edr▌
9 indexed skills · max 10 per page
detecting-evasion-techniques-in-endpoint-logs
mukul975/Anthropic-Cybersecurity-Skills · detecting-evasion-techniques-in-endpoint-logs
Detects defense evasion techniques used by adversaries in endpoint logs including log tampering, timestomping, process injection, and security tool disabling. Use when investigating suspicious endpoint behavior, building detection rules for evasion tactics, or conducting threat hunting for stealthy adversary activity. Activates for requests involving evasion detection, defense evasion analysis, log tampering detection, or MITRE ATT&CK TA0005.
detecting-mimikatz-execution-patterns
mukul975/Anthropic-Cybersecurity-Skills · detecting-mimikatz-execution-patterns
Detect Mimikatz execution through command-line patterns, LSASS access signatures, binary indicators, and in-memory detection of known modules.
deploying-edr-agent-with-crowdstrike
mukul975/Anthropic-Cybersecurity-Skills · deploying-edr-agent-with-crowdstrike
Deploys and configures CrowdStrike Falcon EDR agents across enterprise endpoints to enable real-time threat detection, behavioral analysis, and automated response. Use when onboarding endpoints to EDR coverage, configuring detection policies, or integrating Falcon telemetry with SIEM platforms. Activates for requests involving CrowdStrike deployment, Falcon sensor installation, EDR policy configuration, or endpoint detection and response.
hunting-for-data-staging-before-exfiltration
mukul975/Anthropic-Cybersecurity-Skills · hunting-for-data-staging-before-exfiltration
Detect data staging activity before exfiltration by monitoring for archive creation with 7-Zip/RAR, unusual temp folder access, large file consolidation, and staging directory patterns via EDR and process telemetry
detecting-dll-sideloading-attacks
mukul975/Anthropic-Cybersecurity-Skills · detecting-dll-sideloading-attacks
Detect DLL side-loading attacks where adversaries place malicious DLLs alongside legitimate applications to hijack execution flow for defense evasion.
detecting-process-hollowing-technique
mukul975/Anthropic-Cybersecurity-Skills · detecting-process-hollowing-technique
Detect process hollowing (T1055.012) by analyzing memory-mapped sections, hollowed process indicators, and parent-child process anomalies in EDR telemetry.
hunting-for-living-off-the-land-binaries
mukul975/Anthropic-Cybersecurity-Skills · hunting-for-living-off-the-land-binaries
Proactively hunt for adversary abuse of legitimate system binaries (LOLBins) to execute malicious payloads while evading detection.
hunting-for-process-injection-techniques
mukul975/Anthropic-Cybersecurity-Skills · hunting-for-process-injection-techniques
Detect process injection techniques (T1055) including CreateRemoteThread, process hollowing, and DLL injection via Sysmon Event IDs 8 and 10 and EDR process telemetry
detecting-t1003-credential-dumping-with-edr
mukul975/Anthropic-Cybersecurity-Skills · detecting-t1003-credential-dumping-with-edr
Detect OS credential dumping techniques targeting LSASS memory, SAM database, NTDS.dit, and cached credentials using EDR telemetry, Sysmon process access monitoring, and Windows security event correlation.