Sponsored by

Find leads on Reddit on auto pilot

Topic: mcp

13,395 skills in this topic.

detecting-api-enumeration-attacks Detect and prevent API enumeration attacks including BOLA and IDOR exploitation by monitoring sequential identifier access patterns and authorization failures.
mukul975/Anthropic-Cybersecurity-Skills 4,300
analyzing-disk-image-with-autopsy Perform comprehensive forensic analysis of disk images using Autopsy to recover files, examine artifacts, and build investigation timelines.
mukul975/Anthropic-Cybersecurity-Skills 4,300
analyzing-memory-dumps-with-volatility Analyzes RAM memory dumps from compromised systems using the Volatility framework to identify malicious processes, injected code, network connections, loaded modules, and extracted credentials. Supports Windows, Linux, and macOS memory forensics. Activates for requests involving memory forensics, RAM analysis, volatile data examination, process injection detection, or memory-resident malware investigation.
mukul975/Anthropic-Cybersecurity-Skills 4,300
analyzing-malware-family-relationships-with-malpedia Use the Malpedia platform and API to research malware family relationships, track variant evolution, link families to threat actors, and integrate YARA rules for detection across malware lineages.
mukul975/Anthropic-Cybersecurity-Skills 4,300
analyzing-heap-spray-exploitation Detect and analyze heap spray attacks in memory dumps using Volatility3 plugins to identify NOP sled patterns, shellcode landing zones, and suspicious large allocations in process virtual address space.
mukul975/Anthropic-Cybersecurity-Skills 4,300
detecting-business-email-compromise-with-ai Deploy AI and NLP-powered detection systems to identify business email compromise attacks by analyzing writing style, behavioral patterns, and contextual anomalies that evade traditional rule-based filters.
mukul975/Anthropic-Cybersecurity-Skills 4,300
conducting-malware-incident-response Responds to malware infections across enterprise endpoints by identifying the malware family, determining infection vectors, assessing spread, and executing eradication procedures. Covers the full lifecycle from detection through containment, analysis, removal, and recovery. Activates for requests involving malware response, malware eradication, trojan removal, worm containment, malware triage, or infected endpoint remediation.
mukul975/Anthropic-Cybersecurity-Skills 4,300
conducting-man-in-the-middle-attack-simulation Simulates man-in-the-middle attacks using Ettercap, mitmproxy, and Bettercap in authorized environments to intercept, analyze, and modify network traffic for testing encryption enforcement, certificate validation, and detection capabilities.
mukul975/Anthropic-Cybersecurity-Skills 4,300
analyzing-kubernetes-audit-logs Parses Kubernetes API server audit logs (JSON lines) to detect exec-into-pod, secret access, RBAC modifications, privileged pod creation, and anonymous API access. Builds threat detection rules from audit event patterns. Use when investigating Kubernetes cluster compromise or building k8s-specific SIEM detection rules.
mukul975/Anthropic-Cybersecurity-Skills 4,300
detecting-cloud-threats-with-guardduty This skill teaches security teams how to deploy and operationalize Amazon GuardDuty for continuous threat detection across AWS accounts and workloads. It covers enabling protection plans for S3, EKS, EC2 runtime monitoring, and Lambda, interpreting finding severity levels, and building automated response workflows using EventBridge and Lambda.
mukul975/Anthropic-Cybersecurity-Skills 4,300
detecting-network-anomalies-with-zeek Deploys and configures Zeek (formerly Bro) network security monitor to passively analyze network traffic, generate structured logs, detect anomalous behavior, and create custom detection scripts for threat hunting and incident response.
mukul975/Anthropic-Cybersecurity-Skills 4,300
auditing-tls-certificate-transparency-logs Monitors Certificate Transparency (CT) logs to detect unauthorized certificate issuance, discover subdomains via CT data, and alert on suspicious certificate activity for owned domains. Uses the crt.sh API and direct CT log querying based on RFC 6962 to build continuous monitoring pipelines that catch rogue certificates, track CA behavior, and map the external attack surface. Activates for requests involving certificate transparency monitoring, CT log auditing, subdomain discovery via certificates, or certificate issuance alerting.
mukul975/Anthropic-Cybersecurity-Skills 4,300
conducting-cloud-incident-response Responds to security incidents in cloud environments (AWS, Azure, GCP) by performing identity-based containment, cloud-native log analysis, resource isolation, and forensic evidence acquisition adapted for ephemeral cloud infrastructure. Activates for requests involving cloud incident response, AWS security incident, Azure compromise, GCP breach, cloud forensics, or cloud identity compromise.
mukul975/Anthropic-Cybersecurity-Skills 4,300
detecting-misconfigured-azure-storage Detecting misconfigured Azure Storage accounts including publicly accessible blob containers, missing encryption settings, overly permissive SAS tokens, disabled logging, and network access violations using Azure CLI, PowerShell, and Microsoft Defender for Storage.
mukul975/Anthropic-Cybersecurity-Skills 4,300
configuring-windows-event-logging-for-detection Configures Windows Event Logging with advanced audit policies to generate high-fidelity security events for threat detection and forensic investigation. Use when enabling audit policies for logon events, process creation, privilege use, and object access to feed SIEM detection rules. Activates for requests involving Windows audit policy, event log configuration, security logging, or detection-oriented logging.
mukul975/Anthropic-Cybersecurity-Skills 4,300
building-soc-escalation-matrix Build a structured SOC escalation matrix defining severity tiers, response SLAs, escalation paths, and notification procedures for security incidents.
mukul975/Anthropic-Cybersecurity-Skills 4,300
building-threat-hunt-hypothesis-framework Build a systematic threat hunt hypothesis framework that transforms threat intelligence, attack patterns, and environmental data into testable hunting hypotheses.
mukul975/Anthropic-Cybersecurity-Skills 4,300
building-role-mining-for-rbac-optimization Apply bottom-up and top-down role mining techniques to discover optimal RBAC roles from existing user-permission assignments, reducing role explosion and enforcing least privilege.
mukul975/Anthropic-Cybersecurity-Skills 4,300
conducting-external-reconnaissance-with-osint Conducts external reconnaissance using Open Source Intelligence (OSINT) techniques to map an organization's external attack surface without directly interacting with target systems. The tester gathers information from public sources including DNS records, certificate transparency logs, search engines, social media, code repositories, and data breach databases to build a comprehensive target profile. Activates for requests involving OSINT reconnaissance, external footprinting, attack surface mapping, or passive information gathering.
mukul975/Anthropic-Cybersecurity-Skills 4,300
auditing-kubernetes-cluster-rbac Auditing Kubernetes cluster RBAC configurations to identify overly permissive roles, wildcard permissions, dangerous ClusterRoleBindings, service account abuse, and privilege escalation paths using kubectl, rbac-tool, KubiScan, and Kubeaudit.
mukul975/Anthropic-Cybersecurity-Skills 4,300
auditing-gcp-iam-permissions Auditing Google Cloud Platform IAM permissions to identify overly permissive bindings, primitive role usage, service account key proliferation, and cross-project access risks using gcloud CLI, Policy Analyzer, and IAM Recommender.
mukul975/Anthropic-Cybersecurity-Skills 4,300
analyzing-threat-actor-ttps-with-mitre-navigator Map advanced persistent threat (APT) group tactics, techniques, and procedures (TTPs) to the MITRE ATT&CK framework using the ATT&CK Navigator and attackcti Python library. The analyst queries STIX/TAXII data for group-technique associations, generates Navigator layer files for visualization, and compares defensive coverage against adversary profiles. Activates for requests involving APT TTP mapping, ATT&CK Navigator layers, threat actor profiling, or MITRE technique coverage analysis.
mukul975/Anthropic-Cybersecurity-Skills 4,300
building-c2-infrastructure-with-sliver-framework Build and configure a resilient command-and-control infrastructure using BishopFox's Sliver C2 framework with redirectors, HTTPS listeners, and multi-operator support for authorized red team engagements.
mukul975/Anthropic-Cybersecurity-Skills 4,300
analyzing-supply-chain-malware-artifacts Investigate supply chain attack artifacts including trojanized software updates, compromised build pipelines, and sideloaded dependencies to identify intrusion vectors and scope of compromise.
mukul975/Anthropic-Cybersecurity-Skills 4,300