Sponsored by

Find leads on Reddit on auto pilot

Agent skills
ethical-hacking

Topic: ethical-hacking

770 skills in this topic.

performing-dns-enumeration-and-zone-transfer Enumerates DNS records, attempts zone transfers, brute-forces subdomains, and maps DNS infrastructure during authorized reconnaissance to identify attack surface, misconfigurations, and information disclosure in target domains.
mukul975/Anthropic-Cybersecurity-Skills 4,300
detecting-sql-injection-via-waf-logs Analyze WAF (ModSecurity/AWS WAF/Cloudflare) logs to detect SQL injection attack campaigns. Parses ModSecurity audit logs and JSON WAF event logs to identify SQLi patterns (UNION SELECT, OR 1=1, SLEEP(), BENCHMARK()), tracks attack sources, correlates multi-stage injection attempts, and generates incident reports with OWASP classification.
mukul975/Anthropic-Cybersecurity-Skills 4,300
performing-dmarc-policy-enforcement-rollout Execute a phased DMARC rollout from p=none monitoring through p=quarantine to p=reject enforcement, ensuring all legitimate email sources are authenticated before blocking unauthorized senders.
mukul975/Anthropic-Cybersecurity-Skills 4,300
detecting-suspicious-oauth-application-consent Detect risky OAuth application consent grants in Azure AD / Microsoft Entra ID using Microsoft Graph API, audit logs, and permission analysis to identify illicit consent grant attacks.
mukul975/Anthropic-Cybersecurity-Skills 4,300
performing-iot-security-assessment Performs comprehensive security assessments of IoT devices and their ecosystems by testing hardware interfaces, firmware, network communications, cloud APIs, and companion mobile applications. The tester uses firmware extraction and analysis, hardware debugging via UART and JTAG, network protocol analysis, and runtime exploitation to identify vulnerabilities across all layers of the IoT stack. Activates for requests involving IoT security testing, embedded device assessment, firmware security analysis, or smart device penetration testing.
mukul975/Anthropic-Cybersecurity-Skills 4,300
detecting-t1548-abuse-elevation-control-mechanism Detect abuse of elevation control mechanisms including UAC bypass, sudo exploitation, and setuid/setgid manipulation by monitoring registry modifications, process elevation flags, and unusual parent-child process relationships.
mukul975/Anthropic-Cybersecurity-Skills 4,300
detecting-typosquatting-packages-in-npm-pypi Detects typosquatting attacks in npm and PyPI package registries by analyzing package name similarity using Levenshtein distance and other string metrics, examining publish date heuristics to identify recently created packages mimicking established ones, and flagging download count anomalies where suspicious packages have disproportionately low usage compared to their legitimate targets. The analyst queries the PyPI JSON API and npm registry API to gather package metadata for automated comparison. Activates for requests involving package typosquatting detection, dependency confusion analysis, malicious package identification, or software supply chain threat hunting in package registries.
mukul975/Anthropic-Cybersecurity-Skills 4,300
eradicating-malware-from-infected-systems Systematically remove malware, backdoors, and attacker persistence mechanisms from infected systems while ensuring complete eradication and preventing re-infection.
mukul975/Anthropic-Cybersecurity-Skills 4,300
evaluating-threat-intelligence-platforms Evaluates and selects Threat Intelligence Platform (TIP) products based on organizational requirements including feed integration capability, STIX/TAXII support, workflow automation, analyst interface, and total cost of ownership. Use when conducting a TIP procurement, migrating between TIP solutions, or assessing whether the current TIP meets program maturity requirements. Activates for requests involving ThreatConnect, MISP, OpenCTI, Anomali, EclecticIQ, or TIP procurement decisions.
mukul975/Anthropic-Cybersecurity-Skills 4,300
performing-dark-web-monitoring-for-threats Dark web monitoring involves systematically scanning Tor hidden services, underground forums, paste sites, and dark web marketplaces to identify threats targeting an organization, including leaked cre
mukul975/Anthropic-Cybersecurity-Skills 4,300
executing-phishing-simulation-campaign Executes authorized phishing simulation campaigns to assess an organization's susceptibility to email-based social engineering attacks. The tester designs realistic phishing scenarios, builds credential harvesting infrastructure, sends targeted phishing emails, and tracks open rates, click-through rates, and credential submission rates to measure human security awareness. Activates for requests involving phishing simulation, social engineering assessment, email security testing, or security awareness measurement.
mukul975/Anthropic-Cybersecurity-Skills 4,300
performing-csrf-attack-simulation Testing web applications for Cross-Site Request Forgery vulnerabilities by crafting forged requests that exploit authenticated user sessions during authorized security assessments.
mukul975/Anthropic-Cybersecurity-Skills 4,300
executing-red-team-exercise Executes comprehensive red team exercises that simulate real-world adversary operations against an organization's people, processes, and technology. The red team operates with stealth as a primary objective, employing the full attack lifecycle from initial reconnaissance through objective completion while testing the organization's detection and response capabilities. This differs from penetration testing by focusing on adversary emulation rather than vulnerability identification. Activates for requests involving red team exercise, adversary simulation, adversary emulation, or full-scope offensive security assessment.
mukul975/Anthropic-Cybersecurity-Skills 4,300
exploiting-active-directory-with-bloodhound BloodHound is a graph-based Active Directory reconnaissance tool that uses graph theory to reveal hidden and unintended relationships within AD environments. Red teams use BloodHound to identify attac
mukul975/Anthropic-Cybersecurity-Skills 4,300
implementing-hardware-security-key-authentication Implements FIDO2/WebAuthn hardware security key authentication including registration ceremonies, authentication flows, YubiKey enrollment, and passkey migration strategies. Builds a complete relying party server using the python-fido2 library that supports cross-platform authenticators, resident key (discoverable credential) workflows, and user verification policies. Activates for requests involving FIDO2 implementation, WebAuthn registration, hardware security key enrollment, YubiKey integration, or passkey migration from password-based authentication.
mukul975/Anthropic-Cybersecurity-Skills 4,300
exploiting-idor-vulnerabilities Identifying and exploiting Insecure Direct Object Reference vulnerabilities to access unauthorized resources by manipulating object identifiers in API requests and URLs.
mukul975/Anthropic-Cybersecurity-Skills 4,300
exploiting-insecure-data-storage-in-mobile Identifies and exploits insecure local data storage vulnerabilities in Android and iOS mobile applications including unencrypted databases, world-readable files, insecure SharedPreferences, plaintext credential storage, and improper keychain/keystore usage. Use when performing mobile penetration testing focused on OWASP M9 (Insecure Data Storage) or assessing compliance with MASVS-STORAGE requirements. Activates for requests involving mobile data storage security, local storage exploitation, SharedPreferences analysis, or mobile data leakage assessment.
mukul975/Anthropic-Cybersecurity-Skills 4,300
hardening-windows-endpoint-with-cis-benchmark Hardens Windows endpoints using CIS (Center for Internet Security) Benchmark recommendations to reduce attack surface, enforce security baselines, and meet compliance requirements. Use when deploying new Windows workstations or servers, remediating audit findings, or establishing organization-wide security baselines. Activates for requests involving Windows hardening, CIS benchmarks, GPO security baselines, or endpoint configuration compliance.
mukul975/Anthropic-Cybersecurity-Skills 4,300
performing-brand-monitoring-for-impersonation Monitor for brand impersonation attacks across domains, social media, mobile apps, and dark web channels to detect phishing campaigns, fake sites, and unauthorized brand usage targeting your organization.
mukul975/Anthropic-Cybersecurity-Skills 4,300
performing-bluetooth-security-assessment Assess Bluetooth Low Energy device security by scanning, enumerating GATT services, and detecting vulnerabilities
mukul975/Anthropic-Cybersecurity-Skills 4,300
extracting-windows-event-logs-artifacts Extract, parse, and analyze Windows Event Logs (EVTX) using Chainsaw, Hayabusa, and EvtxECmd to detect lateral movement, persistence, and privilege escalation.
mukul975/Anthropic-Cybersecurity-Skills 4,300
performing-blind-ssrf-exploitation Detect and exploit blind Server-Side Request Forgery vulnerabilities using out-of-band techniques, DNS interactions, and timing analysis to access internal services and cloud metadata endpoints.
mukul975/Anthropic-Cybersecurity-Skills 4,300
hunting-for-anomalous-powershell-execution Hunt for malicious PowerShell activity by analyzing Script Block Logging (Event 4104), Module Logging (Event 4103), and process creation events. The analyst parses Windows Event Log EVTX files to detect obfuscated commands, AMSI bypass attempts, encoded payloads, credential dumping keywords, and suspicious download cradles. Activates for requests involving PowerShell threat hunting, script block analysis, encoded command detection, or AMSI bypass identification.
mukul975/Anthropic-Cybersecurity-Skills 4,300
hunting-for-data-exfiltration-indicators Hunt for data exfiltration through network traffic analysis, detecting unusual data flows, DNS tunneling, cloud storage uploads, and encrypted channel abuse.
mukul975/Anthropic-Cybersecurity-Skills 4,300