mitre-attack▌
62 indexed skills · max 10 per page
performing-kerberoasting-attack
mukul975/Anthropic-Cybersecurity-Skills · performing-kerberoasting-attack
Kerberoasting is a post-exploitation technique that targets service accounts in Active Directory by requesting Kerberos TGS (Ticket Granting Service) tickets for accounts with Service Principal Names
conducting-spearphishing-simulation-campaign
mukul975/Anthropic-Cybersecurity-Skills · conducting-spearphishing-simulation-campaign
Spearphishing simulation is a targeted social engineering attack vector used by red teams to gain initial access. Unlike broad phishing campaigns, spearphishing uses OSINT-derived intelligence to craf
conducting-pass-the-ticket-attack
mukul975/Anthropic-Cybersecurity-Skills · conducting-pass-the-ticket-attack
Pass-the-Ticket (PtT) is a lateral movement technique that uses stolen Kerberos tickets (TGT or TGS) to authenticate to services without knowing the user's password. By extracting Kerberos tickets fro
performing-lateral-movement-detection
mukul975/Anthropic-Cybersecurity-Skills · performing-lateral-movement-detection
Detects lateral movement techniques including Pass-the-Hash, PsExec, WMI execution, RDP pivoting, and SMB-based spreading using SIEM correlation of Windows event logs, network flow data, and endpoint telemetry mapped to MITRE ATT&CK Lateral Movement (TA0008) techniques.
detecting-pass-the-hash-attacks
mukul975/Anthropic-Cybersecurity-Skills · detecting-pass-the-hash-attacks
Detect Pass-the-Hash attacks by analyzing NTLM authentication patterns, identifying Type 3 logons with NTLM where Kerberos is expected, and correlating with credential dumping.
performing-dark-web-monitoring-for-threats
mukul975/Anthropic-Cybersecurity-Skills · performing-dark-web-monitoring-for-threats
Dark web monitoring involves systematically scanning Tor hidden services, underground forums, paste sites, and dark web marketplaces to identify threats targeting an organization, including leaked cre
detecting-wmi-persistence
mukul975/Anthropic-Cybersecurity-Skills · detecting-wmi-persistence
Detect WMI event subscription persistence by analyzing Sysmon Event IDs 19, 20, and 21 for malicious EventFilter, EventConsumer, and FilterToConsumerBinding creation.
hunting-for-t1098-account-manipulation
mukul975/Anthropic-Cybersecurity-Skills · hunting-for-t1098-account-manipulation
Hunt for MITRE ATT&CK T1098 account manipulation including shadow admin creation, SID history injection, group membership changes, and credential modifications using Windows Security Event Logs.
analyzing-campaign-attribution-evidence
mukul975/Anthropic-Cybersecurity-Skills · analyzing-campaign-attribution-evidence
Campaign attribution analysis involves systematically evaluating evidence to determine which threat actor or group is responsible for a cyber operation. This skill covers collecting and weighting attr
implementing-siem-use-cases-for-detection
mukul975/Anthropic-Cybersecurity-Skills · implementing-siem-use-cases-for-detection
Implements SIEM detection use cases by designing correlation rules, threshold alerts, and behavioral analytics mapped to MITRE ATT&CK techniques across Splunk, Elastic, and Sentinel. Use when SOC teams need to expand detection coverage, formalize use case lifecycle management, or build a detection library aligned to organizational threat profile.