mitre-attack▌
62 indexed skills · max 10 per page
building-soc-playbook-for-ransomware
mukul975/Anthropic-Cybersecurity-Skills · building-soc-playbook-for-ransomware
Builds a structured SOC incident response playbook for ransomware attacks covering detection, containment, eradication, and recovery phases with specific SIEM queries, isolation procedures, and decision trees. Use when SOC teams need formalized response procedures for ransomware incidents aligned to NIST SP 800-61 and MITRE ATT&CK ransomware techniques.
detecting-dll-sideloading-attacks
mukul975/Anthropic-Cybersecurity-Skills · detecting-dll-sideloading-attacks
Detect DLL side-loading attacks where adversaries place malicious DLLs alongside legitimate applications to hijack execution flow for defense evasion.
detecting-process-hollowing-technique
mukul975/Anthropic-Cybersecurity-Skills · detecting-process-hollowing-technique
Detect process hollowing (T1055.012) by analyzing memory-mapped sections, hollowed process indicators, and parent-child process anomalies in EDR telemetry.
exploiting-active-directory-with-bloodhound
mukul975/Anthropic-Cybersecurity-Skills · exploiting-active-directory-with-bloodhound
BloodHound is a graph-based Active Directory reconnaissance tool that uses graph theory to reveal hidden and unintended relationships within AD environments. Red teams use BloodHound to identify attac
analyzing-malware-sandbox-evasion-techniques
mukul975/Anthropic-Cybersecurity-Skills · analyzing-malware-sandbox-evasion-techniques
Detect sandbox evasion techniques in malware samples by analyzing timing checks, VM artifact queries, user interaction detection, and sleep inflation patterns from Cuckoo/AnyRun behavioral reports
conducting-full-scope-red-team-engagement
mukul975/Anthropic-Cybersecurity-Skills · conducting-full-scope-red-team-engagement
Plan and execute a comprehensive red team engagement covering reconnaissance through post-exploitation using MITRE ATT&CK-aligned TTPs to evaluate an organization's detection and response capabilities.
building-ioc-enrichment-pipeline-with-opencti
mukul975/Anthropic-Cybersecurity-Skills · building-ioc-enrichment-pipeline-with-opencti
OpenCTI is an open-source platform for managing cyber threat intelligence knowledge, built on STIX 2.1 as its native data model. This skill covers building an automated IOC enrichment pipeline using O
performing-malware-ioc-extraction
mukul975/Anthropic-Cybersecurity-Skills · performing-malware-ioc-extraction
Malware IOC extraction is the process of analyzing malicious software to identify actionable indicators of compromise including file hashes, network indicators (C2 domains, IP addresses, URLs), regist
analyzing-windows-event-logs-in-splunk
mukul975/Anthropic-Cybersecurity-Skills · analyzing-windows-event-logs-in-splunk
Analyzes Windows Security, System, and Sysmon event logs in Splunk to detect authentication attacks, privilege escalation, persistence mechanisms, and lateral movement using SPL queries mapped to MITRE ATT&CK techniques. Use when SOC analysts need to investigate Windows-based threats, build detection queries, or perform forensic timeline analysis of Windows endpoints and domain controllers.
implementing-mitre-attack-coverage-mapping
mukul975/Anthropic-Cybersecurity-Skills · implementing-mitre-attack-coverage-mapping
Implement MITRE ATT&CK coverage mapping to identify detection gaps, prioritize rule development, and measure SOC detection maturity against adversary techniques.