credential-theft▌
6 indexed skills · max 10 per page
detecting-pass-the-ticket-attacks
mukul975/Anthropic-Cybersecurity-Skills · detecting-pass-the-ticket-attacks
Detect Kerberos Pass-the-Ticket (PtT) attacks by analyzing Windows Event IDs 4768, 4769, and 4771 for anomalous ticket usage patterns in Splunk and Elastic SIEM
detecting-dcsync-attack-in-active-directory
mukul975/Anthropic-Cybersecurity-Skills · detecting-dcsync-attack-in-active-directory
Detect DCSync attacks where adversaries abuse Active Directory replication privileges to extract password hashes by monitoring for non-domain-controller accounts requesting directory replication via DsGetNCChanges.
performing-initial-access-with-evilginx3
mukul975/Anthropic-Cybersecurity-Skills · performing-initial-access-with-evilginx3
Perform authorized initial access using EvilGinx3 adversary-in-the-middle phishing framework to capture session tokens and bypass multi-factor authentication during red team engagements.
extracting-config-from-agent-tesla-rat
mukul975/Anthropic-Cybersecurity-Skills · extracting-config-from-agent-tesla-rat
Extract embedded configuration from Agent Tesla RAT samples including SMTP/FTP/Telegram exfiltration credentials, keylogger settings, and C2 endpoints using .NET decompilation and memory analysis.
detecting-golden-ticket-forgery
mukul975/Anthropic-Cybersecurity-Skills · detecting-golden-ticket-forgery
Detect Kerberos Golden Ticket forgery by analyzing Windows Event ID 4769 for RC4 encryption downgrades (0x17), abnormal ticket lifetimes, and krbtgt account anomalies in Splunk and Elastic SIEM
performing-adversary-in-the-middle-phishing-detection
mukul975/Anthropic-Cybersecurity-Skills · performing-adversary-in-the-middle-phishing-detection
Detect and respond to Adversary-in-the-Middle (AiTM) phishing attacks that use reverse proxy kits like EvilProxy, Evilginx, and Tycoon 2FA to bypass MFA and steal session tokens.