creator/Anthropic-Cybersecurity-Skills
1
0
Fork 0
mirror of https://github.com/mukul975/Anthropic-Cybersecurity-Skills.git synced 2026-06-26 11:44:37 +03:00
Code Issues Packages Projects Releases Wiki Activity

chore: auto-update index.json

Browse Source
This commit is contained in:
mukul975
2026-03-10 23:47:17 +00:00
parent 4d6d585285
commit 7135f0cfe3
1 changed files with 209 additions and 17 deletions
Download Patch File Download Diff File Expand all files Collapse all files
index.json
+209 -17
View File
@@ -1,19 +1,19 @@
{ {
"version": "1.0.0", "version": "1.0.0",
"generated_at": "2026-03-10T23:44:50Z", "generated_at": "2026-03-10T23:47:16Z",
"repository": "https://github.com/mukul975/Anthropic-Cybersecurity-Skills", "repository": "https://github.com/mukul975/Anthropic-Cybersecurity-Skills",
"total_skills": 683, "total_skills": 693,
"total_domains": 1, "total_domains": 1,
"total_subdomains": 29, "total_subdomains": 30,
"domain_stats": { "domain_stats": {
"cybersecurity": 683 "cybersecurity": 693
}, },
"subdomain_stats": { "subdomain_stats": {
"digital-forensics": 36, "digital-forensics": 36,
"malware-analysis": 38,
"security-operations": 34, "security-operations": 34,
"threat-intelligence": 48, "threat-intelligence": 48,
"malware-analysis": 37, "cloud-security": 56,
"cloud-security": 53,
"soc-operations": 33, "soc-operations": 33,
"mobile-security": 12, "mobile-security": 12,
"container-security": 29, "container-security": 29,
@@ -24,20 +24,21 @@
"devsecops": 16, "devsecops": 16,
"identity-access-management": 34, "identity-access-management": 34,
"vulnerability-management": 25, "vulnerability-management": 25,
"threat-hunting": 43, "threat-hunting": 45,
"web-application-security": 42, "web-application-security": 42,
"penetration-testing": 23, "penetration-testing": 23,
"zero-trust-architecture": 13, "zero-trust-architecture": 13,
"cryptography": 13, "cryptography": 14,
"endpoint-security": 16, "endpoint-security": 16,
"ot-ics-security": 28, "ot-ics-security": 28,
"api-security": 28, "api-security": 28,
"threat-detection": 4, "threat-detection": 4,
"ransomware-defense": 5, "ransomware-defense": 5,
"deception-technology": 2,
"application-security": 2, "application-security": 2,
"compliance-governance": 5, "compliance-governance": 5,
"deception-technology": 1, "identity-and-access-management": 1,
"red-team": 1 "red-team": 2
}, },
"top_tags": [ "top_tags": [
{ {
@@ -46,7 +47,7 @@
}, },
{ {
"tag": "threat-hunting", "tag": "threat-hunting",
"count": 52 "count": 54
}, },
{ {
"tag": "penetration-testing", "tag": "penetration-testing",
@@ -58,7 +59,7 @@
}, },
{ {
"tag": "cloud-security", "tag": "cloud-security",
"count": 39 "count": 41
}, },
{ {
"tag": "owasp", "tag": "owasp",
@@ -96,6 +97,10 @@
"tag": "ics", "tag": "ics",
"count": 28 "count": 28
}, },
{
"tag": "red-team",
"count": 25
},
{ {
"tag": "proactive-detection", "tag": "proactive-detection",
"count": 25 "count": 25
@@ -113,11 +118,7 @@
"count": 24 "count": 24
}, },
{ {
"tag": "red-team", "tag": "zero-trust",
"count": 24
},
{
"tag": "scada",
"count": 23 "count": 23
} }
], ],
@@ -140,6 +141,26 @@
"license": "Apache-2.0", "license": "Apache-2.0",
"path": "skills/acquiring-disk-image-with-dd-and-dcfldd" "path": "skills/acquiring-disk-image-with-dd-and-dcfldd"
}, },
{
"name": "analyzing-android-malware-with-apktool",
"description": "Perform static analysis of Android APK malware samples using apktool for decompilation, jadx for Java source recovery, and androguard for permission analysis, manifest inspection, and suspicious API call detection.",
"domain": "cybersecurity",
"subdomain": "malware-analysis",
"tags": [
"Android",
"APK",
"apktool",
"jadx",
"androguard",
"mobile-malware",
"static-analysis",
"reverse-engineering"
],
"version": "1.0",
"author": "mukul975",
"license": "Apache-2.0",
"path": "skills/analyzing-android-malware-with-apktool"
},
{ {
"name": "analyzing-api-gateway-access-logs", "name": "analyzing-api-gateway-access-logs",
"description": ">", "description": ">",
@@ -862,6 +883,25 @@
"license": "Apache-2.0", "license": "Apache-2.0",
"path": "skills/analyzing-network-traffic-with-wireshark" "path": "skills/analyzing-network-traffic-with-wireshark"
}, },
{
"name": "analyzing-office365-audit-logs-for-compromise",
"description": "Parse Office 365 Unified Audit Logs via Microsoft Graph API to detect email forwarding rule creation, inbox delegation, suspicious OAuth app grants, and other indicators of account compromise.",
"domain": "cybersecurity",
"subdomain": "cloud-security",
"tags": [
"Office365",
"Microsoft-Graph",
"audit-logs",
"email-compromise",
"inbox-rules",
"OAuth",
"BEC"
],
"version": "1.0",
"author": "mukul975",
"license": "Apache-2.0",
"path": "skills/analyzing-office365-audit-logs-for-compromise"
},
{ {
"name": "analyzing-outlook-pst-for-email-forensics", "name": "analyzing-outlook-pst-for-email-forensics",
"description": "Analyze Microsoft Outlook PST and OST files for email forensic evidence including message content, headers, attachments, deleted items, and metadata using libpff, pst-utils, and forensic email analysis tools for legal investigations and incident response.", "description": "Analyze Microsoft Outlook PST and OST files for email forensic evidence including message content, headers, attachments, deleted items, and metadata using libpff, pst-utils, and forensic email analysis tools for legal investigations and incident response.",
@@ -4273,6 +4313,25 @@
"license": "Apache-2.0", "license": "Apache-2.0",
"path": "skills/detecting-shadow-api-endpoints" "path": "skills/detecting-shadow-api-endpoints"
}, },
{
"name": "detecting-shadow-it-cloud-usage",
"description": "Detect unauthorized SaaS and cloud service usage (shadow IT) by analyzing proxy logs, DNS query logs, and netflow data using Python pandas for traffic pattern analysis and domain classification.",
"domain": "cybersecurity",
"subdomain": "cloud-security",
"tags": [
"shadow-IT",
"SaaS-discovery",
"proxy-logs",
"DNS-analysis",
"netflow",
"cloud-security",
"pandas"
],
"version": "1.0",
"author": "mukul975",
"license": "Apache-2.0",
"path": "skills/detecting-shadow-it-cloud-usage"
},
{ {
"name": "detecting-spearphishing-with-email-gateway", "name": "detecting-spearphishing-with-email-gateway",
"description": "Spearphishing targets specific individuals using personalized, researched content that bypasses generic spam filters. Email security gateways (SEGs) like Microsoft Defender for Office 365, Proofpoint,", "description": "Spearphishing targets specific individuals using personalized, researched content that bypasses generic spam filters. Email security gateways (SEGs) like Microsoft Defender for Office 365, Proofpoint,",
@@ -4344,6 +4403,25 @@
"license": "Apache-2.0", "license": "Apache-2.0",
"path": "skills/detecting-supply-chain-attacks-in-ci-cd" "path": "skills/detecting-supply-chain-attacks-in-ci-cd"
}, },
{
"name": "detecting-suspicious-oauth-application-consent",
"description": "Detect risky OAuth application consent grants in Azure AD / Microsoft Entra ID using Microsoft Graph API, audit logs, and permission analysis to identify illicit consent grant attacks.",
"domain": "cybersecurity",
"subdomain": "cloud-security",
"tags": [
"OAuth",
"Azure-AD",
"Entra-ID",
"Microsoft-Graph",
"illicit-consent",
"cloud-security",
"application-permissions"
],
"version": "1.0",
"author": "mukul975",
"license": "Apache-2.0",
"path": "skills/detecting-suspicious-oauth-application-consent"
},
{ {
"name": "detecting-suspicious-powershell-execution", "name": "detecting-suspicious-powershell-execution",
"description": "Detect suspicious PowerShell execution patterns including encoded commands, download cradles, AMSI bypass attempts, and constrained language mode evasion.", "description": "Detect suspicious PowerShell execution patterns including encoded commands, download cradles, AMSI bypass attempts, and constrained language mode evasion.",
@@ -5708,6 +5786,25 @@
"license": "Apache-2.0", "license": "Apache-2.0",
"path": "skills/hunting-for-spearphishing-indicators" "path": "skills/hunting-for-spearphishing-indicators"
}, },
{
"name": "hunting-for-startup-folder-persistence",
"description": "Detect T1547.001 startup folder persistence by monitoring Windows startup directories for suspicious file creation, analyzing autoruns entries, and using Python watchdog for real-time filesystem monitoring.",
"domain": "cybersecurity",
"subdomain": "threat-hunting",
"tags": [
"threat-hunting",
"T1547.001",
"startup-folder",
"persistence",
"autoruns",
"watchdog",
"filesystem-monitoring"
],
"version": "1.0",
"author": "mukul975",
"license": "Apache-2.0",
"path": "skills/hunting-for-startup-folder-persistence"
},
{ {
"name": "hunting-for-supply-chain-compromise", "name": "hunting-for-supply-chain-compromise",
"description": "Hunt for supply chain compromise indicators including trojanized software updates, compromised dependencies, unauthorized code modifications, and tampered build artifacts.", "description": "Hunt for supply chain compromise indicators including trojanized software updates, compromised dependencies, unauthorized code modifications, and tampered build artifacts.",
@@ -5780,6 +5877,25 @@
"license": "Apache-2.0", "license": "Apache-2.0",
"path": "skills/hunting-for-unusual-network-connections" "path": "skills/hunting-for-unusual-network-connections"
}, },
{
"name": "hunting-for-unusual-service-installations",
"description": "Detect suspicious Windows service installations (MITRE ATT&CK T1543.003) by parsing System event logs for Event ID 7045, analyzing service binary paths, and identifying indicators of persistence mechanisms.",
"domain": "cybersecurity",
"subdomain": "threat-hunting",
"tags": [
"threat-hunting",
"T1543.003",
"service-installation",
"persistence",
"Event-7045",
"Sysmon",
"Windows-services"
],
"version": "1.0",
"author": "mukul975",
"license": "Apache-2.0",
"path": "skills/hunting-for-unusual-service-installations"
},
{ {
"name": "hunting-for-webshell-activity", "name": "hunting-for-webshell-activity",
"description": "Hunt for web shell deployments on internet-facing servers by analyzing file creation in web directories, suspicious process spawning from web servers, and anomalous HTTP patterns.", "description": "Hunt for web shell deployments on internet-facing servers by analyzing file creation in web directories, suspicious process spawning from web servers, and anomalous HTTP patterns.",
@@ -6530,6 +6646,25 @@
"license": "Apache-2.0", "license": "Apache-2.0",
"path": "skills/implementing-ddos-mitigation-with-cloudflare" "path": "skills/implementing-ddos-mitigation-with-cloudflare"
}, },
{
"name": "implementing-deception-based-detection-with-canarytoken",
"description": "Deploy and monitor Canary Tokens via the Thinkst Canary API for deception-based breach detection using web bug tokens, DNS tokens, document tokens, and AWS key tokens.",
"domain": "cybersecurity",
"subdomain": "deception-technology",
"tags": [
"canarytoken",
"deception",
"honeytokens",
"breach-detection",
"Thinkst-Canary",
"tripwire",
"early-warning"
],
"version": "1.0",
"author": "mukul975",
"license": "Apache-2.0",
"path": "skills/implementing-deception-based-detection-with-canarytoken"
},
{ {
"name": "implementing-delinea-secret-server-for-pam", "name": "implementing-delinea-secret-server-for-pam",
"description": ">", "description": ">",
@@ -7776,6 +7911,25 @@
"license": "Apache-2.0", "license": "Apache-2.0",
"path": "skills/implementing-privileged-access-management-with-cyberark" "path": "skills/implementing-privileged-access-management-with-cyberark"
}, },
{
"name": "implementing-privileged-access-workstation",
"description": "Design and implement Privileged Access Workstations (PAWs) with device hardening, just-in-time access, and integration with CyberArk or BeyondTrust for secure administrative operations.",
"domain": "cybersecurity",
"subdomain": "identity-and-access-management",
"tags": [
"privileged-access",
"PAW",
"zero-trust",
"device-hardening",
"CyberArk",
"BeyondTrust",
"just-in-time-access"
],
"version": "1.0",
"author": "mukul975",
"license": "Apache-2.0",
"path": "skills/implementing-privileged-access-workstation"
},
{ {
"name": "implementing-privileged-session-monitoring", "name": "implementing-privileged-session-monitoring",
"description": ">", "description": ">",
@@ -8823,6 +8977,25 @@
"license": "Apache-2.0", "license": "Apache-2.0",
"path": "skills/performing-active-directory-compromise-investigation" "path": "skills/performing-active-directory-compromise-investigation"
}, },
{
"name": "performing-active-directory-forest-trust-attack",
"description": "Enumerate and audit Active Directory forest trust relationships using impacket for SID filtering analysis, trust key extraction, cross-forest SID history abuse detection, and inter-realm Kerberos ticket assessment.",
"domain": "cybersecurity",
"subdomain": "red-team",
"tags": [
"active-directory",
"forest-trust",
"impacket",
"SID-filtering",
"kerberos",
"red-team",
"trust-enumeration"
],
"version": "1.0",
"author": "mukul975",
"license": "Apache-2.0",
"path": "skills/performing-active-directory-forest-trust-attack"
},
{ {
"name": "performing-active-directory-penetration-test", "name": "performing-active-directory-penetration-test",
"description": "Conduct a focused Active Directory penetration test to enumerate domain objects, discover attack paths with BloodHound, exploit Kerberos weaknesses, escalate privileges via ADCS/DCSync, and demonstrate domain compromise.", "description": "Conduct a focused Active Directory penetration test to enumerate domain objects, discover attack paths with BloodHound, exploit Kerberos weaknesses, escalate privileges via ADCS/DCSync, and demonstrate domain compromise.",
@@ -9893,6 +10066,25 @@
"license": "Apache-2.0", "license": "Apache-2.0",
"path": "skills/performing-graphql-security-assessment" "path": "skills/performing-graphql-security-assessment"
}, },
{
"name": "performing-hardware-security-module-integration",
"description": "Integrate Hardware Security Modules (HSMs) using PKCS#11 interface for cryptographic key management, signing operations, and secure key storage with python-pkcs11, AWS CloudHSM, and YubiHSM2.",
"domain": "cybersecurity",
"subdomain": "cryptography",
"tags": [
"HSM",
"PKCS11",
"CloudHSM",
"YubiHSM2",
"key-management",
"cryptographic-operations",
"hardware-security"
],
"version": "1.0",
"author": "mukul975",
"license": "Apache-2.0",
"path": "skills/performing-hardware-security-module-integration"
},
{ {
"name": "performing-hash-cracking-with-hashcat", "name": "performing-hash-cracking-with-hashcat",
"description": "Hash cracking is an essential skill for penetration testers and security auditors to evaluate password strength. Hashcat is the world's fastest password recovery tool, supporting over 300 hash types w", "description": "Hash cracking is an essential skill for penetration testers and security auditors to evaluate password strength. Hashcat is the world's fastest password recovery tool, supporting over 300 hash types w",