Download

Skill UI

Browse and discover 5987+ curated skills

All Development Artificial Intelligence Design & Creative Product & Business Data Science Marketing Soft Skills Productivity Engineering Languages

Search WMI , found 12 results

Default Newest Most Downloaded

Fileless Endpoint Detection

detecting-fileless-attacks-on-endpoints

mukul975/Anthropic-Cybersecurity-Skills

Detects fileless and in-memory attacks on endpoints by enabling Sysmon/PowerShell telemetry and hunting for PowerShell abuse, reflective injection, WMI persistence, and registry-resident tricks before malware touches disk.

Detecting Fileless Malware

detecting-fileless-malware-techniques

mukul975/Anthropic-Cybersecurity-Skills

Detects fileless malware in memory by analyzing PowerShell, WMI, registry-resident payloads, and LOLBin behaviors, guiding persistence, LOLBin abuse, and memory forensics investigations when no disk artifacts exist.

WMI Persistence Detection

detecting-wmi-persistence

mukul975/Anthropic-Cybersecurity-Skills

Detect WMI subscription persistence by analyzing Sysmon Event IDs 19, 20, and 21 for malicious filters, consumers, and bindings, enabling threat hunters to validate telemetry, prioritize follow-up, and remediate attacker persistence.

WMI Lateral Movement Hunting

hunting-for-lateral-movement-via-wmi

mukul975/Anthropic-Cybersecurity-Skills

Detect WMI-based lateral movement by correlating Windows Event ID 4688 process creation logs with Sysmon Event ID 1, tagging WmiPrvSE.exe child processes, suspicious command lines, and persistent WMI event subscriptions for a clear incident timeline.

Windows Persistence Hunting

hunting-for-persistence-mechanisms-in-windows

mukul975/Anthropic-Cybersecurity-Skills

Guided workflow for hunting Windows persistence by enumerating registry, services, tasks, WMI, and startup entries, correlating artifacts with endpoint telemetry, and documenting findings for proactive defense.

WMI Subscription Persistence

hunting-for-persistence-via-wmi-subscriptions

mukul975/Anthropic-Cybersecurity-Skills

Guide to hunting WMI-based persistence by monitoring Sysmon and Windows WMI subscription creation events, enumerating dangerous filters and consumers, analyzing triggers, and correlating WmiPrvSe.exe activity and MOF compilation to detect stealthy threats.

Shadow Copy Deletion Hunt

hunting-for-shadow-copy-deletion

mukul975/Anthropic-Cybersecurity-Skills

Workflow for detecting ransomware preparation and anti-forensics by hunting shadow copy deletion commands (vssadmin, WMIC, PowerShell) across EDR, SIEM, Sysmon, and threat intel to validate hypotheses and recommend containment.

LOLBAS Detection Rules

hunting-living-off-the-land-binaries

mukul975/Anthropic-Cybersecurity-Skills

Monitors Windows process creation events to flag Living Off The Land Binary abuse by matching Event ID 4688/Sysmon 1 logs against LOLBAS database entries, supporting threat hunting and SIEM rule creation for fileless attacks.

Agentless Vulnerability Scanning

performing-agentless-vulnerability-scanning

mukul975/Anthropic-Cybersecurity-Skills

Configure and execute agentless vulnerability scans using SSH/WMI connections, cloud snapshot analysis, and API discovery to evaluate VMs, containers, and legacy systems without installing endpoint agents.

Lateral Movement Detection

performing-lateral-movement-detection

mukul975/Anthropic-Cybersecurity-Skills

Detects lateral movement techniques such as Pass-the-Hash, PsExec, WMI, RDP, and SMB pivots through SIEM correlation of Windows event logs, network flows, and endpoint telemetry aligned with MITRE ATT&CK TA0008 for SOC response and investigation.

WMIExec Lateral Movement

performing-lateral-movement-with-wmiexec

mukul975/Anthropic-Cybersecurity-Skills

Guide to performing stealthy Windows lateral movement by chaining Impacket wmiexec.py, CrackMapExec, and native WMI/PowerShell techniques for red team engagements and credential harvesting after compromise.

Malware Persistence Analysis

performing-malware-persistence-investigation

mukul975/Anthropic-Cybersecurity-Skills

Systematically audit Windows and Linux autostart mechanisms, registry hives, scheduled tasks, and WMI entries to map how malware survives reboots and maintain access during incident response or threat hunting.

1

Language