focused on detecting supply chain compromises. Use it when investigating trojanized software updates, compromised dependencies (npm/PyPI), or tampered build artifacts. It outlines a structured workflow using EDR/SIEM data (CrowdStrike, Splunk) to identify hidden threats and scope the impact of sophisticated attacks.

This guide details the implementation of device posture assessment for robust Zero Trust Access Control. It outlines how to integrate endpoint health signals from multiple security platforms (CrowdStrike ZTA, Intune, Jamf) into conditional access policies. Users can enforce stringent compliance requirements—such as disk encryption, OS patch levels, and security sensor status—to ensure only compliant devices gain access to corporate resources.

This skill guides the implementation of Security Orchestration, Automation, and Response (SOAR) workflows using platforms like Splunk Phantom. It automates the entire incident lifecycle, including alert triage, IOC enrichment (via VirusTotal, CrowdStrike), containment actions, and ticket creation (ServiceNow). Ideal for SOC teams needing to reduce Mean Time To Respond (MTTR) and standardize complex security procedures across multiple tools.

CAPE is an open-source sandbox built for automated malware analysis, derived from Cuckoo. It provides advanced behavioral monitoring, payload dumping, and configuration extraction using over 70 parsers for known malware families (e.g., Emotet, Cobalt Strike). It captures network IOCs, dropped files, and detects anti-evasion techniques, making it ideal for security assessments and incident response workflows via its robust API.

Develops comprehensive profiles for Advanced Persistent Threat (APT) groups, criminal organizations, and hacktivist collectivities. This tool aggregates TTP documentation, campaign data, and attribution indicators from major intelligence sources (MITRE ATT&CK, Mandiant, CrowdStrike) to help organizations update threat models, prioritize defensive controls, and prepare executive briefings on sector-specific risks.

This skill analyzes how artificial intelligence (AI) is disrupting an industry or specific business unit. It assesses competitive exposure across 10 critical vectors (e.g., labor substitution, data moat, customer interface) and generates a detailed 90-day defensive counterstrike plan. Ideal for due diligence, strategic planning, and anticipating market shifts in AI-driven ecosystems.