threat-intelligence▌
44 indexed skills · max 10 per page
analyzing-typosquatting-domains-with-dnstwist
mukul975/Anthropic-Cybersecurity-Skills · analyzing-typosquatting-domains-with-dnstwist
Detect typosquatting, homograph phishing, and brand impersonation domains using dnstwist to generate domain permutations and identify registered lookalike domains targeting your organization.
implementing-stix-taxii-feed-integration
mukul975/Anthropic-Cybersecurity-Skills · implementing-stix-taxii-feed-integration
STIX (Structured Threat Information eXpression) and TAXII (Trusted Automated eXchange of Intelligence Information) are OASIS open standards for representing and transporting cyber threat intelligence.
building-threat-feed-aggregation-with-misp
mukul975/Anthropic-Cybersecurity-Skills · building-threat-feed-aggregation-with-misp
Deploy MISP (Malware Information Sharing Platform) to aggregate, correlate, and distribute threat intelligence feeds from multiple sources for centralized IOC management and automated SIEM integration.
building-threat-hunt-hypothesis-framework
mukul975/Anthropic-Cybersecurity-Skills · building-threat-hunt-hypothesis-framework
Build a systematic threat hunt hypothesis framework that transforms threat intelligence, attack patterns, and environmental data into testable hunting hypotheses.
analyzing-threat-actor-ttps-with-mitre-navigator
mukul975/Anthropic-Cybersecurity-Skills · analyzing-threat-actor-ttps-with-mitre-navigator
Map advanced persistent threat (APT) group tactics, techniques, and procedures (TTPs) to the MITRE ATT&CK framework using the ATT&CK Navigator and attackcti Python library. The analyst queries STIX/TAXII data for group-technique associations, generates Navigator layer files for visualization, and compares defensive coverage against adversary profiles. Activates for requests involving APT TTP mapping, ATT&CK Navigator layers, threat actor profiling, or MITRE technique coverage analysis.
performing-indicator-lifecycle-management
mukul975/Anthropic-Cybersecurity-Skills · performing-indicator-lifecycle-management
Indicator lifecycle management tracks IOCs from initial discovery through validation, enrichment, deployment, monitoring, and eventual retirement. This skill covers implementing systematic processes f
building-threat-intelligence-platform
mukul975/Anthropic-Cybersecurity-Skills · building-threat-intelligence-platform
Building a Threat Intelligence Platform (TIP) involves deploying and integrating multiple CTI tools into a unified system for collecting, analyzing, enriching, and disseminating threat intelligence. T
analyzing-certificate-transparency-for-phishing
mukul975/Anthropic-Cybersecurity-Skills · analyzing-certificate-transparency-for-phishing
Monitor Certificate Transparency logs using crt.sh and Certstream to detect phishing domains, lookalike certificates, and unauthorized certificate issuance targeting your organization.
analyzing-ransomware-payment-wallets
mukul975/Anthropic-Cybersecurity-Skills · analyzing-ransomware-payment-wallets
Traces ransomware cryptocurrency payment flows using blockchain analysis tools such as Chainalysis Reactor, WalletExplorer, and blockchain.com APIs. Identifies wallet clusters, tracks fund movement through mixers and exchanges, and supports law enforcement attribution. Activates for requests involving ransomware payment tracing, bitcoin wallet analysis, cryptocurrency forensics, or blockchain intelligence gathering.
performing-osint-with-spiderfoot
mukul975/Anthropic-Cybersecurity-Skills · performing-osint-with-spiderfoot
Automate OSINT collection using SpiderFoot REST API and CLI for target profiling, module-based reconnaissance, and structured result analysis across 200+ data sources