Sponsored by

Find leads on Reddit on auto pilot

Topic: mcp

13,395 skills in this topic.

performing-clickjacking-attack-test Testing web applications for clickjacking vulnerabilities by assessing frame embedding controls and crafting proof-of-concept overlay attacks during authorized security assessments.
mukul975/Anthropic-Cybersecurity-Skills 4,300
performing-cloud-penetration-testing-with-pacu Performing authorized AWS penetration testing using Pacu, the open-source AWS exploitation framework, to enumerate IAM configurations, discover privilege escalation paths, test credential harvesting, and validate security controls through systematic attack simulation.
mukul975/Anthropic-Cybersecurity-Skills 4,300
implementing-ot-incident-response-playbook Develop and implement OT-specific incident response playbooks aligned with SANS PICERL framework, IEC 62443, and NIST SP 800-82 that address unique ICS challenges including safety-critical systems, limited downtime tolerance, and coordination between IT SOC, OT engineering, and plant operations teams.
mukul975/Anthropic-Cybersecurity-Skills 4,300
performing-access-review-and-certification Conduct systematic access reviews and certifications to ensure users have appropriate access rights aligned with their roles. This skill covers review campaign design, reviewer selection, risk-based p
mukul975/Anthropic-Cybersecurity-Skills 4,300
analyzing-pdf-malware-with-pdfid Analyzes malicious PDF files using PDFiD, pdf-parser, and peepdf to identify embedded JavaScript, shellcode, exploits, and suspicious objects without opening the document. Determines the attack vector and extracts embedded payloads for further analysis. Activates for requests involving PDF malware analysis, malicious document analysis, PDF exploit investigation, or suspicious attachment triage.
mukul975/Anthropic-Cybersecurity-Skills 4,300
exploiting-zerologon-vulnerability-cve-2020-1472 Exploit the Zerologon vulnerability (CVE-2020-1472) in the Netlogon Remote Protocol to achieve domain controller compromise by resetting the machine account password to empty.
mukul975/Anthropic-Cybersecurity-Skills 4,300
analyzing-network-traffic-for-incidents Analyzes network traffic captures and flow data to identify adversary activity during security incidents, including command-and-control communications, lateral movement, data exfiltration, and exploitation attempts. Uses Wireshark, Zeek, and NetFlow analysis techniques. Activates for requests involving network traffic analysis, packet capture investigation, PCAP analysis, network forensics, C2 traffic detection, or exfiltration detection.
mukul975/Anthropic-Cybersecurity-Skills 4,300
hunting-for-ntlm-relay-attacks Detect NTLM relay attacks by analyzing Windows Event 4624 logon type 3 with NTLMSSP authentication, identifying IP-to-hostname mismatches, Responder traffic signatures, SMB signing status, and suspicious authentication patterns across the domain.
mukul975/Anthropic-Cybersecurity-Skills 4,300
detecting-typosquatting-packages-in-npm-pypi Detects typosquatting attacks in npm and PyPI package registries by analyzing package name similarity using Levenshtein distance and other string metrics, examining publish date heuristics to identify recently created packages mimicking established ones, and flagging download count anomalies where suspicious packages have disproportionately low usage compared to their legitimate targets. The analyst queries the PyPI JSON API and npm registry API to gather package metadata for automated comparison. Activates for requests involving package typosquatting detection, dependency confusion analysis, malicious package identification, or software supply chain threat hunting in package registries.
mukul975/Anthropic-Cybersecurity-Skills 4,300
auditing-aws-s3-bucket-permissions Systematically audit AWS S3 bucket permissions to identify publicly accessible buckets, overly permissive ACLs, misconfigured bucket policies, and missing encryption settings using AWS CLI, S3audit, and Prowler to enforce least-privilege data access controls.
mukul975/Anthropic-Cybersecurity-Skills 4,300
exploiting-kerberoasting-with-impacket Perform Kerberoasting attacks using Impacket's GetUserSPNs to extract and crack Kerberos TGS tickets for Active Directory service accounts.
mukul975/Anthropic-Cybersecurity-Skills 4,300
exploiting-sql-injection-with-sqlmap Detecting and exploiting SQL injection vulnerabilities using sqlmap to extract database contents during authorized penetration tests.
mukul975/Anthropic-Cybersecurity-Skills 4,300
conducting-social-engineering-penetration-test Design and execute a social engineering penetration test including phishing, vishing, smishing, and physical pretexting campaigns to measure human security resilience and identify training gaps.
mukul975/Anthropic-Cybersecurity-Skills 4,300
implementing-taxii-server-with-opentaxii Deploy and configure an OpenTAXII server to share and consume STIX-formatted cyber threat intelligence using the TAXII 2.1 protocol for automated indicator exchange between organizations.
mukul975/Anthropic-Cybersecurity-Skills 4,300
implementing-aws-iam-permission-boundaries Configure IAM permission boundaries in AWS to delegate role creation to developers while enforcing maximum privilege limits set by the security team.
mukul975/Anthropic-Cybersecurity-Skills 4,300
detecting-insider-threat-behaviors Detect insider threat behavioral indicators including unusual data access, off-hours activity, mass file downloads, privilege abuse, and resignation-correlated data theft.
mukul975/Anthropic-Cybersecurity-Skills 4,300
conducting-post-incident-lessons-learned Facilitate structured post-incident reviews to identify root causes, document what worked and failed, and produce actionable recommendations to improve future incident response.
mukul975/Anthropic-Cybersecurity-Skills 4,300
correlating-threat-campaigns Correlates disparate security incidents, IOCs, and adversary behaviors across time and organizations to identify unified threat campaigns, attribute them to common threat actors, and extract shared indicators for improved detection. Use when multiple incidents exhibit overlapping indicators, when sector-wide attack campaigns require cross-organizational analysis, or when building campaign-level intelligence products. Activates for requests involving campaign analysis, incident clustering, cross-organizational IOC correlation, or MISP correlation engine.
mukul975/Anthropic-Cybersecurity-Skills 4,300
analyzing-linux-system-artifacts Examine Linux system artifacts including auth logs, cron jobs, shell history, and system configuration to uncover evidence of compromise or unauthorized activity.
mukul975/Anthropic-Cybersecurity-Skills 4,300
implementing-aws-security-hub-compliance Implementing AWS Security Hub to aggregate security findings across AWS accounts, enable compliance standards like CIS AWS Foundations and PCI DSS, configure automated remediation with EventBridge and Lambda, and create custom security insights for organizational risk management.
mukul975/Anthropic-Cybersecurity-Skills 4,300
analyzing-apt-group-with-mitre-navigator Analyze advanced persistent threat (APT) group techniques using MITRE ATT&CK Navigator to create layered heatmaps of adversary TTPs for detection gap analysis and threat-informed defense.
mukul975/Anthropic-Cybersecurity-Skills 4,300
detecting-aws-guardduty-findings-automation Automate AWS GuardDuty threat detection findings processing using EventBridge and Lambda to enable real-time incident response, automatic quarantine of compromised resources, and security notification workflows.
mukul975/Anthropic-Cybersecurity-Skills 4,300
implementing-api-rate-limiting-and-throttling Implements API rate limiting and throttling controls using token bucket, sliding window, and fixed window algorithms to protect against brute force attacks, credential stuffing, resource exhaustion, and API abuse. The engineer configures per-user, per-IP, and per-endpoint rate limits using Redis-backed counters, API gateway plugins, or application middleware, and implements proper HTTP 429 responses with Retry-After headers. Activates for requests involving rate limiting implementation, API throttling setup, request quota management, or API abuse prevention.
mukul975/Anthropic-Cybersecurity-Skills 4,300
analyzing-indicators-of-compromise Analyzes indicators of compromise (IOCs) including IP addresses, domains, file hashes, URLs, and email artifacts to determine maliciousness confidence, campaign attribution, and blocking priority. Use when triaging IOCs from phishing emails, security alerts, or external threat feeds; enriching raw IOCs with multi-source intelligence; or making block/monitor/whitelist decisions. Activates for requests involving VirusTotal, AbuseIPDB, MalwareBazaar, MISP, or IOC enrichment pipelines.
mukul975/Anthropic-Cybersecurity-Skills 4,300