active-directory▌
26 indexed skills · max 10 per page
exploiting-kerberoasting-with-impacket
mukul975/Anthropic-Cybersecurity-Skills · exploiting-kerberoasting-with-impacket
Perform Kerberoasting attacks using Impacket's GetUserSPNs to extract and crack Kerberos TGS tickets for Active Directory service accounts.
auditing-azure-active-directory-configuration
mukul975/Anthropic-Cybersecurity-Skills · auditing-azure-active-directory-configuration
Auditing Microsoft Entra ID (Azure Active Directory) configuration to identify risky authentication policies, overly permissive role assignments, stale accounts, conditional access gaps, and guest user risks using AzureAD PowerShell, Microsoft Graph API, and ScoutSuite.
performing-active-directory-penetration-test
mukul975/Anthropic-Cybersecurity-Skills · performing-active-directory-penetration-test
Conduct a focused Active Directory penetration test to enumerate domain objects, discover attack paths with BloodHound, exploit Kerberos weaknesses, escalate privileges via ADCS/DCSync, and demonstrate domain compromise.
hunting-for-t1098-account-manipulation
mukul975/Anthropic-Cybersecurity-Skills · hunting-for-t1098-account-manipulation
Hunt for MITRE ATT&CK T1098 account manipulation including shadow admin creation, SID history injection, group membership changes, and credential modifications using Windows Security Event Logs.
hunting-for-dcsync-attacks
mukul975/Anthropic-Cybersecurity-Skills · hunting-for-dcsync-attacks
Detect DCSync attacks by analyzing Windows Event ID 4662 for unauthorized DS-Replication-Get-Changes requests from non-domain-controller accounts.
exploiting-active-directory-with-bloodhound
mukul975/Anthropic-Cybersecurity-Skills · exploiting-active-directory-with-bloodhound
BloodHound is a graph-based Active Directory reconnaissance tool that uses graph theory to reveal hidden and unintended relationships within AD environments. Red teams use BloodHound to identify attac
exploiting-active-directory-certificate-services-esc1
mukul975/Anthropic-Cybersecurity-Skills · exploiting-active-directory-certificate-services-esc1
Exploit misconfigured Active Directory Certificate Services (AD CS) ESC1 vulnerability to request certificates as high-privileged users and escalate domain privileges during authorized red team assessments.
conducting-domain-persistence-with-dcsync
mukul975/Anthropic-Cybersecurity-Skills · conducting-domain-persistence-with-dcsync
Perform DCSync attacks to replicate Active Directory credentials and establish domain persistence by extracting KRBTGT, Domain Admin, and service account hashes for Golden Ticket creation.
detecting-credential-dumping-techniques
mukul975/Anthropic-Cybersecurity-Skills · detecting-credential-dumping-techniques
Detect LSASS credential dumping, SAM database extraction, and NTDS.dit theft using Sysmon Event ID 10, Windows Security logs, and SIEM correlation rules
analyzing-windows-event-logs-in-splunk
mukul975/Anthropic-Cybersecurity-Skills · analyzing-windows-event-logs-in-splunk
Analyzes Windows Security, System, and Sysmon event logs in Splunk to detect authentication attacks, privilege escalation, persistence mechanisms, and lateral movement using SPL queries mapped to MITRE ATT&CK techniques. Use when SOC analysts need to investigate Windows-based threats, build detection queries, or perform forensic timeline analysis of Windows endpoints and domain controllers.