Sponsored by

Find leads on Reddit on auto pilot

Agent skills
ai-agents

Topic: ai-agents

18,135 skills in this topic.

detecting-container-escape-attempts Container escape is a critical attack technique where an adversary breaks out of container isolation to access the host system or other containers. Detection involves monitoring for escape indicators
mukul975/Anthropic-Cybersecurity-Skills 4,300
analyzing-network-covert-channels-in-malware Detect and analyze covert communication channels used by malware including DNS tunneling, ICMP exfiltration, steganographic HTTP, and protocol abuse for C2 and data exfiltration.
mukul975/Anthropic-Cybersecurity-Skills 4,300
detecting-credential-dumping-techniques Detect LSASS credential dumping, SAM database extraction, and NTDS.dit theft using Sysmon Event ID 10, Windows Security logs, and SIEM correlation rules
mukul975/Anthropic-Cybersecurity-Skills 4,300
detecting-dns-exfiltration-with-dns-query-analysis Detect data exfiltration through DNS tunneling by analyzing query entropy, subdomain length, query volume, TXT record abuse, and response payload sizes using passive DNS monitoring.
mukul975/Anthropic-Cybersecurity-Skills 4,300
analyzing-ethereum-smart-contract-vulnerabilities Perform static and symbolic analysis of Solidity smart contracts using Slither and Mythril to detect reentrancy, integer overflow, access control, and other vulnerability classes before deployment to Ethereum mainnet.
mukul975/Anthropic-Cybersecurity-Skills 4,300
building-ioc-defanging-and-sharing-pipeline Build an automated pipeline to defang indicators of compromise (URLs, IPs, domains, emails) for safe sharing and distribute them in STIX format through TAXII feeds and threat intelligence platforms.
mukul975/Anthropic-Cybersecurity-Skills 4,300
detecting-compromised-cloud-credentials Detecting compromised cloud credentials across AWS, Azure, and GCP by analyzing anomalous API activity, impossible travel patterns, unauthorized resource provisioning, and credential abuse indicators using GuardDuty, Defender for Identity, and SCC Event Threat Detection.
mukul975/Anthropic-Cybersecurity-Skills 4,300
detecting-serverless-function-injection Detects and prevents code injection attacks targeting serverless functions (AWS Lambda, Azure Functions, Google Cloud Functions) through event source poisoning, malicious layer injection, runtime command execution, and IAM privilege escalation via function modification. The analyst combines static analysis of function code, CloudTrail event correlation, runtime behavior monitoring, and IAM policy auditing to identify injection vectors across the expanded serverless attack surface including API Gateway, S3, SQS, DynamoDB Streams, and CloudWatch event triggers. Activates for requests involving Lambda security assessment, serverless injection detection, function event poisoning analysis, or serverless privilege escalation investigation.
mukul975/Anthropic-Cybersecurity-Skills 4,300
analyzing-threat-landscape-with-misp Analyze the threat landscape using MISP (Malware Information Sharing Platform) by querying event statistics, attribute distributions, threat actor galaxy clusters, and tag trends over time. Uses PyMISP to pull event data, compute IOC type breakdowns, identify top threat actors and malware families, and generate threat landscape reports with temporal trends.
mukul975/Anthropic-Cybersecurity-Skills 4,300
analyzing-api-gateway-access-logs Parses API Gateway access logs (AWS API Gateway, Kong, Nginx) to detect BOLA/IDOR attacks, rate limit bypass, credential scanning, and injection attempts. Uses pandas for statistical analysis of request patterns and anomaly detection. Use when investigating API abuse or building API-specific threat detection rules.
mukul975/Anthropic-Cybersecurity-Skills 4,300
conducting-api-security-testing Conducts security testing of REST, GraphQL, and gRPC APIs to identify vulnerabilities in authentication, authorization, rate limiting, input validation, and business logic. The tester uses the OWASP API Security Top 10 as the testing framework, combining Burp Suite interception with Postman collections and custom scripts to test endpoint security at every privilege level. Activates for requests involving API security testing, REST API pentest, GraphQL security assessment, or API vulnerability testing.
mukul975/Anthropic-Cybersecurity-Skills 4,300
analyzing-cyber-kill-chain Analyzes intrusion activity against the Lockheed Martin Cyber Kill Chain framework to identify which phases an adversary has completed, where defenses succeeded or failed, and what controls would have interrupted the attack at earlier phases. Use when conducting post-incident analysis, building prevention-focused security controls, or mapping detection gaps to kill chain phases. Activates for requests involving kill chain analysis, intrusion kill chain, attack phase mapping, or Lockheed Martin kill chain framework.
mukul975/Anthropic-Cybersecurity-Skills 4,300
analyzing-uefi-bootkit-persistence Analyzes UEFI bootkit persistence mechanisms including firmware implants in SPI flash, EFI System Partition (ESP) modifications, Secure Boot bypass techniques, and UEFI variable manipulation. Covers detection of known bootkit families (BlackLotus, LoJax, MosaicRegressor, MoonBounce, CosmicStrand), ESP partition forensic inspection, chipsec-based firmware integrity verification, and Secure Boot configuration auditing. Activates for requests involving UEFI malware analysis, firmware persistence investigation, boot chain integrity verification, or Secure Boot bypass detection.
mukul975/Anthropic-Cybersecurity-Skills 4,300
building-threat-feed-aggregation-with-misp Deploy MISP (Malware Information Sharing Platform) to aggregate, correlate, and distribute threat intelligence feeds from multiple sources for centralized IOC management and automated SIEM integration.
mukul975/Anthropic-Cybersecurity-Skills 4,300
analyzing-docker-container-forensics Investigate compromised Docker containers by analyzing images, layers, volumes, logs, and runtime artifacts to identify malicious activity and evidence.
mukul975/Anthropic-Cybersecurity-Skills 4,300
detecting-fileless-malware-techniques Detects and analyzes fileless malware that operates entirely in memory using PowerShell, WMI, .NET reflection, registry-resident payloads, and living-off-the-land binaries (LOLBins) without writing traditional executable files to disk. Activates for requests involving fileless threat detection, in-memory malware investigation, LOLBin abuse analysis, or WMI persistence examination.
mukul975/Anthropic-Cybersecurity-Skills 4,300
detecting-s3-data-exfiltration-attempts Detecting data exfiltration attempts from AWS S3 buckets by analyzing CloudTrail S3 data events, VPC Flow Logs, GuardDuty findings, Amazon Macie alerts, and S3 access patterns to identify unauthorized bulk downloads and cross-account data transfers.
mukul975/Anthropic-Cybersecurity-Skills 4,300
analyzing-packed-malware-with-upx-unpacker Identifies and unpacks UPX-packed and other packed malware samples to expose the original executable code for static analysis. Covers both standard UPX unpacking and handling modified UPX headers that prevent automated decompression. Activates for requests involving malware unpacking, UPX decompression, packer removal, or preparing packed samples for analysis.
mukul975/Anthropic-Cybersecurity-Skills 4,300
conducting-internal-reconnaissance-with-bloodhound-ce Conduct internal Active Directory reconnaissance using BloodHound Community Edition to map attack paths, identify privilege escalation chains, and discover misconfigurations in domain environments.
mukul975/Anthropic-Cybersecurity-Skills 4,300
detecting-privilege-escalation-attempts Detect privilege escalation attempts including token manipulation, UAC bypass, unquoted service paths, kernel exploits, and sudo/doas abuse across Windows and Linux.
mukul975/Anthropic-Cybersecurity-Skills 4,300
detecting-living-off-the-land-with-lolbas Detect Living Off the Land Binaries (LOLBins/LOLBAS) abuse including certutil, regsvr32, mshta, and rundll32 via process telemetry, Sigma rules, and parent-child process analysis
mukul975/Anthropic-Cybersecurity-Skills 4,300
building-red-team-c2-infrastructure-with-havoc Deploy and configure the Havoc C2 framework with teamserver, HTTPS listeners, redirectors, and Demon agents for authorized red team operations.
mukul975/Anthropic-Cybersecurity-Skills 4,300
analyzing-network-traffic-with-wireshark Captures and analyzes network packet data using Wireshark and tshark to identify malicious traffic patterns, diagnose protocol issues, extract artifacts, and support incident response investigations on authorized network segments.
mukul975/Anthropic-Cybersecurity-Skills 4,300
analyzing-ransomware-encryption-mechanisms Analyzes encryption algorithms, key management, and file encryption routines used by ransomware families to assess decryption feasibility, identify implementation weaknesses, and support recovery efforts. Covers AES, RSA, ChaCha20, and hybrid encryption schemes. Activates for requests involving ransomware cryptanalysis, encryption analysis, key recovery assessment, or ransomware decryption feasibility.
mukul975/Anthropic-Cybersecurity-Skills 4,300