Login
Download
Skill UI
Browse and discover
6252+
curated skills
All
Development
Artificial Intelligence
Design & Creative
Product & Business
Data Science
Marketing
Soft Skills
Productivity
Engineering
Languages
Search
Threat-Detection
, found
54
results
Default
Newest
Most Downloaded
BEC Detection Guide
detecting-business-email-compromise
mukul975/Anthropic-Cybersecurity-Skills
303
Provides procedures and indicators for spotting business email compromise via gateway rules, behavioral analytics, and finance controls so SOC teams can hunt threats, verify monitoring coverage, and prevent fraudulent payments.
View Details
Cloud Cryptomining Detection
detecting-cloud-cryptomining-activity
mukul975/Anthropic-Cybersecurity-Skills
461
Detect unauthorized crypto-mining in AWS, Azure, and GCP by correlating GuardDuty/Defender/SCC findings, compute anomalies, network flows, and container/serverless behaviors to validate threats and guide response.
View Details
GuardDuty Cloud Threat Detection
detecting-cloud-threats-with-guardduty
mukul975/Anthropic-Cybersecurity-Skills
483
Guides security teams through deploying Amazon GuardDuty with protection plans for S3, EKS, EC2 runtime monitoring, and Lambda, interpreting findings, and wiring EventBridge plus Lambda for automated responses across AWS accounts.
View Details
Insider Threat Detection
detecting-insider-threat-behaviors
mukul975/Anthropic-Cybersecurity-Skills
359
Detects insider threat behaviors by hunting for unusual data access, privilege abuse, mass downloads, and resignation-linked exfiltration across EDR, SIEM, and intelligence sources to guide incident response actions.
View Details
UEBA Insider Threat Detection
detecting-insider-threat-with-ueba
mukul975/Anthropic-Cybersecurity-Skills
364
Leverages Elasticsearch/OpenSearch to implement UEBA baselines from auth, file, and network logs, compute peer-group z-score anomaly risk, and correlate deviations into insider-threat alerts that feed SOC investigation workflows.
View Details
Mimikatz Execution Detection
detecting-mimikatz-execution-patterns
mukul975/Anthropic-Cybersecurity-Skills
343
Detect execution patterns of Mimikatz by correlating command-line signatures, LSASS access anomalies, binary indicators, and in-memory modules across EDR and SIEM telemetry, supporting proactive threat hunting and incident response.
View Details
Zeek Network Anomaly Detection
detecting-network-anomalies-with-zeek
mukul975/Anthropic-Cybersecurity-Skills
114
Deploys Zeek to passively monitor network traffic, emit structured connection/DNS/HTTP/SSL logs, and run custom scripts that flag anomalous behavior for threat hunting and incident response teams.
View Details
Process Hollowing Detection
detecting-process-hollowing-technique
mukul975/Anthropic-Cybersecurity-Skills
385
Detect process hollowing (T1055.012) by analyzing EDR telemetry for suspended process creation, memory section anomalies, integrity mismatches, and correlated network evidence to hunt for in-memory threats and proactive defense.
View Details
Ransomware Network Precursors Detection
detecting-ransomware-precursors-in-network
mukul975/Anthropic-Cybersecurity-Skills
279
Identifies early-stage ransomware indicators in Zeek/Suricata/Arkime traffic, correlates with SIEM rules and threat feeds, and alerts on Cobalt Strike beacons, Mimikatz signatures, RDP brute-force and staging behaviors before encryption begins.
View Details
Suspicious OAuth Consent Detection
detecting-suspicious-oauth-application-consent
mukul975/Anthropic-Cybersecurity-Skills
99
Uses Microsoft Graph, audit logs, and permission analysis to uncover illicit consent grants for OAuth apps in Azure AD / Entra ID, helping SOC analysts hunt threats and validate monitoring coverage for risky permissions.
View Details
Sysmon Injection Detection
detecting-t1055-process-injection-with-sysmon
mukul975/Anthropic-Cybersecurity-Skills
348
Detects MITRE T1055 process injection techniques by correlating Sysmon events for remote thread creation, suspicious process access, anomalous DLL loading, and process hollowing to validate detections and feed SIEM alerts in threat-hunting workflows.
View Details
Elevation Control Abuse Detection
detecting-t1548-abuse-elevation-control-mechanism
mukul975/Anthropic-Cybersecurity-Skills
316
Detect T1548 elevation control abuse by monitoring UAC bypass registry tweaks, auto-elevating binaries, process integrity jumps, and Linux setuid/sudo misuse, enabling threat hunters to spot credential-free privilege escalation chains across Windows and Linux.
View Details
Prev
1
2
3
4
5
Next
Language
简体中文
English
