Sponsored by

Find leads on Reddit on auto pilot

Topic: security

1,299 skills in this topic.

performing-malware-triage-with-yara Performs rapid malware triage and classification using YARA rules to match file patterns, strings, byte sequences, and structural characteristics against known malware families and suspicious indicators. Covers rule writing, scanning, and integration with analysis pipelines. Activates for requests involving YARA rule creation, malware classification, pattern matching, sample triage, or signature-based detection.
mukul975/Anthropic-Cybersecurity-Skills 4,300
hunting-for-anomalous-powershell-execution Hunt for malicious PowerShell activity by analyzing Script Block Logging (Event 4104), Module Logging (Event 4103), and process creation events. The analyst parses Windows Event Log EVTX files to detect obfuscated commands, AMSI bypass attempts, encoded payloads, credential dumping keywords, and suspicious download cradles. Activates for requests involving PowerShell threat hunting, script block analysis, encoded command detection, or AMSI bypass identification.
mukul975/Anthropic-Cybersecurity-Skills 4,300
implementing-just-in-time-access-provisioning Implement Just-In-Time (JIT) access provisioning to eliminate standing privileges by granting temporary, time-bound access only when needed. This skill covers JIT architecture design, approval workflo
mukul975/Anthropic-Cybersecurity-Skills 4,300
performing-threat-hunting-with-elastic-siem Performs proactive threat hunting in Elastic Security SIEM using KQL/EQL queries, detection rules, and Timeline investigation to identify threats that evade automated detection. Use when SOC teams need to hunt for specific ATT&CK techniques, investigate anomalous behaviors, or validate detection coverage gaps using Elasticsearch and Kibana Security.
mukul975/Anthropic-Cybersecurity-Skills 4,300
performing-nist-csf-maturity-assessment The NIST Cybersecurity Framework (CSF) 2.0, released in February 2024, provides a comprehensive taxonomy for managing cybersecurity risk through six core Functions - Govern, Identify, Protect, Detect, Respond, and Recover. This skill covers conducting a maturity assessment against the CSF using Implementation Tiers to measure organizational cybersecurity posture and create improvement roadmaps.
mukul975/Anthropic-Cybersecurity-Skills 4,300
performing-iot-security-assessment Performs comprehensive security assessments of IoT devices and their ecosystems by testing hardware interfaces, firmware, network communications, cloud APIs, and companion mobile applications. The tester uses firmware extraction and analysis, hardware debugging via UART and JTAG, network protocol analysis, and runtime exploitation to identify vulnerabilities across all layers of the IoT stack. Activates for requests involving IoT security testing, embedded device assessment, firmware security analysis, or smart device penetration testing.
mukul975/Anthropic-Cybersecurity-Skills 4,300
detecting-aws-iam-privilege-escalation Detect AWS IAM privilege escalation paths using boto3 and Cloudsplaining policy analysis to identify overly permissive policies, dangerous permission combinations, and least-privilege violations
mukul975/Anthropic-Cybersecurity-Skills 4,300
implementing-github-advanced-security-for-code-scanning Configure GitHub Advanced Security with CodeQL to perform automated static analysis and vulnerability detection across repositories at enterprise scale.
mukul975/Anthropic-Cybersecurity-Skills 4,300
implementing-log-integrity-with-blockchain Build an append-only log integrity chain using SHA-256 hash chaining for tamper detection. Each log entry is hashed with the previous entry's hash to create a blockchain-like structure where modifying any entry invalidates all subsequent hashes. Implements log ingestion, chain verification, tamper detection with pinpoint identification, and periodic checkpoint anchoring to external timestamping services.
mukul975/Anthropic-Cybersecurity-Skills 4,300
conducting-social-engineering-penetration-test Design and execute a social engineering penetration test including phishing, vishing, smishing, and physical pretexting campaigns to measure human security resilience and identify training gaps.
mukul975/Anthropic-Cybersecurity-Skills 4,300
analyzing-prefetch-files-for-execution-history Parse Windows Prefetch files to determine program execution history including run counts, timestamps, and referenced files for forensic investigation.
mukul975/Anthropic-Cybersecurity-Skills 4,300
analyzing-cobalt-strike-beacon-configuration Extract and analyze Cobalt Strike beacon configuration from PE files and memory dumps to identify C2 infrastructure, malleable profiles, and operator tradecraft.
mukul975/Anthropic-Cybersecurity-Skills 4,300
deobfuscating-javascript-malware Deobfuscates malicious JavaScript code used in web-based attacks, phishing pages, and dropper scripts by reversing encoding layers, eval chains, string manipulation, and control flow obfuscation to reveal the original malicious logic. Activates for requests involving JavaScript malware analysis, script deobfuscation, web skimmer analysis, or obfuscated dropper investigation.
mukul975/Anthropic-Cybersecurity-Skills 4,300
detecting-dll-sideloading-attacks Detect DLL side-loading attacks where adversaries place malicious DLLs alongside legitimate applications to hijack execution flow for defense evasion.
mukul975/Anthropic-Cybersecurity-Skills 4,300
executing-red-team-exercise Executes comprehensive red team exercises that simulate real-world adversary operations against an organization's people, processes, and technology. The red team operates with stealth as a primary objective, employing the full attack lifecycle from initial reconnaissance through objective completion while testing the organization's detection and response capabilities. This differs from penetration testing by focusing on adversary emulation rather than vulnerability identification. Activates for requests involving red team exercise, adversary simulation, adversary emulation, or full-scope offensive security assessment.
mukul975/Anthropic-Cybersecurity-Skills 4,300
analyzing-network-traffic-of-malware Analyzes network traffic generated by malware during sandbox execution or live incident response to identify C2 protocols, data exfiltration channels, payload downloads, and lateral movement patterns using Wireshark, Zeek, and Suricata. Activates for requests involving malware network analysis, C2 traffic decoding, malware PCAP analysis, or network-based malware detection.
mukul975/Anthropic-Cybersecurity-Skills 4,300
detecting-typosquatting-packages-in-npm-pypi Detects typosquatting attacks in npm and PyPI package registries by analyzing package name similarity using Levenshtein distance and other string metrics, examining publish date heuristics to identify recently created packages mimicking established ones, and flagging download count anomalies where suspicious packages have disproportionately low usage compared to their legitimate targets. The analyst queries the PyPI JSON API and npm registry API to gather package metadata for automated comparison. Activates for requests involving package typosquatting detection, dependency confusion analysis, malicious package identification, or software supply chain threat hunting in package registries.
mukul975/Anthropic-Cybersecurity-Skills 4,300
detecting-t1548-abuse-elevation-control-mechanism Detect abuse of elevation control mechanisms including UAC bypass, sudo exploitation, and setuid/setgid manipulation by monitoring registry modifications, process elevation flags, and unusual parent-child process relationships.
mukul975/Anthropic-Cybersecurity-Skills 4,300
building-patch-tuesday-response-process Establish a structured operational process to triage, test, and deploy Microsoft Patch Tuesday security updates within risk-based remediation SLAs.
mukul975/Anthropic-Cybersecurity-Skills 4,300
recovering-from-ransomware-attack Executes structured recovery from a ransomware incident following NIST and CISA frameworks, including environment isolation, forensic evidence preservation, clean infrastructure rebuild, prioritized system restoration from verified backups, credential reset, and validation against re-infection. Covers Active Directory recovery, database restoration, and application stack rebuild in dependency order. Activates for requests involving ransomware recovery, post-encryption restoration, or disaster recovery from ransomware.
mukul975/Anthropic-Cybersecurity-Skills 4,300
building-vulnerability-exception-tracking-system Build a vulnerability exception and risk acceptance tracking system with approval workflows, compensating controls documentation, and expiration management.
mukul975/Anthropic-Cybersecurity-Skills 4,300
configuring-oauth2-authorization-flow Configure secure OAuth 2.0 authorization flows including Authorization Code with PKCE, Client Credentials, and Device Authorization Grant. This skill covers flow selection, PKCE implementation, token
mukul975/Anthropic-Cybersecurity-Skills 4,300
building-threat-actor-profile-from-osint Build comprehensive threat actor profiles using open-source intelligence (OSINT) techniques to document adversary motivations, capabilities, infrastructure, and TTPs for proactive defense.
mukul975/Anthropic-Cybersecurity-Skills 4,300
configuring-snort-ids-for-intrusion-detection Installs, configures, and tunes Snort 3 intrusion detection system to monitor network traffic for malicious activity using custom and community rulesets, preprocessors, and alert output plugins on authorized network segments.
mukul975/Anthropic-Cybersecurity-Skills 4,300