Initial commit - 611 cybersecurity skills across all subdomains

This commit is contained in:
mukul975
2026-02-25 10:47:44 +01:00
commit 22a7ab1462
1765 changed files with 280648 additions and 0 deletions
@@ -0,0 +1,7 @@
# Standards & References
- **MITRE ATT&CK T1059.001**: PowerShell execution
- **MITRE ATT&CK T1055**: Process Injection (all sub-techniques)
- **MITRE ATT&CK T1546.003**: WMI Event Subscription persistence
- **MITRE ATT&CK T1620**: Reflective Code Loading
- **Microsoft AMSI Documentation**: https://learn.microsoft.com/en-us/windows/win32/amsi/
- **PowerShell Logging**: https://learn.microsoft.com/en-us/powershell/scripting/windows-powershell/wmf/whats-new/script-logging
@@ -0,0 +1,8 @@
# Workflows
## Fileless Attack Detection
```
[Enable telemetry (Sysmon, PS logging, AMSI)] → [Build detection rules per technique]
→ [Deploy rules in SIEM] → [Threat hunt for historical fileless indicators]
→ [Triage alerts] → [Investigate memory for confirmed incidents]
→ [Extract IOCs from memory analysis] → [Tune detections]
```