threat-hunting▌
67 indexed skills · max 10 per page
hunting-for-scheduled-task-persistence
mukul975/Anthropic-Cybersecurity-Skills · hunting-for-scheduled-task-persistence
Hunt for adversary persistence via Windows Scheduled Tasks by analyzing task creation events, suspicious task actions, and unusual scheduling patterns.
analyzing-persistence-mechanisms-in-linux
mukul975/Anthropic-Cybersecurity-Skills · analyzing-persistence-mechanisms-in-linux
Detect and analyze Linux persistence mechanisms including crontab entries, systemd service units, LD_PRELOAD hijacking, bashrc modifications, and authorized_keys backdoors using auditd and file integrity monitoring
analyzing-powershell-empire-artifacts
mukul975/Anthropic-Cybersecurity-Skills · analyzing-powershell-empire-artifacts
Detect PowerShell Empire framework artifacts in Windows event logs by identifying Base64 encoded launcher patterns, default user agents, staging URL structures, stager IOCs, and known Empire module signatures in Script Block Logging events.
implementing-velociraptor-for-ir-collection
mukul975/Anthropic-Cybersecurity-Skills · implementing-velociraptor-for-ir-collection
Deploy and configure Velociraptor for scalable endpoint forensic artifact collection during incident response using VQL queries, hunts, and pre-built artifact packs across Windows, Linux, and macOS environments.
performing-yara-rule-development-for-detection
mukul975/Anthropic-Cybersecurity-Skills · performing-yara-rule-development-for-detection
Develop precise YARA rules for malware detection by identifying unique byte patterns, strings, and behavioral indicators in executable files while minimizing false positives.
performing-threat-hunting-with-yara-rules
mukul975/Anthropic-Cybersecurity-Skills · performing-threat-hunting-with-yara-rules
Use YARA pattern-matching rules to hunt for malware, suspicious files, and indicators of compromise across filesystems and memory dumps. Covers rule authoring, yara-python scanning, and integration with threat intel feeds.
detecting-pass-the-hash-attacks
mukul975/Anthropic-Cybersecurity-Skills · detecting-pass-the-hash-attacks
Detect Pass-the-Hash attacks by analyzing NTLM authentication patterns, identifying Type 3 logons with NTLM where Kerberos is expected, and correlating with credential dumping.
hunting-for-t1098-account-manipulation
mukul975/Anthropic-Cybersecurity-Skills · hunting-for-t1098-account-manipulation
Hunt for MITRE ATT&CK T1098 account manipulation including shadow admin creation, SID history injection, group membership changes, and credential modifications using Windows Security Event Logs.
detecting-wmi-persistence
mukul975/Anthropic-Cybersecurity-Skills · detecting-wmi-persistence
Detect WMI event subscription persistence by analyzing Sysmon Event IDs 19, 20, and 21 for malicious EventFilter, EventConsumer, and FilterToConsumerBinding creation.
detecting-evasion-techniques-in-endpoint-logs
mukul975/Anthropic-Cybersecurity-Skills · detecting-evasion-techniques-in-endpoint-logs
Detects defense evasion techniques used by adversaries in endpoint logs including log tampering, timestomping, process injection, and security tool disabling. Use when investigating suspicious endpoint behavior, building detection rules for evasion tactics, or conducting threat hunting for stealthy adversary activity. Activates for requests involving evasion detection, defense evasion analysis, log tampering detection, or MITRE ATT&CK TA0005.