lateral-movement▌
20 indexed skills · max 10 per page
hunting-for-lateral-movement-via-wmi
mukul975/Anthropic-Cybersecurity-Skills · hunting-for-lateral-movement-via-wmi
Detect WMI-based lateral movement by analyzing Windows Event ID 4688 process creation and Sysmon Event ID 1 for WmiPrvSE.exe child process patterns, remote process execution, and WMI event subscription persistence.
exploiting-constrained-delegation-abuse
mukul975/Anthropic-Cybersecurity-Skills · exploiting-constrained-delegation-abuse
Exploit Kerberos Constrained Delegation misconfigurations in Active Directory to impersonate privileged users via S4U2self and S4U2proxy extensions for lateral movement and privilege escalation.
performing-active-directory-compromise-investigation
mukul975/Anthropic-Cybersecurity-Skills · performing-active-directory-compromise-investigation
Investigate Active Directory compromise by analyzing authentication logs, replication metadata, Group Policy changes, and Kerberos ticket anomalies to identify attacker persistence and lateral movement paths.
detecting-lateral-movement-in-network
mukul975/Anthropic-Cybersecurity-Skills · detecting-lateral-movement-in-network
Identifies lateral movement techniques in enterprise networks by analyzing authentication logs, network flows, SMB traffic, and RDP sessions using Zeek, Velociraptor, and SIEM correlation rules to detect attackers moving between systems.
conducting-pass-the-ticket-attack
mukul975/Anthropic-Cybersecurity-Skills · conducting-pass-the-ticket-attack
Pass-the-Ticket (PtT) is a lateral movement technique that uses stolen Kerberos tickets (TGT or TGS) to authenticate to services without knowing the user's password. By extracting Kerberos tickets fro
performing-lateral-movement-detection
mukul975/Anthropic-Cybersecurity-Skills · performing-lateral-movement-detection
Detects lateral movement techniques including Pass-the-Hash, PsExec, WMI execution, RDP pivoting, and SMB-based spreading using SIEM correlation of Windows event logs, network flow data, and endpoint telemetry mapped to MITRE ATT&CK Lateral Movement (TA0008) techniques.
detecting-lateral-movement-with-zeek
mukul975/Anthropic-Cybersecurity-Skills · detecting-lateral-movement-with-zeek
Detect lateral movement in network traffic using Zeek (formerly Bro) log analysis. Parses conn.log, smb_mapping.log, smb_files.log, dce_rpc.log, kerberos.log, and ntlm.log to identify SMB file transfers, NTLM account spray activity, remote service execution, and anomalous internal connections.
implementing-network-deception-with-honeypots
mukul975/Anthropic-Cybersecurity-Skills · implementing-network-deception-with-honeypots
Deploy and manage network honeypots using OpenCanary, T-Pot, or Cowrie to detect unauthorized access, lateral movement, and attacker reconnaissance.
performing-credential-access-with-lazagne
mukul975/Anthropic-Cybersecurity-Skills · performing-credential-access-with-lazagne
Extract stored credentials from compromised endpoints using the LaZagne post-exploitation tool to recover passwords from browsers, databases, system vaults, and applications during authorized red team operations.
implementing-microsegmentation-with-guardicore
mukul975/Anthropic-Cybersecurity-Skills · implementing-microsegmentation-with-guardicore
Implementing microsegmentation using Akamai Guardicore Segmentation to map application dependencies, create granular network policies, visualize east-west traffic flows, and enforce least-privilege communication between workloads across data centers and cloud.