Hunt for data exfiltration through network traffic analysis, detecting unusual data flows, DNS tunneling, cloud storage uploads, and encrypted channel abuse.
Works with
AI-first code editor with Composer
Before installing skills in Cursor, ensure your development environment meets these requirements:
node --versionhunting-for-data-exfiltration-indicatorsExecute the skills CLI command in your project's root directory to begin installation:
Fetches hunting-for-data-exfiltration-indicators from mukul975/Anthropic-Cybersecurity-Skills and configures it for Cursor.
The CLI shows a list of agents. Use arrow keys and space to select Cursor:
Confirm successful installation by checking the skill directory location:
Restart Cursor to activate hunting-for-data-exfiltration-indicators. Access via /hunting-for-data-exfiltration-indicators in your agent's command palette.
We perform automated surface-level scans (Gen AI Scanner, Socket, Snyk) during installation. These checks detect common vulnerabilities but do not guarantee complete security. Always review skill source code and verify the publisher's reputation before production use.
Skills execute code in your environment. Always review source, verify the publisher, and test in isolation before production.
Submit your Claude Code skill and start earning
Quickly understand datasets, identify patterns, and generate insights
Example
Analyze CSV with 100K rows, identify outliers, visualize correlations, suggest hypotheses
Reduce EDA time from hours to minutes, uncover insights faster
Write scripts to clean messy data, handle missing values, normalize formats
Example
Generate Python/SQL to fix date formats, impute missing values, remove duplicates
Automate 80% of data preprocessing work
Perform hypothesis testing, regression, and statistical modeling
Example
Run A/B test analysis, calculate confidence intervals, interpret p-values
0
total installs
0
this week
8.6K
GitHub stars
0
upvotes
Run in your terminal
0
installs
0
this week
8.6K
stars
| name | hunting-for-data-exfiltration-indicators |
| description | Hunt for data exfiltration through network traffic analysis, detecting unusual data flows, DNS tunneling, cloud storage uploads, and encrypted channel abuse. |
| domain | cybersecurity |
| subdomain | threat-hunting |
| tags | - threat-hunting - mitre-attack - data-exfiltration - dlp - network-analysis - proactive-detection |
| version | '1.0' |
| author | mahipal |
| license | Apache-2.0 |
| atlas_techniques | - AML.T0024 - AML.T0056 |
| nist_ai_rmf | - MEASURE-2.7 - MAP-5.1 - MANAGE-2.4 |
| d3fend_techniques | - File Metadata Consistency Validation - Certificate Analysis - Application Protocol Command Analysis - Content Format Conversion - File Content Analysis |
| nist_csf | - DE.CM-01 - DE.AE-02 - DE.AE-07 - ID.RA-05 |
| Concept | Description |
|---|---|
| T1041 | Exfiltration Over C2 Channel |
| T1048 | Exfiltration Over Alternative Protocol |
| T1048.001 | Exfiltration Over Symmetric Encrypted Non-C2 |
| T1048.002 | Exfiltration Over Asymmetric Encrypted Non-C2 |
| T1048.003 | Exfiltration Over Unencrypted/Obfuscated Non-C2 |
| T1567 | Exfiltration Over Web Service |
| T1567.002 | Exfiltration to Cloud Storage |
| T1052 | Exfiltration Over Physical Medium |
| T1029 | Scheduled Transfer |
| T1030 | Data Transfer Size Limits (staging) |
| T1537 | Transfer Data to Cloud Account |
| T1020 | Automated Exfiltration |
| Tool | Purpose |
|---|---|
| Splunk | SIEM for data volume analysis and SPL queries |
| Zeek | Network metadata for data flow analysis |
| Microsoft Defender for Cloud Apps | CASB for cloud exfiltration |
| Netskope | Cloud DLP and exfiltration detection |
| Suricata | Network IDS for protocol anomaly detection |
| RITA | DNS exfiltration and beacon detection |
| ExtraHop | Network traffic analysis for data flow |
Hunt ID: TH-EXFIL-[DATE]-[SEQ]
Exfiltration Channel: [HTTP/DNS/Email/Cloud/USB]
Source: [Host/User]
Destination: [Domain/IP/Service]
Data Volume: [Bytes/MB/GB]
Time Period: [Start - End]
Protocol: [HTTPS/DNS/SMTP/SMB]
Files Involved: [Count/Types]
Risk Level: [Critical/High/Medium/Low]
Confidence: [High/Medium/Low]
Get statistically sound analysis without PhD in statistics
Create charts, dashboards, and visual reports
Example
Generate matplotlib/seaborn code for time series plots, distribution charts, heatmaps
Build presentation-ready visualizations 3x faster
Prerequisites
Time Estimate
20-40 minutes to set up and run first analysis
Steps
Common Pitfalls
✓ Do
✗ Don't
💡 Pro Tips
✓ Use when
Use for exploratory data analysis, data cleaning, statistical testing, visualization prototyping, and learning new analysis techniques. Best for initial exploration and rapid insights.
✗ Avoid when
Avoid for mission-critical financial analysis, medical research requiring regulatory compliance, production ML models, or when deep statistical expertise is required for nuanced interpretation.
mukul975/Anthropic-Cybersecurity-Skills
mukul975/Anthropic-Cybersecurity-Skills
mukul975/Anthropic-Cybersecurity-Skills
mukul975/Anthropic-Cybersecurity-Skills
mukul975/Anthropic-Cybersecurity-Skills
mukul975/Anthropic-Cybersecurity-Skills
Registry listing for hunting-for-data-exfiltration-indicators matched our evaluation — installs cleanly and behaves as described in the markdown.
Solid pick for teams standardizing on skills: hunting-for-data-exfiltration-indicators is focused, and the summary matches what you get after install.
hunting-for-data-exfiltration-indicators reduced setup friction for our internal harness; good balance of opinion and flexibility.
Registry listing for hunting-for-data-exfiltration-indicators matched our evaluation — installs cleanly and behaves as described in the markdown.
Keeps context tight: hunting-for-data-exfiltration-indicators is the kind of skill you can hand to a new teammate without a long onboarding doc.
hunting-for-data-exfiltration-indicators fits our agent workflows well — practical, well scoped, and easy to wire into existing repos.
hunting-for-data-exfiltration-indicators reduced setup friction for our internal harness; good balance of opinion and flexibility.
I recommend hunting-for-data-exfiltration-indicators for anyone iterating fast on agent tooling; clear intent and a small, reviewable surface area.
hunting-for-data-exfiltration-indicators reduced setup friction for our internal harness; good balance of opinion and flexibility.
hunting-for-data-exfiltration-indicators has been reliable in day-to-day use. Documentation quality is above average for community skills.
showing 1-10 of 66