mukul975/Anthropic-Cybersecurity-Skills

skills & prompt files 195

• ⚠ hidden: skill: skill-exfilmukul975-Anthropic-Cybersecurity-Skills-0445030/skills/analyzing-email-headers-for-phishing-investigation/SKILL.md:199secret→sink: # Check domain reputation on VirusTotal
• ⚠ hidden: skill: skill-exfilmukul975-Anthropic-Cybersecurity-Skills-0445030/skills/conducting-post-incident-lessons-learned/SKILL.md:49secret→sink: # Export incident timeline from ticketing system
• ⚠ hidden: skill: skill-exfilmukul975-Anthropic-Cybersecurity-Skills-0445030/skills/detecting-mobile-malware-behavior/SKILL.md:197secret→sink: | **C2 Beacon** | Regular network check-in from malware to command-and-control server, identifiable by periodic timing patterns |
• ⚠ hidden: skill: skill-exfilmukul975-Anthropic-Cybersecurity-Skills-0445030/skills/implementing-api-schema-validation-security/SKILL.md:371secret→sink: # Upload OpenAPI schema to Cloudflare API Shield
• ⚠ hidden: skill: skill-exfilmukul975-Anthropic-Cybersecurity-Skills-0445030/skills/implementing-ddos-mitigation-with-cloudflare/SKILL.md:114secret→sink: # Update DNS records (proxy enabled for DDoS protection)
• ⚠ hidden: skill: skill-exfilmukul975-Anthropic-Cybersecurity-Skills-0445030/skills/implementing-device-posture-assessment-in-zero-trust/SKILL.md:122secret→sink: # CrowdStrike Falcon API: Query ZTA scores for all endpoints
• ⚠ hidden: skill: skill-exfilmukul975-Anthropic-Cybersecurity-Skills-0445030/skills/performing-dynamic-analysis-with-any-run/SKILL.md:93secret→sink: # Check task status
• ⚠ hidden: skill: skill-exfilmukul975-Anthropic-Cybersecurity-Skills-0445030/skills/performing-network-forensics-with-wireshark/SKILL.md:146secret→sink: echo "Checking $filepath ($hash)"
• ⚠ hidden: skill: skill-exfilmukul975-Anthropic-Cybersecurity-Skills-0445030/skills/testing-for-broken-access-control/SKILL.md:142secret→sink: -H "Authorization: $USER_TOKEN" \
• ⚠ hidden: skill: skill-exfilmukul975-Anthropic-Cybersecurity-Skills-0445030/skills/testing-for-sensitive-data-exposure/SKILL.md:95secret→sink: .aws/credentials .docker/config.json; do
• ⚠ hidden: skill: skill-exfilmukul975-Anthropic-Cybersecurity-Skills-0445030/skills/triaging-security-incident-with-ir-playbook/SKILL.md:69secret→sink: # Enrich source IP with VirusTotal

• skillmukul975-Anthropic-Cybersecurity-Skills-0445030/skills/acquiring-disk-image-with-dd-and-dcfldd/SKILL.md
• skillmukul975-Anthropic-Cybersecurity-Skills-0445030/skills/analyzing-active-directory-acl-abuse/SKILL.md
• skillmukul975-Anthropic-Cybersecurity-Skills-0445030/skills/analyzing-android-malware-with-apktool/SKILL.md
• skillmukul975-Anthropic-Cybersecurity-Skills-0445030/skills/analyzing-api-gateway-access-logs/SKILL.md
• skillmukul975-Anthropic-Cybersecurity-Skills-0445030/skills/analyzing-apt-group-with-mitre-navigator/SKILL.md
• skillmukul975-Anthropic-Cybersecurity-Skills-0445030/skills/analyzing-azure-activity-logs-for-threats/SKILL.md
• skillmukul975-Anthropic-Cybersecurity-Skills-0445030/skills/analyzing-bootkit-and-rootkit-samples/SKILL.md
• skillmukul975-Anthropic-Cybersecurity-Skills-0445030/skills/analyzing-browser-forensics-with-hindsight/SKILL.md
• skillmukul975-Anthropic-Cybersecurity-Skills-0445030/skills/analyzing-campaign-attribution-evidence/SKILL.md
• skillmukul975-Anthropic-Cybersecurity-Skills-0445030/skills/analyzing-certificate-transparency-for-phishing/SKILL.md
• skillmukul975-Anthropic-Cybersecurity-Skills-0445030/skills/analyzing-cloud-storage-access-patterns/SKILL.md
• skillmukul975-Anthropic-Cybersecurity-Skills-0445030/skills/analyzing-cobalt-strike-beacon-configuration/SKILL.md
• skillmukul975-Anthropic-Cybersecurity-Skills-0445030/skills/analyzing-cobaltstrike-malleable-c2-profiles/SKILL.md
• skillmukul975-Anthropic-Cybersecurity-Skills-0445030/skills/analyzing-command-and-control-communication/SKILL.md
• skillmukul975-Anthropic-Cybersecurity-Skills-0445030/skills/analyzing-cyber-kill-chain/SKILL.md
• skillmukul975-Anthropic-Cybersecurity-Skills-0445030/skills/analyzing-disk-image-with-autopsy/SKILL.md
• skillmukul975-Anthropic-Cybersecurity-Skills-0445030/skills/analyzing-dns-logs-for-exfiltration/SKILL.md
• skillmukul975-Anthropic-Cybersecurity-Skills-0445030/skills/analyzing-docker-container-forensics/SKILL.md
• skillmukul975-Anthropic-Cybersecurity-Skills-0445030/skills/analyzing-ethereum-smart-contract-vulnerabilities/SKILL.md
• skillmukul975-Anthropic-Cybersecurity-Skills-0445030/skills/analyzing-golang-malware-with-ghidra/SKILL.md
• skillmukul975-Anthropic-Cybersecurity-Skills-0445030/skills/analyzing-heap-spray-exploitation/SKILL.md
• skillmukul975-Anthropic-Cybersecurity-Skills-0445030/skills/analyzing-indicators-of-compromise/SKILL.md
• skillmukul975-Anthropic-Cybersecurity-Skills-0445030/skills/analyzing-ios-app-security-with-objection/SKILL.md
• skillmukul975-Anthropic-Cybersecurity-Skills-0445030/skills/analyzing-kubernetes-audit-logs/SKILL.md
• skillmukul975-Anthropic-Cybersecurity-Skills-0445030/skills/analyzing-linux-audit-logs-for-intrusion/SKILL.md
• skillmukul975-Anthropic-Cybersecurity-Skills-0445030/skills/analyzing-linux-elf-malware/SKILL.md
• skillmukul975-Anthropic-Cybersecurity-Skills-0445030/skills/analyzing-linux-kernel-rootkits/SKILL.md
• skillmukul975-Anthropic-Cybersecurity-Skills-0445030/skills/analyzing-linux-system-artifacts/SKILL.md
• skillmukul975-Anthropic-Cybersecurity-Skills-0445030/skills/analyzing-lnk-file-and-jump-list-artifacts/SKILL.md
• skillmukul975-Anthropic-Cybersecurity-Skills-0445030/skills/analyzing-macro-malware-in-office-documents/SKILL.md
• skillmukul975-Anthropic-Cybersecurity-Skills-0445030/skills/analyzing-malicious-pdf-with-peepdf/SKILL.md
• skillmukul975-Anthropic-Cybersecurity-Skills-0445030/skills/analyzing-malicious-url-with-urlscan/SKILL.md
• skillmukul975-Anthropic-Cybersecurity-Skills-0445030/skills/analyzing-malware-behavior-with-cuckoo-sandbox/SKILL.md
• skillmukul975-Anthropic-Cybersecurity-Skills-0445030/skills/analyzing-malware-family-relationships-with-malpedia/SKILL.md
• skillmukul975-Anthropic-Cybersecurity-Skills-0445030/skills/analyzing-malware-persistence-with-autoruns/SKILL.md
• skillmukul975-Anthropic-Cybersecurity-Skills-0445030/skills/analyzing-malware-sandbox-evasion-techniques/SKILL.md
• skillmukul975-Anthropic-Cybersecurity-Skills-0445030/skills/analyzing-memory-dumps-with-volatility/SKILL.md
• skillmukul975-Anthropic-Cybersecurity-Skills-0445030/skills/analyzing-memory-forensics-with-lime-and-volatility/SKILL.md
• skillmukul975-Anthropic-Cybersecurity-Skills-0445030/skills/analyzing-mft-for-deleted-file-recovery/SKILL.md
• skillmukul975-Anthropic-Cybersecurity-Skills-0445030/skills/analyzing-network-covert-channels-in-malware/SKILL.md
• skillmukul975-Anthropic-Cybersecurity-Skills-0445030/skills/analyzing-network-flow-data-with-netflow/SKILL.md
• skillmukul975-Anthropic-Cybersecurity-Skills-0445030/skills/analyzing-network-packets-with-scapy/SKILL.md
• skillmukul975-Anthropic-Cybersecurity-Skills-0445030/skills/analyzing-network-traffic-for-incidents/SKILL.md
• skillmukul975-Anthropic-Cybersecurity-Skills-0445030/skills/analyzing-network-traffic-of-malware/SKILL.md
• skillmukul975-Anthropic-Cybersecurity-Skills-0445030/skills/analyzing-network-traffic-with-wireshark/SKILL.md
• skillmukul975-Anthropic-Cybersecurity-Skills-0445030/skills/analyzing-office365-audit-logs-for-compromise/SKILL.md
• skillmukul975-Anthropic-Cybersecurity-Skills-0445030/skills/analyzing-outlook-pst-for-email-forensics/SKILL.md
• skillmukul975-Anthropic-Cybersecurity-Skills-0445030/skills/analyzing-packed-malware-with-upx-unpacker/SKILL.md
• skillmukul975-Anthropic-Cybersecurity-Skills-0445030/skills/analyzing-pdf-malware-with-pdfid/SKILL.md
• skillmukul975-Anthropic-Cybersecurity-Skills-0445030/skills/analyzing-persistence-mechanisms-in-linux/SKILL.md
• skillmukul975-Anthropic-Cybersecurity-Skills-0445030/skills/analyzing-powershell-empire-artifacts/SKILL.md
• skillmukul975-Anthropic-Cybersecurity-Skills-0445030/skills/analyzing-powershell-script-block-logging/SKILL.md
• skillmukul975-Anthropic-Cybersecurity-Skills-0445030/skills/analyzing-prefetch-files-for-execution-history/SKILL.md
• skillmukul975-Anthropic-Cybersecurity-Skills-0445030/skills/analyzing-ransomware-encryption-mechanisms/SKILL.md
• skillmukul975-Anthropic-Cybersecurity-Skills-0445030/skills/analyzing-ransomware-leak-site-intelligence/SKILL.md
• skillmukul975-Anthropic-Cybersecurity-Skills-0445030/skills/analyzing-ransomware-network-indicators/SKILL.md
• skillmukul975-Anthropic-Cybersecurity-Skills-0445030/skills/analyzing-ransomware-payment-wallets/SKILL.md
• skillmukul975-Anthropic-Cybersecurity-Skills-0445030/skills/analyzing-sbom-for-supply-chain-vulnerabilities/SKILL.md
• skillmukul975-Anthropic-Cybersecurity-Skills-0445030/skills/analyzing-security-logs-with-splunk/SKILL.md
• skillmukul975-Anthropic-Cybersecurity-Skills-0445030/skills/analyzing-slack-space-and-file-system-artifacts/SKILL.md
• skillmukul975-Anthropic-Cybersecurity-Skills-0445030/skills/analyzing-supply-chain-malware-artifacts/SKILL.md
• skillmukul975-Anthropic-Cybersecurity-Skills-0445030/skills/analyzing-threat-actor-ttps-with-mitre-attack/SKILL.md
• skillmukul975-Anthropic-Cybersecurity-Skills-0445030/skills/analyzing-threat-actor-ttps-with-mitre-navigator/SKILL.md
• skillmukul975-Anthropic-Cybersecurity-Skills-0445030/skills/analyzing-threat-intelligence-feeds/SKILL.md
• skillmukul975-Anthropic-Cybersecurity-Skills-0445030/skills/analyzing-threat-landscape-with-misp/SKILL.md
• skillmukul975-Anthropic-Cybersecurity-Skills-0445030/skills/analyzing-tls-certificate-transparency-logs/SKILL.md
• skillmukul975-Anthropic-Cybersecurity-Skills-0445030/skills/analyzing-typosquatting-domains-with-dnstwist/SKILL.md
• skillmukul975-Anthropic-Cybersecurity-Skills-0445030/skills/analyzing-uefi-bootkit-persistence/SKILL.md
• skillmukul975-Anthropic-Cybersecurity-Skills-0445030/skills/analyzing-usb-device-connection-history/SKILL.md
• skillmukul975-Anthropic-Cybersecurity-Skills-0445030/skills/analyzing-web-server-logs-for-intrusion/SKILL.md
• skillmukul975-Anthropic-Cybersecurity-Skills-0445030/skills/analyzing-windows-amcache-artifacts/SKILL.md
• skillmukul975-Anthropic-Cybersecurity-Skills-0445030/skills/analyzing-windows-event-logs-in-splunk/SKILL.md
• skillmukul975-Anthropic-Cybersecurity-Skills-0445030/skills/analyzing-windows-lnk-files-for-artifacts/SKILL.md
• skillmukul975-Anthropic-Cybersecurity-Skills-0445030/skills/analyzing-windows-prefetch-with-python/SKILL.md
• skillmukul975-Anthropic-Cybersecurity-Skills-0445030/skills/analyzing-windows-registry-for-artifacts/SKILL.md
• skillmukul975-Anthropic-Cybersecurity-Skills-0445030/skills/analyzing-windows-shellbag-artifacts/SKILL.md
• skillmukul975-Anthropic-Cybersecurity-Skills-0445030/skills/auditing-aws-s3-bucket-permissions/SKILL.md
• skillmukul975-Anthropic-Cybersecurity-Skills-0445030/skills/auditing-azure-active-directory-configuration/SKILL.md
• skillmukul975-Anthropic-Cybersecurity-Skills-0445030/skills/auditing-cloud-with-cis-benchmarks/SKILL.md
• skillmukul975-Anthropic-Cybersecurity-Skills-0445030/skills/auditing-gcp-iam-permissions/SKILL.md
• skillmukul975-Anthropic-Cybersecurity-Skills-0445030/skills/auditing-kubernetes-cluster-rbac/SKILL.md
• skillmukul975-Anthropic-Cybersecurity-Skills-0445030/skills/auditing-terraform-infrastructure-for-security/SKILL.md
• skillmukul975-Anthropic-Cybersecurity-Skills-0445030/skills/auditing-tls-certificate-transparency-logs/SKILL.md
• skillmukul975-Anthropic-Cybersecurity-Skills-0445030/skills/automating-ioc-enrichment/SKILL.md
• skillmukul975-Anthropic-Cybersecurity-Skills-0445030/skills/building-adversary-infrastructure-tracking-system/SKILL.md
• skillmukul975-Anthropic-Cybersecurity-Skills-0445030/skills/building-attack-pattern-library-from-cti-reports/SKILL.md
• skillmukul975-Anthropic-Cybersecurity-Skills-0445030/skills/building-automated-malware-submission-pipeline/SKILL.md
• skillmukul975-Anthropic-Cybersecurity-Skills-0445030/skills/building-c2-infrastructure-with-sliver-framework/SKILL.md
• skillmukul975-Anthropic-Cybersecurity-Skills-0445030/skills/building-cloud-siem-with-sentinel/SKILL.md
• skillmukul975-Anthropic-Cybersecurity-Skills-0445030/skills/building-detection-rule-with-splunk-spl/SKILL.md
• skillmukul975-Anthropic-Cybersecurity-Skills-0445030/skills/building-detection-rules-with-sigma/SKILL.md
• skillmukul975-Anthropic-Cybersecurity-Skills-0445030/skills/building-devsecops-pipeline-with-gitlab-ci/SKILL.md
• skillmukul975-Anthropic-Cybersecurity-Skills-0445030/skills/building-identity-federation-with-saml-azure-ad/SKILL.md
• skillmukul975-Anthropic-Cybersecurity-Skills-0445030/skills/building-identity-governance-lifecycle-process/SKILL.md
• skillmukul975-Anthropic-Cybersecurity-Skills-0445030/skills/building-incident-response-dashboard/SKILL.md
• skillmukul975-Anthropic-Cybersecurity-Skills-0445030/skills/building-incident-response-playbook/SKILL.md
• skillmukul975-Anthropic-Cybersecurity-Skills-0445030/skills/building-incident-timeline-with-timesketch/SKILL.md
• skillmukul975-Anthropic-Cybersecurity-Skills-0445030/skills/building-ioc-defanging-and-sharing-pipeline/SKILL.md
• skillmukul975-Anthropic-Cybersecurity-Skills-0445030/skills/building-ioc-enrichment-pipeline-with-opencti/SKILL.md
• skillmukul975-Anthropic-Cybersecurity-Skills-0445030/skills/building-malware-incident-communication-template/SKILL.md
• skillmukul975-Anthropic-Cybersecurity-Skills-0445030/skills/building-patch-tuesday-response-process/SKILL.md
• skillmukul975-Anthropic-Cybersecurity-Skills-0445030/skills/building-phishing-reporting-button-workflow/SKILL.md
• skillmukul975-Anthropic-Cybersecurity-Skills-0445030/skills/building-ransomware-playbook-with-cisa-framework/SKILL.md
• skillmukul975-Anthropic-Cybersecurity-Skills-0445030/skills/building-red-team-c2-infrastructure-with-havoc/SKILL.md
• skillmukul975-Anthropic-Cybersecurity-Skills-0445030/skills/building-role-mining-for-rbac-optimization/SKILL.md
• skillmukul975-Anthropic-Cybersecurity-Skills-0445030/skills/building-soc-escalation-matrix/SKILL.md
• skillmukul975-Anthropic-Cybersecurity-Skills-0445030/skills/building-soc-metrics-and-kpi-tracking/SKILL.md
• skillmukul975-Anthropic-Cybersecurity-Skills-0445030/skills/building-soc-playbook-for-ransomware/SKILL.md
• skillmukul975-Anthropic-Cybersecurity-Skills-0445030/skills/building-threat-actor-profile-from-osint/SKILL.md
• skillmukul975-Anthropic-Cybersecurity-Skills-0445030/skills/building-threat-feed-aggregation-with-misp/SKILL.md
• skillmukul975-Anthropic-Cybersecurity-Skills-0445030/skills/building-threat-hunt-hypothesis-framework/SKILL.md
• skillmukul975-Anthropic-Cybersecurity-Skills-0445030/skills/building-threat-intelligence-enrichment-in-splunk/SKILL.md
• skillmukul975-Anthropic-Cybersecurity-Skills-0445030/skills/building-threat-intelligence-feed-integration/SKILL.md
• skillmukul975-Anthropic-Cybersecurity-Skills-0445030/skills/building-threat-intelligence-platform/SKILL.md
• skillmukul975-Anthropic-Cybersecurity-Skills-0445030/skills/building-vulnerability-aging-and-sla-tracking/SKILL.md
• skillmukul975-Anthropic-Cybersecurity-Skills-0445030/skills/building-vulnerability-dashboard-with-defectdojo/SKILL.md
• skillmukul975-Anthropic-Cybersecurity-Skills-0445030/skills/building-vulnerability-exception-tracking-system/SKILL.md
• skillmukul975-Anthropic-Cybersecurity-Skills-0445030/skills/building-vulnerability-scanning-workflow/SKILL.md
• skillmukul975-Anthropic-Cybersecurity-Skills-0445030/skills/bypassing-authentication-with-forced-browsing/SKILL.md
• skillmukul975-Anthropic-Cybersecurity-Skills-0445030/skills/collecting-indicators-of-compromise/SKILL.md
• skillmukul975-Anthropic-Cybersecurity-Skills-0445030/skills/collecting-open-source-intelligence/SKILL.md
• skillmukul975-Anthropic-Cybersecurity-Skills-0445030/skills/collecting-threat-intelligence-with-misp/SKILL.md
• skillmukul975-Anthropic-Cybersecurity-Skills-0445030/skills/collecting-volatile-evidence-from-compromised-host/SKILL.md
• skillmukul975-Anthropic-Cybersecurity-Skills-0445030/skills/conducting-api-security-testing/SKILL.md
• skillmukul975-Anthropic-Cybersecurity-Skills-0445030/skills/conducting-cloud-incident-response/SKILL.md
• skillmukul975-Anthropic-Cybersecurity-Skills-0445030/skills/conducting-cloud-penetration-testing/SKILL.md
• skillmukul975-Anthropic-Cybersecurity-Skills-0445030/skills/conducting-domain-persistence-with-dcsync/SKILL.md
• skillmukul975-Anthropic-Cybersecurity-Skills-0445030/skills/conducting-external-reconnaissance-with-osint/SKILL.md
• skillmukul975-Anthropic-Cybersecurity-Skills-0445030/skills/conducting-full-scope-red-team-engagement/SKILL.md
• skillmukul975-Anthropic-Cybersecurity-Skills-0445030/skills/conducting-internal-network-penetration-test/SKILL.md
• skillmukul975-Anthropic-Cybersecurity-Skills-0445030/skills/conducting-internal-reconnaissance-with-bloodhound-ce/SKILL.md
• skillmukul975-Anthropic-Cybersecurity-Skills-0445030/skills/conducting-malware-incident-response/SKILL.md
• skillmukul975-Anthropic-Cybersecurity-Skills-0445030/skills/conducting-man-in-the-middle-attack-simulation/SKILL.md
• skillmukul975-Anthropic-Cybersecurity-Skills-0445030/skills/conducting-memory-forensics-with-volatility/SKILL.md
• skillmukul975-Anthropic-Cybersecurity-Skills-0445030/skills/conducting-mobile-app-penetration-test/SKILL.md
• skillmukul975-Anthropic-Cybersecurity-Skills-0445030/skills/conducting-network-penetration-test/SKILL.md
• skillmukul975-Anthropic-Cybersecurity-Skills-0445030/skills/conducting-pass-the-ticket-attack/SKILL.md
• skillmukul975-Anthropic-Cybersecurity-Skills-0445030/skills/conducting-phishing-incident-response/SKILL.md
• skillmukul975-Anthropic-Cybersecurity-Skills-0445030/skills/conducting-social-engineering-penetration-test/SKILL.md
• skillmukul975-Anthropic-Cybersecurity-Skills-0445030/skills/conducting-social-engineering-pretext-call/SKILL.md
• skillmukul975-Anthropic-Cybersecurity-Skills-0445030/skills/conducting-spearphishing-simulation-campaign/SKILL.md
• skillmukul975-Anthropic-Cybersecurity-Skills-0445030/skills/conducting-wireless-network-penetration-test/SKILL.md
• skillmukul975-Anthropic-Cybersecurity-Skills-0445030/skills/configuring-active-directory-tiered-model/SKILL.md
• skillmukul975-Anthropic-Cybersecurity-Skills-0445030/skills/configuring-aws-verified-access-for-ztna/SKILL.md
• skillmukul975-Anthropic-Cybersecurity-Skills-0445030/skills/configuring-certificate-authority-with-openssl/SKILL.md
• skillmukul975-Anthropic-Cybersecurity-Skills-0445030/skills/configuring-host-based-intrusion-detection/SKILL.md
• skillmukul975-Anthropic-Cybersecurity-Skills-0445030/skills/configuring-hsm-for-key-storage/SKILL.md
• skillmukul975-Anthropic-Cybersecurity-Skills-0445030/skills/configuring-identity-aware-proxy-with-google-iap/SKILL.md
• skillmukul975-Anthropic-Cybersecurity-Skills-0445030/skills/configuring-ldap-security-hardening/SKILL.md
• skillmukul975-Anthropic-Cybersecurity-Skills-0445030/skills/configuring-microsegmentation-for-zero-trust/SKILL.md
• skillmukul975-Anthropic-Cybersecurity-Skills-0445030/skills/configuring-multi-factor-authentication-with-duo/SKILL.md
• skillmukul975-Anthropic-Cybersecurity-Skills-0445030/skills/configuring-network-segmentation-with-vlans/SKILL.md
• skillmukul975-Anthropic-Cybersecurity-Skills-0445030/skills/configuring-oauth2-authorization-flow/SKILL.md
• skillmukul975-Anthropic-Cybersecurity-Skills-0445030/skills/configuring-pfsense-firewall-rules/SKILL.md
• skillmukul975-Anthropic-Cybersecurity-Skills-0445030/skills/configuring-snort-ids-for-intrusion-detection/SKILL.md
• skillmukul975-Anthropic-Cybersecurity-Skills-0445030/skills/configuring-suricata-for-network-monitoring/SKILL.md
• skillmukul975-Anthropic-Cybersecurity-Skills-0445030/skills/configuring-tls-1-3-for-secure-communications/SKILL.md
• skillmukul975-Anthropic-Cybersecurity-Skills-0445030/skills/configuring-windows-defender-advanced-settings/SKILL.md
• skillmukul975-Anthropic-Cybersecurity-Skills-0445030/skills/configuring-windows-event-logging-for-detection/SKILL.md
• skillmukul975-Anthropic-Cybersecurity-Skills-0445030/skills/configuring-zscaler-private-access-for-ztna/SKILL.md
• skillmukul975-Anthropic-Cybersecurity-Skills-0445030/skills/containing-active-breach/SKILL.md
• skillmukul975-Anthropic-Cybersecurity-Skills-0445030/skills/correlating-security-events-in-qradar/SKILL.md
• skillmukul975-Anthropic-Cybersecurity-Skills-0445030/skills/correlating-threat-campaigns/SKILL.md
• skillmukul975-Anthropic-Cybersecurity-Skills-0445030/skills/deobfuscating-javascript-malware/SKILL.md
• skillmukul975-Anthropic-Cybersecurity-Skills-0445030/skills/deobfuscating-powershell-obfuscated-malware/SKILL.md
• skillmukul975-Anthropic-Cybersecurity-Skills-0445030/skills/deploying-active-directory-honeytokens/SKILL.md
• skillmukul975-Anthropic-Cybersecurity-Skills-0445030/skills/deploying-cloudflare-access-for-zero-trust/SKILL.md
• skillmukul975-Anthropic-Cybersecurity-Skills-0445030/skills/deploying-decoy-files-for-ransomware-detection/SKILL.md
• skillmukul975-Anthropic-Cybersecurity-Skills-0445030/skills/deploying-edr-agent-with-crowdstrike/SKILL.md
• skillmukul975-Anthropic-Cybersecurity-Skills-0445030/skills/deploying-osquery-for-endpoint-monitoring/SKILL.md
• skillmukul975-Anthropic-Cybersecurity-Skills-0445030/skills/deploying-palo-alto-prisma-access-zero-trust/SKILL.md
• skillmukul975-Anthropic-Cybersecurity-Skills-0445030/skills/deploying-ransomware-canary-files/SKILL.md
• skillmukul975-Anthropic-Cybersecurity-Skills-0445030/skills/deploying-software-defined-perimeter/SKILL.md
• skillmukul975-Anthropic-Cybersecurity-Skills-0445030/skills/deploying-tailscale-for-zero-trust-vpn/SKILL.md
• skillmukul975-Anthropic-Cybersecurity-Skills-0445030/skills/detecting-ai-model-prompt-injection-attacks/SKILL.md
• skillmukul975-Anthropic-Cybersecurity-Skills-0445030/skills/detecting-anomalies-in-industrial-control-systems/SKILL.md
• skillmukul975-Anthropic-Cybersecurity-Skills-0445030/skills/detecting-anomalous-authentication-patterns/SKILL.md
• skillmukul975-Anthropic-Cybersecurity-Skills-0445030/skills/detecting-api-enumeration-attacks/SKILL.md
• skillmukul975-Anthropic-Cybersecurity-Skills-0445030/skills/detecting-arp-poisoning-in-network-traffic/SKILL.md
• skillmukul975-Anthropic-Cybersecurity-Skills-0445030/skills/detecting-attacks-on-historian-servers/SKILL.md
• skillmukul975-Anthropic-Cybersecurity-Skills-0445030/skills/detecting-attacks-on-scada-systems/SKILL.md
• skillmukul975-Anthropic-Cybersecurity-Skills-0445030/skills/detecting-aws-cloudtrail-anomalies/SKILL.md
• skillmukul975-Anthropic-Cybersecurity-Skills-0445030/skills/detecting-aws-credential-exposure-with-trufflehog/SKILL.md
• skillmukul975-Anthropic-Cybersecurity-Skills-0445030/skills/detecting-aws-guardduty-findings-automation/SKILL.md

danger signals44

• dynamic code executioneval()/exec()mukul975-Anthropic-Cybersecurity-Skills-0445030/skills/building-incident-response-dashboard/scripts/agent.py:106avg(eval(if(status_label="Resolved*", (status_end - _time)/3600, null()))) AS avg_resolve_hrs
• dynamic code executioneval()/exec()mukul975-Anthropic-Cybersecurity-Skills-0445030/skills/implementing-alert-fatigue-reduction/scripts/agent.py:27sum(eval(if(status_label="Resolved - True Positive", 1, 0))) AS tp,
• suspicious endpoint169.254.169.254 (cloud metadata)mukul975-Anthropic-Cybersecurity-Skills-0445030/skills/exploiting-server-side-request-forgery/scripts/agent.py:20"aws_imdsv1": "http://169.254.169.254/latest/meta-data/",
• suspicious endpoint169.254.169.254 (cloud metadata)mukul975-Anthropic-Cybersecurity-Skills-0445030/skills/performing-blind-ssrf-exploitation/scripts/agent.py:29"http://169.254.169.254/latest/meta-data/",
• suspicious endpoint169.254.169.254 (cloud metadata)mukul975-Anthropic-Cybersecurity-Skills-0445030/skills/performing-ssrf-vulnerability-exploitation/scripts/agent.py:16{"name": "AWS IMDSv1 metadata", "url": "http://169.254.169.254/latest/meta-data/", "indicator": "ami-id"},
• suspicious endpoint169.254.169.254 (cloud metadata)mukul975-Anthropic-Cybersecurity-Skills-0445030/skills/testing-for-xxe-injection-vulnerabilities/scripts/agent.py:29<!ENTITY xxe SYSTEM "http://169.254.169.254/latest/meta-data/">
• over-broad OAuth scopehttps://mail.google.com/mukul975-Anthropic-Cybersecurity-Skills-0445030/skills/implementing-browser-isolation-for-zero-trust/scripts/agent.py:987"https://mail.google.com/inbox",
• committed secretAWS access key idmukul975-Anthropic-Cybersecurity-Skills-0445030/skills/deploying-ransomware-canary-files/scripts/agent.py:82AKIAI4…(20 chars, redacted)
• suspicious bundled scriptsuspicious bundled scriptmukul975-Anthropic-Cybersecurity-Skills-0445030/skills/analyzing-powershell-empire-artifacts/scripts/agent.py:22re.compile(r"IEX\s*\(", re.IGNORECASE),
• suspicious bundled scriptsuspicious bundled scriptmukul975-Anthropic-Cybersecurity-Skills-0445030/skills/analyzing-powershell-script-block-logging/scripts/agent.py:24(r"(?i)(Invoke-Expression|iex)\s*\(", "Invoke-Expression execution", "T1059.001", "high"),
• suspicious bundled scriptsuspicious bundled scriptmukul975-Anthropic-Cybersecurity-Skills-0445030/skills/analyzing-security-logs-with-splunk/scripts/agent.py:71'OR CommandLine="*downloadstring*" OR CommandLine="*iex*") '
• suspicious bundled scriptsuspicious bundled scriptmukul975-Anthropic-Cybersecurity-Skills-0445030/skills/building-detection-rule-with-splunk-spl/scripts/process.py:268'| where match(ScriptBlockText, "(?i)(encodedcommand|invoke-expression|iex|downloadstring|frombase64string|net\\.webclient|invoke-mimikatz)") '
• suspicious bundled scriptsuspicious bundled scriptmukul975-Anthropic-Cybersecurity-Skills-0445030/skills/conducting-memory-forensics-with-volatility/scripts/agent.py:91"powershell -enc", "invoke-expression", "downloadstring", "net user",
• suspicious bundled scriptsuspicious bundled scriptmukul975-Anthropic-Cybersecurity-Skills-0445030/skills/deobfuscating-powershell-obfuscated-malware/scripts/agent.py:53(r'(?:iex|invoke-expression)', "Invoke-Expression (IEX) execution", "HIGH"),
• suspicious bundled scriptsuspicious bundled scriptmukul975-Anthropic-Cybersecurity-Skills-0445030/skills/deobfuscating-powershell-obfuscated-malware/scripts/process.py:51(r'Invoke-Expression', "Invoke-Expression"),
• suspicious bundled scriptsuspicious bundled scriptmukul975-Anthropic-Cybersecurity-Skills-0445030/skills/detecting-ai-model-prompt-injection-attacks/scripts/agent.py:40("command_injection_via_prompt", r"(?i)(;\s*(rm|cat|wget|curl|bash|sh|python|exec|eval)\b|\|\s*(cat|ls|id|whoami|nc)\b|`[^`]+`)"),
• suspicious bundled scriptsuspicious bundled scriptmukul975-Anthropic-Cybersecurity-Skills-0445030/skills/detecting-command-and-control-over-dns/scripts/agent.py:593r"Invoke-Expression", r"IEX\s*\(", r"DownloadString",
• suspicious bundled scriptsuspicious bundled scriptmukul975-Anthropic-Cybersecurity-Skills-0445030/skills/detecting-fileless-attacks-on-endpoints/scripts/agent.py:19r"Invoke-Expression|IEX\s*\(": ("T1059.001", "HIGH", "Dynamic code execution"),
• suspicious bundled scriptsuspicious bundled scriptmukul975-Anthropic-Cybersecurity-Skills-0445030/skills/detecting-fileless-attacks-on-endpoints/scripts/process.py:15"invoke_expression": r"(?i)(iex\s|invoke-expression)",
• suspicious bundled scriptsuspicious bundled scriptmukul975-Anthropic-Cybersecurity-Skills-0445030/skills/detecting-fileless-malware-techniques/scripts/agent.py:37(r'IEX\s*\(', "Invoke-Expression (download cradle)"),
• suspicious bundled scriptsuspicious bundled scriptmukul975-Anthropic-Cybersecurity-Skills-0445030/skills/detecting-living-off-the-land-attacks/scripts/agent.py:141r"IEX\s*\(",
• suspicious bundled scriptsuspicious bundled scriptmukul975-Anthropic-Cybersecurity-Skills-0445030/skills/detecting-malicious-scheduled-tasks-with-sysmon/scripts/agent.py:20r"powershell.*iex", r"powershell.*invoke-expression",
• suspicious bundled scriptsuspicious bundled scriptmukul975-Anthropic-Cybersecurity-Skills-0445030/skills/detecting-supply-chain-attacks-in-ci-cd/scripts/agent.py:152if "curl" in stripped and "| sh" in stripped or "| bash" in stripped:
• suspicious bundled scriptsuspicious bundled scriptmukul975-Anthropic-Cybersecurity-Skills-0445030/skills/detecting-suspicious-powershell-execution/scripts/agent.py:14"Invoke-Expression", "IEX", "Invoke-WebRequest", "Invoke-RestMethod",
• suspicious bundled scriptsuspicious bundled scriptmukul975-Anthropic-Cybersecurity-Skills-0445030/skills/detecting-suspicious-powershell-execution/scripts/process.py:13r'iex',
• suspicious bundled scriptsuspicious bundled scriptmukul975-Anthropic-Cybersecurity-Skills-0445030/skills/hunting-for-anomalous-powershell-execution/scripts/agent.py:47r"IEX\s*\(",
• suspicious bundled scriptsuspicious bundled scriptmukul975-Anthropic-Cybersecurity-Skills-0445030/skills/hunting-for-living-off-the-land-binaries/scripts/agent.py:69r"IEX\s*\(", r"Invoke-Expression", r"DownloadString",
• suspicious bundled scriptsuspicious bundled scriptmukul975-Anthropic-Cybersecurity-Skills-0445030/skills/hunting-for-lolbins-execution-in-endpoint-logs/scripts/agent.py:24r"-enc\s+", r"IEX", r"Invoke-Expression", r"DownloadString",
• suspicious bundled scriptsuspicious bundled scriptmukul975-Anthropic-Cybersecurity-Skills-0445030/skills/hunting-for-persistence-mechanisms-in-windows/scripts/agent.py:30r"base64", r"iex\s*\(", r"downloadstring",
• suspicious bundled scriptsuspicious bundled scriptmukul975-Anthropic-Cybersecurity-Skills-0445030/skills/hunting-for-persistence-mechanisms-in-windows/scripts/process.py:309r"mshta", r"http[s]?://", r"-enc\s", r"iex\s",
• suspicious bundled scriptsuspicious bundled scriptmukul975-Anthropic-Cybersecurity-Skills-0445030/skills/hunting-for-persistence-via-wmi-subscriptions/scripts/agent.py:32r"base64", r"IEX", r"DownloadString", r"Net\.WebClient",
• suspicious bundled scriptsuspicious bundled scriptmukul975-Anthropic-Cybersecurity-Skills-0445030/skills/hunting-for-persistence-via-wmi-subscriptions/scripts/process.py:31(r"(?i)(invoke-expression|iex|downloadstring)", "download_cradle"),
• suspicious bundled scriptsuspicious bundled scriptmukul975-Anthropic-Cybersecurity-Skills-0445030/skills/hunting-for-registry-persistence-mechanisms/scripts/agent.py:49r"base64", r"downloadstring", r"iex\s*\(",
• suspicious bundled scriptsuspicious bundled scriptmukul975-Anthropic-Cybersecurity-Skills-0445030/skills/hunting-for-registry-run-key-persistence/scripts/agent.py:91if re.search(r"(FromBase64|IEX|Invoke-Expression|DownloadString|Net\.WebClient)", details or "", re.IGNORECASE):
• suspicious bundled scriptsuspicious bundled scriptmukul975-Anthropic-Cybersecurity-Skills-0445030/skills/hunting-for-scheduled-task-persistence/scripts/agent.py:13r"powershell.*-enc", r"powershell.*downloadstring", r"powershell.*iex",
• suspicious bundled scriptsuspicious bundled scriptmukul975-Anthropic-Cybersecurity-Skills-0445030/skills/hunting-for-scheduled-task-persistence/scripts/process.py:14r"-enc", r"-encodedcommand", r"iex", r"downloadstring",
• suspicious bundled scriptsuspicious bundled scriptmukul975-Anthropic-Cybersecurity-Skills-0445030/skills/hunting-for-unusual-service-installations/scripts/agent.py:32(r"invoke-expression|iex\s", "invoke_expression"),
• suspicious bundled scriptsuspicious bundled scriptmukul975-Anthropic-Cybersecurity-Skills-0445030/skills/implementing-siem-use-cases-for-detection/scripts/agent.py:53'(CommandLine="*-enc*" OR CommandLine="*invoke-expression*" '
• suspicious bundled scriptsuspicious bundled scriptmukul975-Anthropic-Cybersecurity-Skills-0445030/skills/implementing-velociraptor-for-ir-collection/scripts/process.py:246"invoke-mimikatz", "invoke-expression", "downloadstring",
• suspicious bundled scriptsuspicious bundled scriptmukul975-Anthropic-Cybersecurity-Skills-0445030/skills/performing-container-image-hardening/scripts/agent.py:119if upper.startswith("RUN") and "curl" in stripped and "| sh" in stripped:
• suspicious bundled scriptsuspicious bundled scriptmukul975-Anthropic-Cybersecurity-Skills-0445030/skills/performing-malware-persistence-investigation/scripts/agent.py:17"downloadstring", "invoke-", "iex", "hidden",
• suspicious bundled scriptsuspicious bundled scriptmukul975-Anthropic-Cybersecurity-Skills-0445030/skills/performing-threat-hunting-with-yara-rules/scripts/agent.py:32$iex = "IEX" ascii nocase
• suspicious bundled scriptsuspicious bundled scriptmukul975-Anthropic-Cybersecurity-Skills-0445030/skills/scanning-container-images-with-grype/scripts/agent.py:35return {"error": "grype not found. Install: curl -sSfL https://raw.githubusercontent.com/anchore/grype/main/install.sh | sh"}
• suspicious bundled scriptsuspicious bundled scriptmukul975-Anthropic-Cybersecurity-Skills-0445030/skills/securing-container-registry-images/scripts/agent.py:58print(" [-] Syft not installed. Install: curl -sSfL https://raw.githubusercontent.com/anchore/syft/main/install.sh | sh")