mitre-attack▌
62 indexed skills · max 10 per page
hunting-for-scheduled-task-persistence
mukul975/Anthropic-Cybersecurity-Skills · hunting-for-scheduled-task-persistence
Hunt for adversary persistence via Windows Scheduled Tasks by analyzing task creation events, suspicious task actions, and unusual scheduling patterns.
implementing-diamond-model-analysis
mukul975/Anthropic-Cybersecurity-Skills · implementing-diamond-model-analysis
The Diamond Model of Intrusion Analysis provides a structured framework for analyzing cyber intrusions by examining four core features - Adversary, Capability, Infrastructure, and Victim. This skill covers implementing the Diamond Model programmatically to classify and correlate intrusion events, build activity threads, and generate pivot-ready intelligence.
performing-kerberoasting-attack
mukul975/Anthropic-Cybersecurity-Skills · performing-kerberoasting-attack
Kerberoasting is a post-exploitation technique that targets service accounts in Active Directory by requesting Kerberos TGS (Ticket Granting Service) tickets for accounts with Service Principal Names
conducting-spearphishing-simulation-campaign
mukul975/Anthropic-Cybersecurity-Skills · conducting-spearphishing-simulation-campaign
Spearphishing simulation is a targeted social engineering attack vector used by red teams to gain initial access. Unlike broad phishing campaigns, spearphishing uses OSINT-derived intelligence to craf
conducting-pass-the-ticket-attack
mukul975/Anthropic-Cybersecurity-Skills · conducting-pass-the-ticket-attack
Pass-the-Ticket (PtT) is a lateral movement technique that uses stolen Kerberos tickets (TGT or TGS) to authenticate to services without knowing the user's password. By extracting Kerberos tickets fro
performing-lateral-movement-detection
mukul975/Anthropic-Cybersecurity-Skills · performing-lateral-movement-detection
Detects lateral movement techniques including Pass-the-Hash, PsExec, WMI execution, RDP pivoting, and SMB-based spreading using SIEM correlation of Windows event logs, network flow data, and endpoint telemetry mapped to MITRE ATT&CK Lateral Movement (TA0008) techniques.
detecting-pass-the-hash-attacks
mukul975/Anthropic-Cybersecurity-Skills · detecting-pass-the-hash-attacks
Detect Pass-the-Hash attacks by analyzing NTLM authentication patterns, identifying Type 3 logons with NTLM where Kerberos is expected, and correlating with credential dumping.
performing-dark-web-monitoring-for-threats
mukul975/Anthropic-Cybersecurity-Skills · performing-dark-web-monitoring-for-threats
Dark web monitoring involves systematically scanning Tor hidden services, underground forums, paste sites, and dark web marketplaces to identify threats targeting an organization, including leaked cre
hunting-for-t1098-account-manipulation
mukul975/Anthropic-Cybersecurity-Skills · hunting-for-t1098-account-manipulation
Hunt for MITRE ATT&CK T1098 account manipulation including shadow admin creation, SID history injection, group membership changes, and credential modifications using Windows Security Event Logs.
detecting-wmi-persistence
mukul975/Anthropic-Cybersecurity-Skills · detecting-wmi-persistence
Detect WMI event subscription persistence by analyzing Sysmon Event IDs 19, 20, and 21 for malicious EventFilter, EventConsumer, and FilterToConsumerBinding creation.