endpoint-detection▌
5 indexed skills · max 10 per page
hunting-for-persistence-via-wmi-subscriptions
mukul975/Anthropic-Cybersecurity-Skills · hunting-for-persistence-via-wmi-subscriptions
Hunt for adversary persistence through Windows Management Instrumentation event subscriptions by monitoring WMI consumer, filter, and binding creation events that execute malicious code triggered by system events.
detecting-living-off-the-land-with-lolbas
mukul975/Anthropic-Cybersecurity-Skills · detecting-living-off-the-land-with-lolbas
Detect Living Off the Land Binaries (LOLBins/LOLBAS) abuse including certutil, regsvr32, mshta, and rundll32 via process telemetry, Sigma rules, and parent-child process analysis
hunting-for-suspicious-scheduled-tasks
mukul975/Anthropic-Cybersecurity-Skills · hunting-for-suspicious-scheduled-tasks
Hunt for adversary persistence and execution via Windows scheduled tasks by analyzing task creation events, suspicious task properties, and unusual execution patterns that indicate T1053.005 abuse.
implementing-endpoint-detection-with-wazuh
mukul975/Anthropic-Cybersecurity-Skills · implementing-endpoint-detection-with-wazuh
Deploy and configure Wazuh SIEM/XDR for endpoint detection including agent management, custom decoder and rule XML creation, alert querying via the Wazuh REST API, and automated response actions.
hunting-for-lolbins-execution-in-endpoint-logs
mukul975/Anthropic-Cybersecurity-Skills · hunting-for-lolbins-execution-in-endpoint-logs
Hunt for adversary abuse of Living Off the Land Binaries (LOLBins) by analyzing endpoint process creation logs for suspicious execution patterns of legitimate Windows system binaries used for malicious purposes.