mitre-attack▌
62 indexed skills · max 10 per page
analyzing-campaign-attribution-evidence
mukul975/Anthropic-Cybersecurity-Skills · analyzing-campaign-attribution-evidence
Campaign attribution analysis involves systematically evaluating evidence to determine which threat actor or group is responsible for a cyber operation. This skill covers collecting and weighting attr
implementing-siem-use-cases-for-detection
mukul975/Anthropic-Cybersecurity-Skills · implementing-siem-use-cases-for-detection
Implements SIEM detection use cases by designing correlation rules, threshold alerts, and behavioral analytics mapped to MITRE ATT&CK techniques across Splunk, Elastic, and Sentinel. Use when SOC teams need to expand detection coverage, formalize use case lifecycle management, or build a detection library aligned to organizational threat profile.
detecting-mimikatz-execution-patterns
mukul975/Anthropic-Cybersecurity-Skills · detecting-mimikatz-execution-patterns
Detect Mimikatz execution through command-line patterns, LSASS access signatures, binary indicators, and in-memory detection of known modules.
performing-open-source-intelligence-gathering
mukul975/Anthropic-Cybersecurity-Skills · performing-open-source-intelligence-gathering
Open Source Intelligence (OSINT) gathering is the first active phase of a red team engagement, where operators collect publicly available information about the target organization to identify attack s
implementing-stix-taxii-feed-integration
mukul975/Anthropic-Cybersecurity-Skills · implementing-stix-taxii-feed-integration
STIX (Structured Threat Information eXpression) and TAXII (Trusted Automated eXchange of Intelligence Information) are OASIS open standards for representing and transporting cyber threat intelligence.
analyzing-threat-actor-ttps-with-mitre-navigator
mukul975/Anthropic-Cybersecurity-Skills · analyzing-threat-actor-ttps-with-mitre-navigator
Map advanced persistent threat (APT) group tactics, techniques, and procedures (TTPs) to the MITRE ATT&CK framework using the ATT&CK Navigator and attackcti Python library. The analyst queries STIX/TAXII data for group-technique associations, generates Navigator layer files for visualization, and compares defensive coverage against adversary profiles. Activates for requests involving APT TTP mapping, ATT&CK Navigator layers, threat actor profiling, or MITRE technique coverage analysis.
exploiting-ms17-010-eternalblue-vulnerability
mukul975/Anthropic-Cybersecurity-Skills · exploiting-ms17-010-eternalblue-vulnerability
MS17-010 (EternalBlue) is a critical vulnerability in Microsoft's SMBv1 implementation that allows remote code execution. Originally discovered by the NSA and leaked by the Shadow Brokers in 2017, it
performing-indicator-lifecycle-management
mukul975/Anthropic-Cybersecurity-Skills · performing-indicator-lifecycle-management
Indicator lifecycle management tracks IOCs from initial discovery through validation, enrichment, deployment, monitoring, and eventual retirement. This skill covers implementing systematic processes f
building-threat-intelligence-platform
mukul975/Anthropic-Cybersecurity-Skills · building-threat-intelligence-platform
Building a Threat Intelligence Platform (TIP) involves deploying and integrating multiple CTI tools into a unified system for collecting, analyzing, enriching, and disseminating threat intelligence. T
detecting-kerberoasting-attacks
mukul975/Anthropic-Cybersecurity-Skills · detecting-kerberoasting-attacks
Detect Kerberoasting attacks by monitoring for anomalous Kerberos TGS requests targeting service accounts with SPNs for offline password cracking.