Sponsored by

Find leads on Reddit on auto pilot

Topic: mcp

13,395 skills in this topic.

configuring-host-based-intrusion-detection Configures host-based intrusion detection systems (HIDS) to monitor endpoint file integrity, system calls, and configuration changes for security violations. Use when deploying OSSEC, Wazuh, or AIDE for endpoint monitoring, building file integrity monitoring (FIM) policies, or meeting compliance requirements for change detection. Activates for requests involving HIDS configuration, file integrity monitoring, OSSEC/Wazuh deployment, or host-based detection.
mukul975/Anthropic-Cybersecurity-Skills 4,300
hunting-for-persistence-via-wmi-subscriptions Hunt for adversary persistence through Windows Management Instrumentation event subscriptions by monitoring WMI consumer, filter, and binding creation events that execute malicious code triggered by system events.
mukul975/Anthropic-Cybersecurity-Skills 4,300
analyzing-malware-sandbox-evasion-techniques Detect sandbox evasion techniques in malware samples by analyzing timing checks, VM artifact queries, user interaction detection, and sleep inflation patterns from Cuckoo/AnyRun behavioral reports
mukul975/Anthropic-Cybersecurity-Skills 4,300
implementing-identity-verification-for-zero-trust Implement continuous identity verification for zero trust using phishing-resistant MFA (FIDO2/WebAuthn), risk-based conditional access, and identity governance aligned with the CISA Zero Trust Maturity Model.
mukul975/Anthropic-Cybersecurity-Skills 4,300
analyzing-network-packets-with-scapy Craft, send, sniff, and dissect network packets using Scapy for protocol analysis, network reconnaissance, and traffic anomaly detection in authorized security testing
mukul975/Anthropic-Cybersecurity-Skills 4,300
containing-active-breach Executes containment strategies to stop active adversary operations and prevent lateral movement during a confirmed security breach. Implements short-term and long-term containment using network segmentation, endpoint isolation, credential revocation, and access control modifications. Activates for requests involving breach containment, lateral movement prevention, network isolation, active threat containment, or live incident response.
mukul975/Anthropic-Cybersecurity-Skills 4,300
analyzing-email-headers-for-phishing-investigation Parse and analyze email headers to trace the origin of phishing emails, verify sender authenticity, and identify spoofing through SPF, DKIM, and DMARC validation.
mukul975/Anthropic-Cybersecurity-Skills 4,300
implementing-identity-governance-with-sailpoint Deploy SailPoint IdentityNow or IdentityIQ for identity governance and administration. Covers identity lifecycle management, access request workflows, certification campaigns, role mining, SOD policy
mukul975/Anthropic-Cybersecurity-Skills 4,300
building-incident-timeline-with-timesketch Build collaborative forensic incident timelines using Timesketch to ingest, normalize, and analyze multi-source event data for attack chain reconstruction and investigation documentation.
mukul975/Anthropic-Cybersecurity-Skills 4,300
detecting-exfiltration-over-dns-with-zeek Detect DNS-based data exfiltration by analyzing Zeek dns.log for high-entropy subdomains and anomalous query patterns
mukul975/Anthropic-Cybersecurity-Skills 4,300
implementing-cloud-waf-rules This skill covers deploying and tuning Web Application Firewall rules on AWS WAF, Azure WAF, and Cloudflare to protect cloud-hosted applications against OWASP Top 10 attacks. It details configuring managed rule sets, creating custom rules for business logic protection, implementing rate limiting, deploying bot management, and reducing false positives through rule tuning and logging analysis.
mukul975/Anthropic-Cybersecurity-Skills 4,300
detecting-email-forwarding-rules-attack Detect malicious email forwarding rules created by adversaries to maintain persistent access to email communications for intelligence collection and BEC attacks.
mukul975/Anthropic-Cybersecurity-Skills 4,300
detecting-network-scanning-with-ids-signatures Detect network reconnaissance and port scanning using Suricata and Snort IDS signatures, threshold-based detection rules, and traffic anomaly analysis to identify Nmap, Masscan, and custom scanning activity.
mukul975/Anthropic-Cybersecurity-Skills 4,300
implementing-end-to-end-encryption-for-messaging End-to-end encryption (E2EE) ensures that only the communicating parties can read messages, with no intermediary (including the server) able to decrypt them. This skill implements a simplified version
mukul975/Anthropic-Cybersecurity-Skills 4,300
building-identity-governance-lifecycle-process Builds comprehensive identity governance and lifecycle management processes including joiner-mover-leaver automation, role mining, access request workflows, periodic recertification, and orphaned account remediation using IGA platforms. Activates for requests involving identity lifecycle management, JML processes, role-based access provisioning, or identity governance program design.
mukul975/Anthropic-Cybersecurity-Skills 4,300
analyzing-linux-kernel-rootkits Detect kernel-level rootkits in Linux memory dumps using Volatility3 linux plugins (check_syscall, lsmod, hidden_modules), rkhunter system scanning, and /proc vs /sys discrepancy analysis to identify hooked syscalls, hidden kernel modules, and tampered system structures.
mukul975/Anthropic-Cybersecurity-Skills 4,300
detecting-ntlm-relay-with-event-correlation Detect NTLM relay attacks through Windows Security Event correlation by analyzing Event 4624 LogonType 3 for IP-to-hostname mismatches, identifying Responder/LLMNR poisoning artifacts, auditing SMB and LDAP signing enforcement across the domain, and detecting NTLM downgrade attacks from NTLMv2 to NTLMv1 using event log analysis.
mukul975/Anthropic-Cybersecurity-Skills 4,300
hunting-for-lolbins-execution-in-endpoint-logs Hunt for adversary abuse of Living Off the Land Binaries (LOLBins) by analyzing endpoint process creation logs for suspicious execution patterns of legitimate Windows system binaries used for malicious purposes.
mukul975/Anthropic-Cybersecurity-Skills 4,300
hunting-for-living-off-the-land-binaries Proactively hunt for adversary abuse of legitimate system binaries (LOLBins) to execute malicious payloads while evading detection.
mukul975/Anthropic-Cybersecurity-Skills 4,300
hunting-for-process-injection-techniques Detect process injection techniques (T1055) including CreateRemoteThread, process hollowing, and DLL injection via Sysmon Event IDs 8 and 10 and EDR process telemetry
mukul975/Anthropic-Cybersecurity-Skills 4,300
building-devsecops-pipeline-with-gitlab-ci Design and implement a comprehensive DevSecOps pipeline in GitLab CI/CD integrating SAST, DAST, container scanning, dependency scanning, and secret detection.
mukul975/Anthropic-Cybersecurity-Skills 4,300
hardening-docker-daemon-configuration Harden the Docker daemon by configuring daemon.json with user namespace remapping, TLS authentication, rootless mode, and CIS benchmark controls.
mukul975/Anthropic-Cybersecurity-Skills 4,300
analyzing-golang-malware-with-ghidra Reverse engineer Go-compiled malware using Ghidra with specialized scripts for function recovery, string extraction, and type reconstruction in stripped Go binaries.
mukul975/Anthropic-Cybersecurity-Skills 4,300
hunting-for-spearphishing-indicators Hunt for spearphishing campaign indicators across email logs, endpoint telemetry, and network data to detect targeted email attacks.
mukul975/Anthropic-Cybersecurity-Skills 4,300