Agent skills
security-automation

Topic: security-automation

787 skills in this topic.

building-detection-rule-with-splunk-spl Build effective detection rules using Splunk Search Processing Language (SPL) correlation searches to identify security threats in SOC environments.
mukul975/Anthropic-Cybersecurity-Skills 4,300
hunting-for-suspicious-scheduled-tasks Hunt for adversary persistence and execution via Windows scheduled tasks by analyzing task creation events, suspicious task properties, and unusual execution patterns that indicate T1053.005 abuse.
mukul975/Anthropic-Cybersecurity-Skills 4,300
building-c2-infrastructure-with-sliver-framework Build and configure a resilient command-and-control infrastructure using BishopFox's Sliver C2 framework with redirectors, HTTPS listeners, and multi-operator support for authorized red team engagements.
mukul975/Anthropic-Cybersecurity-Skills 4,300
performing-steganography-detection Detect and extract hidden data embedded in images, audio, and other media files using steganalysis tools to uncover covert communication channels.
mukul975/Anthropic-Cybersecurity-Skills 4,300
performing-network-packet-capture-analysis Perform forensic analysis of network packet captures (PCAP/PCAPNG) using Wireshark, tshark, and tcpdump to reconstruct network communications, extract transferred files, identify malicious traffic, and establish evidence of data exfiltration or command-and-control activity.
mukul975/Anthropic-Cybersecurity-Skills 4,300
implementing-api-gateway-security-controls Implements security controls at the API gateway layer including authentication enforcement, rate limiting, request validation, IP allowlisting, TLS termination, and threat protection. The engineer configures API gateways (Kong, AWS API Gateway, Azure APIM, Apigee) to act as a centralized security enforcement point that validates, throttles, and monitors all API traffic before it reaches backend services. Activates for requests involving API gateway security, API management security, gateway authentication, or centralized API protection.
mukul975/Anthropic-Cybersecurity-Skills 4,300
implementing-honeytokens-for-breach-detection Deploys canary tokens and honeytokens (fake AWS credentials, DNS canaries, document beacons, database records) that trigger alerts when accessed by attackers. Uses the Canarytokens API and custom webhook integrations for breach detection. Use when building deception-based early warning systems for intrusion detection.
mukul975/Anthropic-Cybersecurity-Skills 4,300
implementing-endpoint-dlp-controls Implements endpoint Data Loss Prevention (DLP) controls to detect and prevent sensitive data exfiltration through email, USB, cloud storage, and printing. Use when deploying DLP agents, creating content inspection policies, or preventing unauthorized data movement from endpoints. Activates for requests involving DLP, data exfiltration prevention, content inspection, or sensitive data protection on endpoints.
mukul975/Anthropic-Cybersecurity-Skills 4,300
performing-red-team-phishing-with-gophish Automate GoPhish phishing simulation campaigns using the Python gophish library. Creates email templates with tracking pixels, configures SMTP sending profiles, builds target groups from CSV, launches campaigns, and analyzes results including open rates, click rates, and credential submission statistics for security awareness assessment.
mukul975/Anthropic-Cybersecurity-Skills 4,300
implementing-fuzz-testing-in-cicd-with-aflplusplus Integrate AFL++ coverage-guided fuzz testing into CI/CD pipelines to discover memory corruption, input handling, and logic vulnerabilities in C/C++ and compiled applications.
mukul975/Anthropic-Cybersecurity-Skills 4,300
implementing-ransomware-kill-switch-detection Detects and exploits ransomware kill switch mechanisms including mutex-based execution guards, domain-based kill switches, and registry-based termination checks. Implements proactive mutex vaccination and kill switch domain monitoring to prevent ransomware from executing. Activates for requests involving ransomware kill switch analysis, mutex vaccination, WannaCry-style domain kill switches, or malware execution guard detection.
mukul975/Anthropic-Cybersecurity-Skills 4,300
implementing-gcp-organization-policy-constraints Implement GCP Organization Policy constraints to enforce security guardrails across the entire resource hierarchy, restricting risky configurations and ensuring compliance at organization, folder, and project levels.
mukul975/Anthropic-Cybersecurity-Skills 4,300
implementing-ransomware-backup-strategy Designs and implements a ransomware-resilient backup strategy following the 3-2-1-1-0 methodology (3 copies, 2 media types, 1 offsite, 1 immutable/air-gapped, 0 errors on restore verification). Configures backup schedules aligned to RPO/RTO requirements, implements backup credential isolation to prevent ransomware from compromising backup infrastructure, and establishes automated restore testing. Activates for requests involving ransomware backup planning, backup resilience, air-gapped backup design, or backup recovery point objective configuration.
mukul975/Anthropic-Cybersecurity-Skills 4,300
analyzing-web-server-logs-for-intrusion Parse Apache and Nginx access logs to detect SQL injection attempts, local file inclusion, directory traversal, web scanner fingerprints, and brute-force patterns. Uses regex-based pattern matching against OWASP attack signatures, GeoIP enrichment for source attribution, and statistical anomaly detection for request frequency and response size outliers.
mukul975/Anthropic-Cybersecurity-Skills 4,300
implementing-purdue-model-network-segmentation Implement network segmentation based on the Purdue Enterprise Reference Architecture (PERA) model to separate industrial control system networks into hierarchical security zones from Level 0 physical process through Level 5 enterprise, enforcing strict traffic control between OT and IT domains.
mukul975/Anthropic-Cybersecurity-Skills 4,300
analyzing-typosquatting-domains-with-dnstwist Detect typosquatting, homograph phishing, and brand impersonation domains using dnstwist to generate domain permutations and identify registered lookalike domains targeting your organization.
mukul975/Anthropic-Cybersecurity-Skills 4,300
implementing-google-workspace-admin-security Implements comprehensive Google Workspace security hardening including admin console configuration, phishing-resistant MFA enforcement, DLP policies, email authentication (SPF/DKIM/DMARC), OAuth app control, and external sharing restrictions. Activates for requests involving Google Workspace hardening, G Suite security configuration, or cloud office security administration.
mukul975/Anthropic-Cybersecurity-Skills 4,300
performing-ransomware-response Executes a structured ransomware incident response from initial detection through containment, forensic analysis, decryption assessment, recovery, and post-incident hardening. Addresses ransom negotiation considerations, backup integrity verification, and regulatory notification requirements. Activates for requests involving ransomware response, ransomware recovery, crypto-ransomware, data encryption attack, ransom payment decision, or ransomware containment.
mukul975/Anthropic-Cybersecurity-Skills 4,300
implementing-google-workspace-sso-configuration Configure SAML 2.0 single sign-on for Google Workspace with a third-party identity provider, enabling centralized authentication and enforcing organization-wide access policies.
mukul975/Anthropic-Cybersecurity-Skills 4,300
implementing-hashicorp-vault-dynamic-secrets Implements HashiCorp Vault dynamic secrets engines for database credentials, AWS IAM keys, and PKI certificates with automatic generation, lease management, and credential rotation to eliminate static secrets in application configurations. Activates for requests involving Vault secrets engine configuration, dynamic database credentials, ephemeral cloud credentials, or automated secret rotation.
mukul975/Anthropic-Cybersecurity-Skills 4,300
analyzing-supply-chain-malware-artifacts Investigate supply chain attack artifacts including trojanized software updates, compromised build pipelines, and sideloaded dependencies to identify intrusion vectors and scope of compromise.
mukul975/Anthropic-Cybersecurity-Skills 4,300
implementing-mobile-application-management Implements Mobile Application Management (MAM) policies to protect enterprise data on managed and unmanaged mobile devices through app-level controls including data loss prevention, selective wipe, app configuration, and containerization. Use when securing corporate apps on BYOD devices, implementing Intune App Protection Policies, or enforcing data separation between personal and work apps. Activates for requests involving MAM deployment, app protection policies, mobile containerization, or BYOD security.
mukul975/Anthropic-Cybersecurity-Skills 4,300
performing-privacy-impact-assessment Automates the Privacy Impact Assessment (PIA) workflow including data flow mapping, privacy risk scoring matrices, GDPR Article 35 DPIA and CCPA/CPRA alignment checks, data inventory cataloging, and remediation tracking. Implements the NIST Privacy Framework PRAM methodology and ICO DPIA guidance for systematic identification and mitigation of privacy risks across processing activities. Use when conducting privacy assessments for new systems, evaluating regulatory compliance posture, or building automated privacy governance programs.
mukul975/Anthropic-Cybersecurity-Skills 4,300
analyzing-threat-actor-ttps-with-mitre-attack MITRE ATT&CK is a globally-accessible knowledge base of adversary tactics, techniques, and procedures (TTPs) based on real-world observations. This skill covers systematically mapping threat actor beh
mukul975/Anthropic-Cybersecurity-Skills 4,300

Search AI Tools

Topic: security-automation