Sponsored by

Find leads on Reddit on auto pilot

Agent skills
ai-agents

Topic: ai-agents

18,135 skills in this topic.

implementing-aqua-security-for-container-scanning Deploy Aqua Security's Trivy scanner to detect vulnerabilities, misconfigurations, secrets, and license issues in container images across CI/CD pipelines and registries.
mukul975/Anthropic-Cybersecurity-Skills 4,300
detecting-living-off-the-land-attacks Detect abuse of legitimate Windows binaries (LOLBins) used for living off the land attacks. Monitors process creation, command-line arguments, and parent-child relationships to identify suspicious LOLBin execution patterns.
mukul975/Anthropic-Cybersecurity-Skills 4,300
exploiting-nosql-injection-vulnerabilities Detect and exploit NoSQL injection vulnerabilities in MongoDB, CouchDB, and other NoSQL databases to demonstrate authentication bypass, data extraction, and unauthorized access risks.
mukul975/Anthropic-Cybersecurity-Skills 4,300
detecting-golden-ticket-forgery Detect Kerberos Golden Ticket forgery by analyzing Windows Event ID 4769 for RC4 encryption downgrades (0x17), abnormal ticket lifetimes, and krbtgt account anomalies in Splunk and Elastic SIEM
mukul975/Anthropic-Cybersecurity-Skills 4,300
exploiting-jwt-algorithm-confusion-attack Exploits JWT algorithm confusion vulnerabilities where the server's token verification library accepts the algorithm specified in the JWT header rather than enforcing a fixed algorithm. The tester manipulates the alg header to switch from RS256 to HS256 (using the RSA public key as the HMAC secret), sets alg to none to bypass signature verification, or exploits kid/jku/x5u header injection to supply attacker-controlled keys. Activates for requests involving JWT algorithm confusion, alg none attack, key confusion attack, or JWT signature bypass.
mukul975/Anthropic-Cybersecurity-Skills 4,300
configuring-identity-aware-proxy-with-google-iap Configuring Google Cloud Identity-Aware Proxy (IAP) to enforce per-request identity verification for Compute Engine, App Engine, Cloud Run, and GKE services using access levels, context-aware policies, and programmatic access with service accounts.
mukul975/Anthropic-Cybersecurity-Skills 4,300
detecting-suspicious-powershell-execution Detect suspicious PowerShell execution patterns including encoded commands, download cradles, AMSI bypass attempts, and constrained language mode evasion.
mukul975/Anthropic-Cybersecurity-Skills 4,300
detecting-compromised-cloud-credentials Detecting compromised cloud credentials across AWS, Azure, and GCP by analyzing anomalous API activity, impossible travel patterns, unauthorized resource provisioning, and credential abuse indicators using GuardDuty, Defender for Identity, and SCC Event Threat Detection.
mukul975/Anthropic-Cybersecurity-Skills 4,300
building-vulnerability-aging-and-sla-tracking Implement a vulnerability aging dashboard and SLA tracking system to measure remediation performance against severity-based timelines and drive accountability.
mukul975/Anthropic-Cybersecurity-Skills 4,300
analyzing-windows-shellbag-artifacts Analyze Windows Shellbag registry artifacts to reconstruct folder browsing activity, detect access to removable media and network shares, and establish user interaction with directories even after deletion using SBECmd and ShellBags Explorer.
mukul975/Anthropic-Cybersecurity-Skills 4,300
analyzing-packed-malware-with-upx-unpacker Identifies and unpacks UPX-packed and other packed malware samples to expose the original executable code for static analysis. Covers both standard UPX unpacking and handling modified UPX headers that prevent automated decompression. Activates for requests involving malware unpacking, UPX decompression, packer removal, or preparing packed samples for analysis.
mukul975/Anthropic-Cybersecurity-Skills 4,300
detecting-fileless-malware-techniques Detects and analyzes fileless malware that operates entirely in memory using PowerShell, WMI, .NET reflection, registry-resident payloads, and living-off-the-land binaries (LOLBins) without writing traditional executable files to disk. Activates for requests involving fileless threat detection, in-memory malware investigation, LOLBin abuse analysis, or WMI persistence examination.
mukul975/Anthropic-Cybersecurity-Skills 4,300
conducting-spearphishing-simulation-campaign Spearphishing simulation is a targeted social engineering attack vector used by red teams to gain initial access. Unlike broad phishing campaigns, spearphishing uses OSINT-derived intelligence to craf
mukul975/Anthropic-Cybersecurity-Skills 4,300
detecting-credential-dumping-techniques Detect LSASS credential dumping, SAM database extraction, and NTDS.dit theft using Sysmon Event ID 10, Windows Security logs, and SIEM correlation rules
mukul975/Anthropic-Cybersecurity-Skills 4,300
analyzing-malicious-pdf-with-peepdf Perform static analysis of malicious PDF documents using peepdf, pdfid, and pdf-parser to extract embedded JavaScript, shellcode, and suspicious objects.
mukul975/Anthropic-Cybersecurity-Skills 4,300
hunting-for-domain-fronting-c2-traffic Detect domain fronting C2 traffic by analyzing SNI vs HTTP Host header mismatches in proxy logs and TLS certificate discrepancies using pyOpenSSL for certificate inspection
mukul975/Anthropic-Cybersecurity-Skills 4,300
acquiring-disk-image-with-dd-and-dcfldd Create forensically sound bit-for-bit disk images using dd and dcfldd while preserving evidence integrity through hash verification.
mukul975/Anthropic-Cybersecurity-Skills 4,300
analyzing-lnk-file-and-jump-list-artifacts Analyze Windows LNK shortcut files and Jump List artifacts to establish evidence of file access, program execution, and user activity using LECmd, JLECmd, and manual binary parsing of the Shell Link Binary format.
mukul975/Anthropic-Cybersecurity-Skills 4,300
analyzing-android-malware-with-apktool Perform static analysis of Android APK malware samples using apktool for decompilation, jadx for Java source recovery, and androguard for permission analysis, manifest inspection, and suspicious API call detection.
mukul975/Anthropic-Cybersecurity-Skills 4,300
analyzing-windows-amcache-artifacts Parses and analyzes the Windows Amcache.hve registry hive to extract evidence of program execution, application installation, and driver loading for digital forensics investigations. Uses Eric Zimmerman's AmcacheParser and Timeline Explorer for artifact extraction, SHA-1 hash correlation with threat intel, and timeline reconstruction. Activates for requests involving Amcache forensics, program execution evidence, Windows artifact analysis, or application compatibility cache investigation.
mukul975/Anthropic-Cybersecurity-Skills 4,300
analyzing-macro-malware-in-office-documents Analyzes malicious VBA macros embedded in Microsoft Office documents (Word, Excel, PowerPoint) to identify download cradles, payload execution, persistence mechanisms, and anti-analysis techniques. Uses olevba, oledump, and VBA deobfuscation to extract the attack chain. Activates for requests involving Office macro analysis, VBA malware investigation, maldoc analysis, or document-based threat examination.
mukul975/Anthropic-Cybersecurity-Skills 4,300
exploiting-oauth-misconfiguration Identifying and exploiting OAuth 2.0 and OpenID Connect misconfigurations including redirect URI manipulation, token leakage, and authorization code theft during security assessments.
mukul975/Anthropic-Cybersecurity-Skills 4,300
analyzing-cyber-kill-chain Analyzes intrusion activity against the Lockheed Martin Cyber Kill Chain framework to identify which phases an adversary has completed, where defenses succeeded or failed, and what controls would have interrupted the attack at earlier phases. Use when conducting post-incident analysis, building prevention-focused security controls, or mapping detection gaps to kill chain phases. Activates for requests involving kill chain analysis, intrusion kill chain, attack phase mapping, or Lockheed Martin kill chain framework.
mukul975/Anthropic-Cybersecurity-Skills 4,300
building-ioc-defanging-and-sharing-pipeline Build an automated pipeline to defang indicators of compromise (URLs, IPs, domains, emails) for safe sharing and distribute them in STIX format through TAXII feeds and threat intelligence platforms.
mukul975/Anthropic-Cybersecurity-Skills 4,300