chore: fix license, add disclaimer, quick start, GitHub topics, issue templates

This commit is contained in:
mukul975
2026-03-11 01:42:17 +01:00
parent e09b84a7da
commit 4ed6f49151
1468 changed files with 152538 additions and 13660 deletions
+310 -102
View File
@@ -1,69 +1,69 @@
{
"version": "1.0.0",
"generated_at": "2026-03-11T00:22:05Z",
"generated_at": "2026-03-10T23:59:37Z",
"repository": "https://github.com/mukul975/Anthropic-Cybersecurity-Skills",
"total_skills": 717,
"total_skills": 727,
"total_domains": 1,
"total_subdomains": 35,
"domain_stats": {
"cybersecurity": 717
"cybersecurity": 727
},
"subdomain_stats": {
"digital-forensics": 37,
"identity-security": 2,
"malware-analysis": 39,
"security-operations": 35,
"threat-intelligence": 50,
"cloud-security": 57,
"cloud-security": 60,
"soc-operations": 33,
"blockchain-security": 1,
"mobile-security": 12,
"container-security": 29,
"container-security": 30,
"log-analysis": 1,
"phishing-defense": 16,
"network-security": 39,
"incident-response": 25,
"threat-hunting": 50,
"threat-hunting": 55,
"red-teaming": 24,
"devsecops": 17,
"devsecops": 16,
"identity-access-management": 35,
"vulnerability-management": 25,
"web-application-security": 42,
"penetration-testing": 23,
"zero-trust-architecture": 13,
"cryptography": 14,
"endpoint-security": 16,
"endpoint-security": 17,
"ot-ics-security": 28,
"api-security": 28,
"threat-detection": 6,
"threat-detection": 7,
"identity-security": 1,
"ransomware-defense": 5,
"deception-technology": 2,
"application-security": 3,
"application-security": 4,
"compliance-governance": 5,
"identity-and-access-management": 1,
"zero-trust": 1,
"red-team": 2,
"offensive-security": 1,
"wireless-security": 1
"offensive-security": 1
},
"top_tags": [
{
"tag": "mitre-attack",
"count": 61
"tag": "threat-hunting",
"count": 62
},
{
"tag": "threat-hunting",
"count": 57
"tag": "mitre-attack",
"count": 61
},
{
"tag": "penetration-testing",
"count": 44
},
{
"tag": "threat-intelligence",
"count": 41
"tag": "cloud-security",
"count": 42
},
{
"tag": "cloud-security",
"tag": "threat-intelligence",
"count": 41
},
{
@@ -103,7 +103,7 @@
"count": 28
},
{
"tag": "phishing",
"tag": "kubernetes",
"count": 25
},
{
@@ -119,7 +119,7 @@
"count": 25
},
{
"tag": "kubernetes",
"tag": "phishing",
"count": 24
},
{
@@ -146,22 +146,6 @@
"license": "Apache-2.0",
"path": "skills/acquiring-disk-image-with-dd-and-dcfldd"
},
{
"name": "analyzing-active-directory-acl-abuse",
"description": "Detect dangerous ACL misconfigurations in Active Directory using ldap3 to identify GenericAll, WriteDACL, and WriteOwner abuse paths",
"domain": "cybersecurity",
"subdomain": "identity-security",
"tags": [
"active-directory",
"acl-abuse",
"ldap",
"privilege-escalation"
],
"version": "1.0",
"author": "mukul975",
"license": "Apache-2.0",
"path": "skills/analyzing-active-directory-acl-abuse"
},
{
"name": "analyzing-android-malware-with-apktool",
"description": "Perform static analysis of Android APK malware samples using apktool for decompilation, jadx for Java source recovery, and androguard for permission analysis, manifest inspection, and suspicious API call detection.",
@@ -492,6 +476,26 @@
"license": "Apache-2.0",
"path": "skills/analyzing-email-headers-for-phishing-investigation"
},
{
"name": "analyzing-ethereum-smart-contract-vulnerabilities",
"description": "Perform static and symbolic analysis of Solidity smart contracts using Slither and Mythril to detect reentrancy, integer overflow, access control, and other vulnerability classes before deployment to Ethereum mainnet.",
"domain": "cybersecurity",
"subdomain": "blockchain-security",
"tags": [
"ethereum",
"solidity",
"smart-contract",
"slither",
"mythril",
"blockchain",
"defi",
"audit"
],
"version": "1.0",
"author": "mukul975",
"license": "Apache-2.0",
"path": "skills/analyzing-ethereum-smart-contract-vulnerabilities"
},
{
"name": "analyzing-golang-malware-with-ghidra",
"description": "Reverse engineer Go-compiled malware using Ghidra with specialized scripts for function recovery, string extraction, and type reconstruction in stripped Go binaries.",
@@ -1026,6 +1030,25 @@
"license": "Apache-2.0",
"path": "skills/analyzing-pdf-malware-with-pdfid"
},
{
"name": "analyzing-persistence-mechanisms-in-linux",
"description": "Detect and analyze Linux persistence mechanisms including crontab entries, systemd service units, LD_PRELOAD hijacking, bashrc modifications, and authorized_keys backdoors using auditd and file integrity monitoring",
"domain": "cybersecurity",
"subdomain": "threat-hunting",
"tags": [
"linux-persistence",
"crontab",
"systemd",
"ld-preload",
"auditd",
"threat-hunting",
"incident-response"
],
"version": "1.0",
"author": "mukul975",
"license": "Apache-2.0",
"path": "skills/analyzing-persistence-mechanisms-in-linux"
},
{
"name": "analyzing-phishing-email-headers",
"description": "Email headers contain critical metadata that reveals the true origin, routing path, and authentication status of emails. Analyzing these headers is a foundational skill for identifying phishing attemp",
@@ -1137,6 +1160,25 @@
"license": "Apache-2.0",
"path": "skills/analyzing-ransomware-leak-site-intelligence"
},
{
"name": "analyzing-ransomware-network-indicators",
"description": "Identify ransomware network indicators including C2 beaconing patterns, TOR exit node connections, data exfiltration flows, and encryption key exchange via Zeek conn.log and NetFlow analysis",
"domain": "cybersecurity",
"subdomain": "threat-hunting",
"tags": [
"ransomware",
"c2-beaconing",
"zeek",
"netflow",
"tor",
"exfiltration",
"network-forensics"
],
"version": "1.0",
"author": "mukul975",
"license": "Apache-2.0",
"path": "skills/analyzing-ransomware-network-indicators"
},
{
"name": "analyzing-security-logs-with-splunk",
"description": ">",
@@ -3447,6 +3489,45 @@
"license": "Apache-2.0",
"path": "skills/detecting-aws-guardduty-findings-automation"
},
{
"name": "detecting-aws-iam-privilege-escalation",
"description": "Detect AWS IAM privilege escalation paths using boto3 and Cloudsplaining policy analysis to identify overly permissive policies, dangerous permission combinations, and least-privilege violations",
"domain": "cybersecurity",
"subdomain": "cloud-security",
"tags": [
"aws",
"iam",
"privilege-escalation",
"cloudsplaining",
"boto3",
"policy-analysis",
"least-privilege"
],
"version": "1.0",
"author": "mukul975",
"license": "Apache-2.0",
"path": "skills/detecting-aws-iam-privilege-escalation"
},
{
"name": "detecting-azure-lateral-movement",
"description": "Detect lateral movement in Azure AD/Entra ID environments using Microsoft Graph API audit logs, Azure Sentinel KQL hunting queries, and sign-in anomaly correlation to identify privilege escalation, token theft, and cross-tenant pivoting.",
"domain": "cybersecurity",
"subdomain": "cloud-security",
"tags": [
"azure",
"entra-id",
"lateral-movement",
"sentinel",
"kql",
"graph-api",
"cloud-security",
"threat-hunting"
],
"version": "1.0",
"author": "mukul975",
"license": "Apache-2.0",
"path": "skills/detecting-azure-lateral-movement"
},
{
"name": "detecting-azure-service-principal-abuse",
"description": "Detect and investigate Azure service principal abuse including privilege escalation, credential compromise, admin consent bypass, and unauthorized enumeration in Microsoft Entra ID environments.",
@@ -3854,22 +3935,6 @@
"license": "Apache-2.0",
"path": "skills/detecting-evasion-techniques-in-endpoint-logs"
},
{
"name": "detecting-exfiltration-over-dns-with-zeek",
"description": "Detect DNS-based data exfiltration by analyzing Zeek dns.log for high-entropy subdomains and anomalous query patterns",
"domain": "cybersecurity",
"subdomain": "network-security",
"tags": [
"dns-exfiltration",
"zeek",
"entropy-analysis",
"threat-hunting"
],
"version": "1.0",
"author": "mukul975",
"license": "Apache-2.0",
"path": "skills/detecting-exfiltration-over-dns-with-zeek"
},
{
"name": "detecting-fileless-attacks-on-endpoints",
"description": ">",
@@ -4073,6 +4138,25 @@
"license": "Apache-2.0",
"path": "skills/detecting-living-off-the-land-attacks"
},
{
"name": "detecting-living-off-the-land-with-lolbas",
"description": "Detect Living Off the Land Binaries (LOLBins/LOLBAS) abuse including certutil, regsvr32, mshta, and rundll32 via process telemetry, Sigma rules, and parent-child process analysis",
"domain": "cybersecurity",
"subdomain": "threat-detection",
"tags": [
"lolbas",
"lolbins",
"sigma-rules",
"process-monitoring",
"sysmon",
"endpoint-detection",
"threat-hunting"
],
"version": "1.0",
"author": "mukul975",
"license": "Apache-2.0",
"path": "skills/detecting-living-off-the-land-with-lolbas"
},
{
"name": "detecting-malicious-scheduled-tasks-with-sysmon",
"description": ">",
@@ -5734,6 +5818,25 @@
"license": "Apache-2.0",
"path": "skills/hunting-for-data-exfiltration-indicators"
},
{
"name": "hunting-for-data-staging-before-exfiltration",
"description": "Detect data staging activity before exfiltration by monitoring for archive creation with 7-Zip/RAR, unusual temp folder access, large file consolidation, and staging directory patterns via EDR and process telemetry",
"domain": "cybersecurity",
"subdomain": "threat-hunting",
"tags": [
"data-staging",
"exfiltration",
"t1074",
"archive-detection",
"edr",
"threat-hunting",
"dlp"
],
"version": "1.0",
"author": "mukul975",
"license": "Apache-2.0",
"path": "skills/hunting-for-data-staging-before-exfiltration"
},
{
"name": "hunting-for-dcsync-attacks",
"description": "Detect DCSync attacks by analyzing Windows Event ID 4662 for unauthorized DS-Replication-Get-Changes requests from non-domain-controller accounts.",
@@ -5770,6 +5873,25 @@
"license": "Apache-2.0",
"path": "skills/hunting-for-defense-evasion-via-timestomping"
},
{
"name": "hunting-for-dns-based-persistence",
"description": "Hunt for DNS-based persistence mechanisms including DNS hijacking, dangling CNAME records, wildcard DNS abuse, and unauthorized zone modifications using passive DNS databases, SecurityTrails API, and DNS audit log analysis.",
"domain": "cybersecurity",
"subdomain": "threat-hunting",
"tags": [
"dns",
"persistence",
"threat-hunting",
"passive-dns",
"dns-hijacking",
"subdomain-takeover",
"securitytrails"
],
"version": "1.0",
"author": "mukul975",
"license": "Apache-2.0",
"path": "skills/hunting-for-dns-based-persistence"
},
{
"name": "hunting-for-dns-tunneling-with-zeek",
"description": "Detect DNS tunneling and data exfiltration by analyzing Zeek dns.log for high-entropy subdomain queries, excessive query volume, long query lengths, and unusual DNS record types indicating covert channel communication.",
@@ -5933,6 +6055,25 @@
"license": "Apache-2.0",
"path": "skills/hunting-for-persistence-via-wmi-subscriptions"
},
{
"name": "hunting-for-process-injection-techniques",
"description": "Detect process injection techniques (T1055) including CreateRemoteThread, process hollowing, and DLL injection via Sysmon Event IDs 8 and 10 and EDR process telemetry",
"domain": "cybersecurity",
"subdomain": "threat-hunting",
"tags": [
"process-injection",
"t1055",
"sysmon",
"createremotethread",
"dll-injection",
"edr",
"threat-hunting"
],
"version": "1.0",
"author": "mukul975",
"license": "Apache-2.0",
"path": "skills/hunting-for-process-injection-techniques"
},
{
"name": "hunting-for-registry-persistence-mechanisms",
"description": "Hunt for registry-based persistence mechanisms including Run keys, Winlogon modifications, IFEO injection, and COM hijacking in Windows environments.",
@@ -7178,6 +7319,25 @@
"license": "Apache-2.0",
"path": "skills/implementing-epss-score-for-vulnerability-prioritization"
},
{
"name": "implementing-file-integrity-monitoring-with-aide",
"description": "Configure AIDE (Advanced Intrusion Detection Environment) for file integrity monitoring including baseline creation, scheduled integrity checks, change detection, and alerting",
"domain": "cybersecurity",
"subdomain": "endpoint-security",
"tags": [
"aide",
"file-integrity",
"hids",
"baseline",
"intrusion-detection",
"compliance",
"linux-security"
],
"version": "1.0",
"author": "mukul975",
"license": "Apache-2.0",
"path": "skills/implementing-file-integrity-monitoring-with-aide"
},
{
"name": "implementing-fuzz-testing-in-cicd-with-aflplusplus",
"description": "Integrate AFL++ coverage-guided fuzz testing into CI/CD pipelines to discover memory corruption, input handling, and logic vulnerabilities in C/C++ and compiled applications.",
@@ -7597,6 +7757,25 @@
"license": "Apache-2.0",
"path": "skills/implementing-kubernetes-pod-security-standards"
},
{
"name": "implementing-log-forwarding-with-fluentd",
"description": "Configure Fluentd and Fluent Bit for centralized log aggregation, routing, filtering, and enrichment across distributed infrastructure",
"domain": "cybersecurity",
"subdomain": "security-operations",
"tags": [
"fluentd",
"fluent-bit",
"log-aggregation",
"log-forwarding",
"siem",
"centralized-logging",
"observability"
],
"version": "1.0",
"author": "mukul975",
"license": "Apache-2.0",
"path": "skills/implementing-log-forwarding-with-fluentd"
},
{
"name": "implementing-log-integrity-with-blockchain",
"description": ">-",
@@ -8352,6 +8531,26 @@
"license": "Apache-2.0",
"path": "skills/implementing-rsa-key-pair-management"
},
{
"name": "implementing-runtime-application-self-protection",
"description": "Deploy Runtime Application Self-Protection (RASP) agents to detect and block attacks from within application runtime, covering OpenRASP integration, attack pattern detection, and security policy configuration for Java and Python web applications.",
"domain": "cybersecurity",
"subdomain": "application-security",
"tags": [
"rasp",
"application-security",
"openrasp",
"runtime-protection",
"sqli",
"xss",
"rce",
"devsecops"
],
"version": "1.0",
"author": "mukul975",
"license": "Apache-2.0",
"path": "skills/implementing-runtime-application-self-protection"
},
{
"name": "implementing-runtime-security-with-tetragon",
"description": "Implement eBPF-based runtime security observability and enforcement in Kubernetes clusters using Cilium Tetragon for kernel-level threat detection and policy enforcement.",
@@ -8446,22 +8645,6 @@
"license": "Apache-2.0",
"path": "skills/implementing-secrets-management-with-vault"
},
{
"name": "implementing-secrets-scanning-in-ci-cd",
"description": "Integrate gitleaks and trufflehog into CI/CD pipelines to detect leaked secrets before deployment",
"domain": "cybersecurity",
"subdomain": "devsecops",
"tags": [
"secrets-scanning",
"gitleaks",
"trufflehog",
"ci-cd"
],
"version": "1.0",
"author": "mukul975",
"license": "Apache-2.0",
"path": "skills/implementing-secrets-scanning-in-ci-cd"
},
{
"name": "implementing-security-chaos-engineering",
"description": ">",
@@ -8596,22 +8779,6 @@
"license": "Apache-2.0",
"path": "skills/implementing-soar-automation-with-phantom"
},
{
"name": "implementing-soar-playbook-for-phishing",
"description": "Automate phishing incident response using Splunk SOAR REST API to create containers, add artifacts, and trigger playbooks",
"domain": "cybersecurity",
"subdomain": "security-operations",
"tags": [
"soar",
"splunk-phantom",
"phishing",
"incident-response"
],
"version": "1.0",
"author": "mukul975",
"license": "Apache-2.0",
"path": "skills/implementing-soar-playbook-for-phishing"
},
{
"name": "implementing-soar-playbook-with-palo-alto-xsoar",
"description": "Implement automated incident response playbooks in Cortex XSOAR to orchestrate security workflows across SOC tools and reduce manual response time.",
@@ -9708,22 +9875,6 @@
"license": "Apache-2.0",
"path": "skills/performing-blind-ssrf-exploitation"
},
{
"name": "performing-bluetooth-security-assessment",
"description": "Assess Bluetooth Low Energy device security by scanning, enumerating GATT services, and detecting vulnerabilities",
"domain": "cybersecurity",
"subdomain": "wireless-security",
"tags": [
"bluetooth",
"ble",
"gatt",
"wireless-security"
],
"version": "1.0",
"author": "mukul975",
"license": "Apache-2.0",
"path": "skills/performing-bluetooth-security-assessment"
},
{
"name": "performing-brand-monitoring-for-impersonation",
"description": "Monitor for brand impersonation attacks across domains, social media, mobile apps, and dark web channels to detect phishing campaigns, fake sites, and unauthorized brand usage targeting your organization.",
@@ -9947,6 +10098,26 @@
"license": "Apache-2.0",
"path": "skills/performing-container-image-hardening"
},
{
"name": "performing-container-security-scanning-with-trivy",
"description": "Scan container images, filesystems, and Kubernetes manifests for vulnerabilities, misconfigurations, exposed secrets, and license compliance issues using Aqua Security Trivy with SBOM generation and CI/CD integration.",
"domain": "cybersecurity",
"subdomain": "container-security",
"tags": [
"trivy",
"container-security",
"vulnerability-scanning",
"sbom",
"docker",
"kubernetes",
"devsecops",
"supply-chain"
],
"version": "1.0",
"author": "mukul975",
"license": "Apache-2.0",
"path": "skills/performing-container-security-scanning-with-trivy"
},
{
"name": "performing-content-security-policy-bypass",
"description": "Analyze and bypass Content Security Policy implementations to achieve cross-site scripting by exploiting misconfigurations, JSONP endpoints, unsafe directives, and policy injection techniques.",
@@ -10365,6 +10536,24 @@
"license": "Apache-2.0",
"path": "skills/performing-fuzzing-with-aflplusplus"
},
{
"name": "performing-gcp-penetration-testing-with-gcpbucketbrute",
"description": "Perform GCP security testing using GCPBucketBrute for storage bucket enumeration, gcloud IAM privilege escalation path analysis, and service account permission auditing",
"domain": "cybersecurity",
"subdomain": "cloud-security",
"tags": [
"gcp",
"cloud-pentesting",
"bucket-enumeration",
"iam-audit",
"privilege-escalation",
"gcpbucketbrute"
],
"version": "1.0",
"author": "mukul975",
"license": "Apache-2.0",
"path": "skills/performing-gcp-penetration-testing-with-gcpbucketbrute"
},
{
"name": "performing-gcp-security-assessment-with-forseti",
"description": ">",
@@ -11008,6 +11197,25 @@
"license": "Apache-2.0",
"path": "skills/performing-network-packet-capture-analysis"
},
{
"name": "performing-network-traffic-analysis-with-tshark",
"description": "Automate network traffic analysis using tshark and pyshark for protocol statistics, suspicious flow detection, DNS anomaly identification, and IOC extraction from PCAP files",
"domain": "cybersecurity",
"subdomain": "network-security",
"tags": [
"tshark",
"pyshark",
"pcap",
"packet-analysis",
"network-forensics",
"wireshark",
"traffic-analysis"
],
"version": "1.0",
"author": "mukul975",
"license": "Apache-2.0",
"path": "skills/performing-network-traffic-analysis-with-tshark"
},
{
"name": "performing-network-traffic-analysis-with-zeek",
"description": "Deploy Zeek network security monitor to capture, parse, and analyze network traffic metadata for threat detection, anomaly identification, and forensic investigation.",