creator/Anthropic-Cybersecurity-Skills
1
0
Fork 0
mirror of https://github.com/mukul975/Anthropic-Cybersecurity-Skills.git synced 2026-06-11 05:34:55 +03:00
Code Issues Packages Projects Releases Wiki Activity

feat: add 5 cybersecurity skills - CloudTrail anomalies, SSL/TLS assessment, Wazuh detection, Prefetch analysis, WMI lateral movement

Browse Source
This commit is contained in:
mukul975
2026-03-11 00:44:42 +01:00
parent 1ba371d7f7
commit 724fda0883
20 changed files with 1593 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files
skills/analyzing-windows-prefetch-with-python/references/api-reference.md
+60
View File
@@ -0,0 +1,60 @@
# API Reference: Analyzing Windows Prefetch with Python
## windowsprefetch Library
```python
import windowsprefetch
pf = windowsprefetch.Prefetch("CMD.EXE-1234ABCD.pf")
print(pf.executableName) # CMD.EXE
print(pf.runCount) # 42
print(pf.lastRunTime) # 2025-01-15 10:30:22
print(pf.timestamps) # List of up to 8 execution times
print(pf.resources) # List of loaded files/DLLs
print(pf.volumes) # Volume info (name, serial, creation)
```
Install: `pip install windowsprefetch`
## Prefetch File Versions
| Version | Windows | Max Timestamps |
|---------|---------|----------------|
| 17 | XP/2003 | 1 |
| 23 | Vista/7 | 1 |
| 26 | 8/8.1 | 8 |
| 30 | 10/11 | 8 (compressed) |
## File Naming Convention
Format: `EXECUTABLE-XXXXXXXX.pf`
- EXECUTABLE: uppercase executable name
- XXXXXXXX: hash of file path (allows multiple entries per executable)
## Suspicious Executables to Flag
| Category | Examples |
|----------|---------|
| Credential tools | mimikatz, rubeus, lazagne, secretsdump |
| Lateral movement | psexec, psexesvc, wmiexec |
| C2 agents | beacon, meterpreter, covenant, empire |
| LOLBins | certutil, mshta, regsvr32, rundll32, bitsadmin |
| Recon | sharphound, bloodhound, nmap |
## Prefetch Directory Location
```
C:\Windows\Prefetch\
```
Requires admin privileges to read. Enable via:
```
reg query "HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management\PrefetchParameters"
```
## References
- windowsprefetch PyPI: https://pypi.org/project/windowsprefetch/
- Windows Prefetch Parser: https://github.com/PoorBillionaire/Windows-Prefetch-Parser
- libscca/pyscca: https://github.com/libyal/libscca
- SANS Prefetch Analysis: https://www.sans.org/blog/a-prescription-for-windows-prefetch-analysis