From 90d93af81438db262ff0fb6c7a0d9679deed5738 Mon Sep 17 00:00:00 2001 From: mukul975 Date: Wed, 11 Mar 2026 00:26:05 +0100 Subject: [PATCH] =?UTF-8?q?Fix=20SKILL.md=20frontmatter:=20add=20missing?= =?UTF-8?q?=20domain/subdomain/tags/version/author/license=20fields,=20fix?= =?UTF-8?q?=20name=3DNone=20entries=20=E2=80=94=20all=20649=20skills=20now?= =?UTF-8?q?=20pass=20CI=20validation?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- skills/analyzing-api-gateway-access-logs/SKILL.md | 6 ++++++ .../SKILL.md | 6 ++++++ .../analyzing-campaign-attribution-evidence/SKILL.md | 2 +- .../analyzing-cloud-storage-access-patterns/SKILL.md | 6 ++++++ .../SKILL.md | 6 ++++++ skills/analyzing-kubernetes-audit-logs/SKILL.md | 6 ++++++ .../SKILL.md | 6 ++++++ .../analyzing-network-flow-data-with-netflow/SKILL.md | 6 ++++++ .../SKILL.md | 6 ++++++ .../SKILL.md | 2 +- skills/analyzing-threat-landscape-with-misp/SKILL.md | 6 ++++++ .../SKILL.md | 6 ++++++ .../analyzing-web-server-logs-for-intrusion/SKILL.md | 6 ++++++ skills/auditing-kubernetes-rbac-permissions/SKILL.md | 2 +- .../SKILL.md | 2 +- skills/building-threat-intelligence-platform/SKILL.md | 2 +- .../collecting-threat-intelligence-with-misp/SKILL.md | 2 +- .../SKILL.md | 2 +- skills/configuring-ldap-security-hardening/SKILL.md | 2 +- .../SKILL.md | 11 +++++++++++ .../SKILL.md | 2 +- skills/configuring-oauth2-authorization-flow/SKILL.md | 2 +- .../SKILL.md | 2 +- skills/deploying-software-defined-perimeter/SKILL.md | 11 +++++++++++ .../detecting-beaconing-patterns-with-zeek/SKILL.md | 6 ++++++ skills/detecting-container-escape-attempts/SKILL.md | 2 +- skills/detecting-golden-ticket-attacks/SKILL.md | 6 ++++++ .../SKILL.md | 6 ++++++ skills/detecting-sql-injection-via-waf-logs/SKILL.md | 6 ++++++ .../detecting-supply-chain-attacks-in-ci-cd/SKILL.md | 6 ++++++ .../SKILL.md | 2 +- .../extracting-memory-artifacts-with-rekall/SKILL.md | 6 ++++++ .../SKILL.md | 2 +- skills/hunting-credential-stuffing-attacks/SKILL.md | 6 ++++++ skills/hunting-for-webshells-in-web-servers/SKILL.md | 6 ++++++ skills/hunting-living-off-the-land-binaries/SKILL.md | 6 ++++++ .../implementing-cloud-workload-protection/SKILL.md | 6 ++++++ .../SKILL.md | 2 +- skills/implementing-diamond-model-analysis/SKILL.md | 2 +- .../SKILL.md | 2 +- .../SKILL.md | 6 ++++++ .../SKILL.md | 6 ++++++ .../SKILL.md | 2 +- .../SKILL.md | 11 +++++++++++ .../SKILL.md | 2 +- .../SKILL.md | 2 +- .../SKILL.md | 6 ++++++ .../SKILL.md | 6 ++++++ .../SKILL.md | 2 +- .../SKILL.md | 6 ++++++ .../SKILL.md | 6 ++++++ skills/implementing-pam-for-database-access/SKILL.md | 2 +- .../SKILL.md | 2 +- .../implementing-patch-management-workflow/SKILL.md | 2 +- .../SKILL.md | 2 +- .../implementing-rbac-for-kubernetes-cluster/SKILL.md | 2 +- skills/implementing-saml-sso-with-okta/SKILL.md | 2 +- .../implementing-security-chaos-engineering/SKILL.md | 6 ++++++ .../SKILL.md | 6 ++++++ .../implementing-stix-taxii-feed-integration/SKILL.md | 2 +- .../SKILL.md | 6 ++++++ .../SKILL.md | 6 ++++++ .../SKILL.md | 2 +- .../SKILL.md | 11 +++++++++++ .../SKILL.md | 2 +- .../SKILL.md | 2 +- .../SKILL.md | 6 ++++++ skills/performing-container-escape-detection/SKILL.md | 6 ++++++ .../SKILL.md | 2 +- skills/performing-dns-tunneling-detection/SKILL.md | 6 ++++++ .../SKILL.md | 2 +- .../SKILL.md | 2 +- .../SKILL.md | 2 +- skills/performing-malware-ioc-extraction/SKILL.md | 2 +- .../performing-privileged-account-discovery/SKILL.md | 2 +- .../SKILL.md | 6 ++++++ skills/performing-service-account-audit/SKILL.md | 2 +- .../SKILL.md | 6 ++++++ .../SKILL.md | 6 ++++++ .../SKILL.md | 2 +- .../SKILL.md | 2 +- skills/scanning-docker-images-with-trivy/SKILL.md | 2 +- skills/scanning-infrastructure-with-nessus/SKILL.md | 2 +- .../securing-container-registry-with-harbor/SKILL.md | 2 +- skills/tracking-threat-actor-infrastructure/SKILL.md | 2 +- 85 files changed, 310 insertions(+), 44 deletions(-) diff --git a/skills/analyzing-api-gateway-access-logs/SKILL.md b/skills/analyzing-api-gateway-access-logs/SKILL.md index 3ce93345..c2f5611d 100644 --- a/skills/analyzing-api-gateway-access-logs/SKILL.md +++ b/skills/analyzing-api-gateway-access-logs/SKILL.md @@ -5,6 +5,12 @@ description: > attacks, rate limit bypass, credential scanning, and injection attempts. Uses pandas for statistical analysis of request patterns and anomaly detection. Use when investigating API abuse or building API-specific threat detection rules. +domain: cybersecurity +subdomain: security-operations +tags: [analyzing, api, gateway, access] +version: "1.0" +author: mahipal +license: MIT --- # Analyzing API Gateway Access Logs diff --git a/skills/analyzing-azure-activity-logs-for-threats/SKILL.md b/skills/analyzing-azure-activity-logs-for-threats/SKILL.md index b31ad4b0..6dfc1e39 100644 --- a/skills/analyzing-azure-activity-logs-for-threats/SKILL.md +++ b/skills/analyzing-azure-activity-logs-for-threats/SKILL.md @@ -5,6 +5,12 @@ description: > detect suspicious administrative operations, impossible travel, privilege escalation, and resource modifications. Builds KQL queries for threat hunting in Azure environments. Use when investigating suspicious Azure tenant activity or building cloud SIEM detections. +domain: cybersecurity +subdomain: security-operations +tags: [analyzing, azure, activity, logs] +version: "1.0" +author: mahipal +license: MIT --- # Analyzing Azure Activity Logs for Threats diff --git a/skills/analyzing-campaign-attribution-evidence/SKILL.md b/skills/analyzing-campaign-attribution-evidence/SKILL.md index 721843b6..dfd6dfe3 100644 --- a/skills/analyzing-campaign-attribution-evidence/SKILL.md +++ b/skills/analyzing-campaign-attribution-evidence/SKILL.md @@ -1,5 +1,5 @@ --- -name: None +name: analyzing-campaign-attribution-evidence description: Campaign attribution analysis involves systematically evaluating evidence to determine which threat actor or group is responsible for a cyber operation. This skill covers collecting and weighting attr domain: cybersecurity subdomain: threat-intelligence diff --git a/skills/analyzing-cloud-storage-access-patterns/SKILL.md b/skills/analyzing-cloud-storage-access-patterns/SKILL.md index e598fe32..1ee3d10b 100644 --- a/skills/analyzing-cloud-storage-access-patterns/SKILL.md +++ b/skills/analyzing-cloud-storage-access-patterns/SKILL.md @@ -5,6 +5,12 @@ description: >- Data Events, GCS audit logs, and Azure Storage Analytics. Identifies after-hours bulk downloads, access from new IP addresses, unusual API calls (GetObject spikes), and potential data exfiltration using statistical baselines and time-series anomaly detection. +domain: cybersecurity +subdomain: cloud-security +tags: [analyzing, cloud, storage, access] +version: "1.0" +author: mahipal +license: MIT --- ## Instructions diff --git a/skills/analyzing-cobalt-strike-malleable-profiles/SKILL.md b/skills/analyzing-cobalt-strike-malleable-profiles/SKILL.md index aabc8bc5..d1f79fa5 100644 --- a/skills/analyzing-cobalt-strike-malleable-profiles/SKILL.md +++ b/skills/analyzing-cobalt-strike-malleable-profiles/SKILL.md @@ -5,6 +5,12 @@ description: > configuration, HTTP communication patterns, and sleep/jitter settings. Combines with JARM TLS fingerprinting to detect C2 servers on the network. Use when investigating suspected Cobalt Strike infrastructure or building detection signatures for C2 traffic. +domain: cybersecurity +subdomain: security-operations +tags: [analyzing, cobalt, strike, malleable] +version: "1.0" +author: mahipal +license: MIT --- # Analyzing Cobalt Strike Malleable Profiles diff --git a/skills/analyzing-kubernetes-audit-logs/SKILL.md b/skills/analyzing-kubernetes-audit-logs/SKILL.md index 23808e4c..65654326 100644 --- a/skills/analyzing-kubernetes-audit-logs/SKILL.md +++ b/skills/analyzing-kubernetes-audit-logs/SKILL.md @@ -5,6 +5,12 @@ description: > access, RBAC modifications, privileged pod creation, and anonymous API access. Builds threat detection rules from audit event patterns. Use when investigating Kubernetes cluster compromise or building k8s-specific SIEM detection rules. +domain: cybersecurity +subdomain: container-security +tags: [analyzing, kubernetes, audit, logs] +version: "1.0" +author: mahipal +license: MIT --- # Analyzing Kubernetes Audit Logs diff --git a/skills/analyzing-memory-forensics-with-lime-and-volatility/SKILL.md b/skills/analyzing-memory-forensics-with-lime-and-volatility/SKILL.md index 0dbea8b4..83a25a7b 100644 --- a/skills/analyzing-memory-forensics-with-lime-and-volatility/SKILL.md +++ b/skills/analyzing-memory-forensics-with-lime-and-volatility/SKILL.md @@ -5,6 +5,12 @@ description: > and analysis with Volatility 3 framework. Extracts process lists, network connections, bash history, loaded kernel modules, and injected code from Linux memory images. Use when performing incident response on compromised Linux systems. +domain: cybersecurity +subdomain: security-operations +tags: [analyzing, memory, forensics, with] +version: "1.0" +author: mahipal +license: MIT --- # Analyzing Memory Forensics with LiME and Volatility diff --git a/skills/analyzing-network-flow-data-with-netflow/SKILL.md b/skills/analyzing-network-flow-data-with-netflow/SKILL.md index 9fd2b29e..98da5032 100644 --- a/skills/analyzing-network-flow-data-with-netflow/SKILL.md +++ b/skills/analyzing-network-flow-data-with-netflow/SKILL.md @@ -5,6 +5,12 @@ description: >- exfiltration, and C2 beaconing patterns. Uses the Python netflow library to decode flow records, builds traffic baselines, and applies statistical analysis to identify flows with abnormal byte counts, connection durations, and periodic timing patterns. +domain: cybersecurity +subdomain: network-security +tags: [analyzing, network, flow, data] +version: "1.0" +author: mahipal +license: MIT --- ## Instructions diff --git a/skills/analyzing-powershell-script-block-logging/SKILL.md b/skills/analyzing-powershell-script-block-logging/SKILL.md index 81722676..9edc4882 100644 --- a/skills/analyzing-powershell-script-block-logging/SKILL.md +++ b/skills/analyzing-powershell-script-block-logging/SKILL.md @@ -5,6 +5,12 @@ description: >- commands, encoded payloads, and living-off-the-land techniques. Uses python-evtx to extract and reconstruct multi-block scripts, applies entropy analysis and pattern matching for Base64-encoded commands, Invoke-Expression abuse, download cradles, and AMSI bypass attempts. +domain: cybersecurity +subdomain: security-operations +tags: [analyzing, powershell, script, block] +version: "1.0" +author: mahipal +license: MIT --- ## Instructions diff --git a/skills/analyzing-threat-actor-ttps-with-mitre-attack/SKILL.md b/skills/analyzing-threat-actor-ttps-with-mitre-attack/SKILL.md index eb75895a..abfd25d6 100644 --- a/skills/analyzing-threat-actor-ttps-with-mitre-attack/SKILL.md +++ b/skills/analyzing-threat-actor-ttps-with-mitre-attack/SKILL.md @@ -1,5 +1,5 @@ --- -name: None +name: analyzing-threat-actor-ttps-with-mitre-attack description: MITRE ATT&CK is a globally-accessible knowledge base of adversary tactics, techniques, and procedures (TTPs) based on real-world observations. This skill covers systematically mapping threat actor beh domain: cybersecurity subdomain: threat-intelligence diff --git a/skills/analyzing-threat-landscape-with-misp/SKILL.md b/skills/analyzing-threat-landscape-with-misp/SKILL.md index 9aecc2a4..ddf4c684 100644 --- a/skills/analyzing-threat-landscape-with-misp/SKILL.md +++ b/skills/analyzing-threat-landscape-with-misp/SKILL.md @@ -6,6 +6,12 @@ description: >- clusters, and tag trends over time. Uses PyMISP to pull event data, compute IOC type breakdowns, identify top threat actors and malware families, and generate threat landscape reports with temporal trends. +domain: cybersecurity +subdomain: threat-intelligence +tags: [analyzing, threat, landscape, with] +version: "1.0" +author: mahipal +license: MIT --- ## Instructions diff --git a/skills/analyzing-tls-certificate-transparency-logs/SKILL.md b/skills/analyzing-tls-certificate-transparency-logs/SKILL.md index 8e3ac53c..d8bf25c1 100644 --- a/skills/analyzing-tls-certificate-transparency-logs/SKILL.md +++ b/skills/analyzing-tls-certificate-transparency-logs/SKILL.md @@ -5,6 +5,12 @@ description: > domains, unauthorized certificate issuance, and shadow IT. Monitors newly issued certificates for typosquatting and brand impersonation using Levenshtein distance. Use for proactive phishing domain detection and certificate monitoring. +domain: cybersecurity +subdomain: security-operations +tags: [analyzing, tls, certificate, transparency] +version: "1.0" +author: mahipal +license: MIT --- # Analyzing TLS Certificate Transparency Logs diff --git a/skills/analyzing-web-server-logs-for-intrusion/SKILL.md b/skills/analyzing-web-server-logs-for-intrusion/SKILL.md index d93f3ad1..eb74ed47 100644 --- a/skills/analyzing-web-server-logs-for-intrusion/SKILL.md +++ b/skills/analyzing-web-server-logs-for-intrusion/SKILL.md @@ -5,6 +5,12 @@ description: >- directory traversal, web scanner fingerprints, and brute-force patterns. Uses regex-based pattern matching against OWASP attack signatures, GeoIP enrichment for source attribution, and statistical anomaly detection for request frequency and response size outliers. +domain: cybersecurity +subdomain: security-operations +tags: [analyzing, web, server, logs] +version: "1.0" +author: mahipal +license: MIT --- ## Instructions diff --git a/skills/auditing-kubernetes-rbac-permissions/SKILL.md b/skills/auditing-kubernetes-rbac-permissions/SKILL.md index c2031753..39c429f1 100644 --- a/skills/auditing-kubernetes-rbac-permissions/SKILL.md +++ b/skills/auditing-kubernetes-rbac-permissions/SKILL.md @@ -1,5 +1,5 @@ --- -name: None +name: auditing-kubernetes-rbac-permissions description: Kubernetes Role-Based Access Control (RBAC) auditing systematically reviews roles, cluster roles, bindings, and service account permissions to identify overly permissive access, privilege escalation p domain: cybersecurity subdomain: container-security diff --git a/skills/building-ioc-enrichment-pipeline-with-opencti/SKILL.md b/skills/building-ioc-enrichment-pipeline-with-opencti/SKILL.md index cb0cc210..9dd35caf 100644 --- a/skills/building-ioc-enrichment-pipeline-with-opencti/SKILL.md +++ b/skills/building-ioc-enrichment-pipeline-with-opencti/SKILL.md @@ -1,5 +1,5 @@ --- -name: None +name: building-ioc-enrichment-pipeline-with-opencti description: OpenCTI is an open-source platform for managing cyber threat intelligence knowledge, built on STIX 2.1 as its native data model. This skill covers building an automated IOC enrichment pipeline using O domain: cybersecurity subdomain: threat-intelligence diff --git a/skills/building-threat-intelligence-platform/SKILL.md b/skills/building-threat-intelligence-platform/SKILL.md index 795ef83f..06f96214 100644 --- a/skills/building-threat-intelligence-platform/SKILL.md +++ b/skills/building-threat-intelligence-platform/SKILL.md @@ -1,5 +1,5 @@ --- -name: None +name: building-threat-intelligence-platform description: Building a Threat Intelligence Platform (TIP) involves deploying and integrating multiple CTI tools into a unified system for collecting, analyzing, enriching, and disseminating threat intelligence. T domain: cybersecurity subdomain: threat-intelligence diff --git a/skills/collecting-threat-intelligence-with-misp/SKILL.md b/skills/collecting-threat-intelligence-with-misp/SKILL.md index 5c35ac82..c7cafab2 100644 --- a/skills/collecting-threat-intelligence-with-misp/SKILL.md +++ b/skills/collecting-threat-intelligence-with-misp/SKILL.md @@ -1,5 +1,5 @@ --- -name: None +name: collecting-threat-intelligence-with-misp description: MISP (Malware Information Sharing Platform) is an open-source threat intelligence platform for gathering, sharing, storing, and correlating Indicators of Compromise (IOCs) of targeted attacks, threat domain: cybersecurity subdomain: threat-intelligence diff --git a/skills/configuring-active-directory-tiered-model/SKILL.md b/skills/configuring-active-directory-tiered-model/SKILL.md index 42ff7629..251f66ad 100644 --- a/skills/configuring-active-directory-tiered-model/SKILL.md +++ b/skills/configuring-active-directory-tiered-model/SKILL.md @@ -1,5 +1,5 @@ --- -name: None +name: configuring-active-directory-tiered-model description: Implement Microsoft's Enhanced Security Admin Environment (ESAE) tiered administration model for Active Directory. Covers Tier 0/1/2 separation, privileged access workstations (PAWs), administrative f domain: cybersecurity subdomain: identity-access-management diff --git a/skills/configuring-ldap-security-hardening/SKILL.md b/skills/configuring-ldap-security-hardening/SKILL.md index bb293479..80b3a613 100644 --- a/skills/configuring-ldap-security-hardening/SKILL.md +++ b/skills/configuring-ldap-security-hardening/SKILL.md @@ -1,5 +1,5 @@ --- -name: None +name: configuring-ldap-security-hardening description: Harden LDAP directory services against common attacks including credential harvesting, LDAP injection, anonymous binding, and channel binding bypass. Covers LDAPS enforcement, channel binding, LDAP si domain: cybersecurity subdomain: identity-access-management diff --git a/skills/configuring-microsegmentation-for-zero-trust/SKILL.md b/skills/configuring-microsegmentation-for-zero-trust/SKILL.md index 09228e56..27b06a51 100644 --- a/skills/configuring-microsegmentation-for-zero-trust/SKILL.md +++ b/skills/configuring-microsegmentation-for-zero-trust/SKILL.md @@ -1,3 +1,14 @@ +--- +name: configuring-microsegmentation-for-zero-trust +description: Configuring Microsegmentation For Zero Trust +domain: cybersecurity +subdomain: security-operations +tags: [cybersecurity] +version: "1.0" +author: mahipal +license: MIT +--- + # Configuring Microsegmentation for Zero Trust --- diff --git a/skills/configuring-multi-factor-authentication-with-duo/SKILL.md b/skills/configuring-multi-factor-authentication-with-duo/SKILL.md index 7c5b98f7..0d4dce73 100644 --- a/skills/configuring-multi-factor-authentication-with-duo/SKILL.md +++ b/skills/configuring-multi-factor-authentication-with-duo/SKILL.md @@ -1,5 +1,5 @@ --- -name: None +name: configuring-multi-factor-authentication-with-duo description: Deploy Cisco Duo multi-factor authentication across enterprise applications, VPN, RDP, and SSH access points. This skill covers Duo integration methods, adaptive authentication policies, device trust domain: cybersecurity subdomain: identity-access-management diff --git a/skills/configuring-oauth2-authorization-flow/SKILL.md b/skills/configuring-oauth2-authorization-flow/SKILL.md index c1a2153d..5fb3f585 100644 --- a/skills/configuring-oauth2-authorization-flow/SKILL.md +++ b/skills/configuring-oauth2-authorization-flow/SKILL.md @@ -1,5 +1,5 @@ --- -name: None +name: configuring-oauth2-authorization-flow description: Configure secure OAuth 2.0 authorization flows including Authorization Code with PKCE, Client Credentials, and Device Authorization Grant. This skill covers flow selection, PKCE implementation, token domain: cybersecurity subdomain: identity-access-management diff --git a/skills/configuring-tls-1-3-for-secure-communications/SKILL.md b/skills/configuring-tls-1-3-for-secure-communications/SKILL.md index 61afb85e..fa248e0e 100644 --- a/skills/configuring-tls-1-3-for-secure-communications/SKILL.md +++ b/skills/configuring-tls-1-3-for-secure-communications/SKILL.md @@ -1,5 +1,5 @@ --- -name: configuring-tls-1.3-for-secure-communications +name: configuring-tls-1-3-for-secure-communications description: TLS 1.3 (RFC 8446) is the latest version of the Transport Layer Security protocol, providing significant improvements over TLS 1.2 in both security and performance. It reduces handshake latency to 1-R domain: cybersecurity subdomain: cryptography diff --git a/skills/deploying-software-defined-perimeter/SKILL.md b/skills/deploying-software-defined-perimeter/SKILL.md index 0bd7fe27..ff22a5e4 100644 --- a/skills/deploying-software-defined-perimeter/SKILL.md +++ b/skills/deploying-software-defined-perimeter/SKILL.md @@ -1,3 +1,14 @@ +--- +name: deploying-software-defined-perimeter +description: Deploying Software Defined Perimeter +domain: cybersecurity +subdomain: security-operations +tags: [cybersecurity] +version: "1.0" +author: mahipal +license: MIT +--- + # Deploying Software-Defined Perimeter --- diff --git a/skills/detecting-beaconing-patterns-with-zeek/SKILL.md b/skills/detecting-beaconing-patterns-with-zeek/SKILL.md index 7945520d..9d048440 100644 --- a/skills/detecting-beaconing-patterns-with-zeek/SKILL.md +++ b/skills/detecting-beaconing-patterns-with-zeek/SKILL.md @@ -5,6 +5,12 @@ description: > beaconing patterns. Uses the ZAT library to load Zeek logs into Pandas DataFrames, calculates inter-arrival time standard deviation, and flags periodic connections with low jitter. Use when hunting for command-and-control callbacks in network data. +domain: cybersecurity +subdomain: security-operations +tags: [detecting, beaconing, patterns, with] +version: "1.0" +author: mahipal +license: MIT --- # Detecting Beaconing Patterns with Zeek diff --git a/skills/detecting-container-escape-attempts/SKILL.md b/skills/detecting-container-escape-attempts/SKILL.md index 0b557641..211a6b1a 100644 --- a/skills/detecting-container-escape-attempts/SKILL.md +++ b/skills/detecting-container-escape-attempts/SKILL.md @@ -1,5 +1,5 @@ --- -name: None +name: detecting-container-escape-attempts description: Container escape is a critical attack technique where an adversary breaks out of container isolation to access the host system or other containers. Detection involves monitoring for escape indicators domain: cybersecurity subdomain: container-security diff --git a/skills/detecting-golden-ticket-attacks/SKILL.md b/skills/detecting-golden-ticket-attacks/SKILL.md index 3e753df8..896470e9 100644 --- a/skills/detecting-golden-ticket-attacks/SKILL.md +++ b/skills/detecting-golden-ticket-attacks/SKILL.md @@ -5,6 +5,12 @@ description: >- TGT usage patterns. Parses Event IDs 4624, 4672, and 4768 from EVTX files to identify tickets with abnormal lifetimes, domain SID mismatches, and privilege escalation sequences where non-admin accounts receive admin-level privileges without corresponding group membership changes. +domain: cybersecurity +subdomain: security-operations +tags: [detecting, golden, ticket, attacks] +version: "1.0" +author: mahipal +license: MIT --- ## Instructions diff --git a/skills/detecting-insider-data-exfiltration-via-dlp/SKILL.md b/skills/detecting-insider-data-exfiltration-via-dlp/SKILL.md index 5944112b..abaa5e53 100644 --- a/skills/detecting-insider-data-exfiltration-via-dlp/SKILL.md +++ b/skills/detecting-insider-data-exfiltration-via-dlp/SKILL.md @@ -5,6 +5,12 @@ description: > patterns, upload volume anomalies, and off-hours activity in endpoint and cloud logs. Uses pandas for behavioral analytics and statistical baselines. Use when investigating insider threats or building user behavior analytics for data loss prevention. +domain: cybersecurity +subdomain: security-operations +tags: [detecting, insider, data, exfiltration] +version: "1.0" +author: mahipal +license: MIT --- # Detecting Insider Data Exfiltration via DLP diff --git a/skills/detecting-sql-injection-via-waf-logs/SKILL.md b/skills/detecting-sql-injection-via-waf-logs/SKILL.md index 2390bb50..fd32d485 100644 --- a/skills/detecting-sql-injection-via-waf-logs/SKILL.md +++ b/skills/detecting-sql-injection-via-waf-logs/SKILL.md @@ -6,6 +6,12 @@ description: >- identify SQLi patterns (UNION SELECT, OR 1=1, SLEEP(), BENCHMARK()), tracks attack sources, correlates multi-stage injection attempts, and generates incident reports with OWASP classification. +domain: cybersecurity +subdomain: security-operations +tags: [detecting, sql, injection, via] +version: "1.0" +author: mahipal +license: MIT --- ## Instructions diff --git a/skills/detecting-supply-chain-attacks-in-ci-cd/SKILL.md b/skills/detecting-supply-chain-attacks-in-ci-cd/SKILL.md index d32cd618..633ffad7 100644 --- a/skills/detecting-supply-chain-attacks-in-ci-cd/SKILL.md +++ b/skills/detecting-supply-chain-attacks-in-ci-cd/SKILL.md @@ -5,6 +5,12 @@ description: > attack vectors including unpinned actions, script injection via expressions, dependency confusion, and secrets exposure. Uses PyGithub and YAML parsing for automated audit. Use when hardening CI/CD pipelines or investigating compromised build systems. +domain: cybersecurity +subdomain: security-operations +tags: [detecting, supply, chain, attacks] +version: "1.0" +author: mahipal +license: MIT --- # Detecting Supply Chain Attacks in CI/CD diff --git a/skills/exploiting-vulnerabilities-with-metasploit-framework/SKILL.md b/skills/exploiting-vulnerabilities-with-metasploit-framework/SKILL.md index ba1d1c61..ee98c60e 100644 --- a/skills/exploiting-vulnerabilities-with-metasploit-framework/SKILL.md +++ b/skills/exploiting-vulnerabilities-with-metasploit-framework/SKILL.md @@ -1,5 +1,5 @@ --- -name: None +name: exploiting-vulnerabilities-with-metasploit-framework description: The Metasploit Framework is the world's most widely used penetration testing platform, maintained by Rapid7. It contains over 2,300 exploits, 1,200 auxiliary modules, and 400 post-exploitation modules domain: cybersecurity subdomain: vulnerability-management diff --git a/skills/extracting-memory-artifacts-with-rekall/SKILL.md b/skills/extracting-memory-artifacts-with-rekall/SKILL.md index a577bcfd..8339eebe 100644 --- a/skills/extracting-memory-artifacts-with-rekall/SKILL.md +++ b/skills/extracting-memory-artifacts-with-rekall/SKILL.md @@ -5,6 +5,12 @@ description: > injected code via VAD anomalies, hidden processes, and rootkit detection. Applies plugins like pslist, psscan, vadinfo, malfind, and dlllist to extract forensic artifacts from Windows memory images. Use during incident response memory analysis. +domain: cybersecurity +subdomain: security-operations +tags: [extracting, memory, artifacts, with] +version: "1.0" +author: mahipal +license: MIT --- # Extracting Memory Artifacts with Rekall diff --git a/skills/hardening-docker-containers-for-production/SKILL.md b/skills/hardening-docker-containers-for-production/SKILL.md index 0c0ec04e..8a1318b2 100644 --- a/skills/hardening-docker-containers-for-production/SKILL.md +++ b/skills/hardening-docker-containers-for-production/SKILL.md @@ -1,5 +1,5 @@ --- -name: None +name: hardening-docker-containers-for-production description: Hardening Docker containers for production involves applying security best practices aligned with CIS Docker Benchmark v1.8.0 to minimize attack surface, prevent privilege escalation, and enforce leas domain: cybersecurity subdomain: container-security diff --git a/skills/hunting-credential-stuffing-attacks/SKILL.md b/skills/hunting-credential-stuffing-attacks/SKILL.md index 794903f3..faecd8e6 100644 --- a/skills/hunting-credential-stuffing-attacks/SKILL.md +++ b/skills/hunting-credential-stuffing-attacks/SKILL.md @@ -5,6 +5,12 @@ description: > anomalies, ASN diversity, password spray patterns, and geographic distribution of failed logins. Uses statistical analysis on Splunk or raw log data. Use when investigating account takeover campaigns or building detection rules for auth abuse. +domain: cybersecurity +subdomain: security-operations +tags: [hunting, credential, stuffing, attacks] +version: "1.0" +author: mahipal +license: MIT --- # Hunting Credential Stuffing Attacks diff --git a/skills/hunting-for-webshells-in-web-servers/SKILL.md b/skills/hunting-for-webshells-in-web-servers/SKILL.md index 2fe9df2f..cfa97912 100644 --- a/skills/hunting-for-webshells-in-web-servers/SKILL.md +++ b/skills/hunting-for-webshells-in-web-servers/SKILL.md @@ -6,6 +6,12 @@ description: >- recently modified files in web roots, and anomalous file sizes. Uses Shannon entropy calculation to flag obfuscated payloads and regex pattern matching against known webshell signatures. +domain: cybersecurity +subdomain: security-operations +tags: [hunting, for, webshells, web] +version: "1.0" +author: mahipal +license: MIT --- ## Instructions diff --git a/skills/hunting-living-off-the-land-binaries/SKILL.md b/skills/hunting-living-off-the-land-binaries/SKILL.md index b7148d0b..f85526ad 100644 --- a/skills/hunting-living-off-the-land-binaries/SKILL.md +++ b/skills/hunting-living-off-the-land-binaries/SKILL.md @@ -5,6 +5,12 @@ description: > regsvr32, and rundll32 in Windows event logs and Sysmon telemetry. Builds detection rules by cross-referencing process creation events against the LOLBAS project database. Use when threat hunting for fileless attack techniques or building SIEM detection rules. +domain: cybersecurity +subdomain: security-operations +tags: [hunting, living, off, the] +version: "1.0" +author: mahipal +license: MIT --- # Hunting Living Off The Land Binaries diff --git a/skills/implementing-cloud-workload-protection/SKILL.md b/skills/implementing-cloud-workload-protection/SKILL.md index 5359e1e1..90fe4cd1 100644 --- a/skills/implementing-cloud-workload-protection/SKILL.md +++ b/skills/implementing-cloud-workload-protection/SKILL.md @@ -5,6 +5,12 @@ description: > security monitoring, process anomaly detection, and file integrity checking on EC2/GCE instances. Scans for cryptomining, reverse shells, and unauthorized binaries. Use when building runtime security controls for cloud compute workloads. +domain: cybersecurity +subdomain: cloud-security +tags: [implementing, cloud, workload, protection] +version: "1.0" +author: mahipal +license: MIT --- # Implementing Cloud Workload Protection diff --git a/skills/implementing-conditional-access-policies-azure-ad/SKILL.md b/skills/implementing-conditional-access-policies-azure-ad/SKILL.md index 41348418..2a61d361 100644 --- a/skills/implementing-conditional-access-policies-azure-ad/SKILL.md +++ b/skills/implementing-conditional-access-policies-azure-ad/SKILL.md @@ -1,5 +1,5 @@ --- -name: None +name: implementing-conditional-access-policies-azure-ad description: Configure Microsoft Entra ID (Azure AD) Conditional Access policies for zero trust access control. Covers signal-based policy design, device compliance requirements, risk-based authentication, named l domain: cybersecurity subdomain: identity-access-management diff --git a/skills/implementing-diamond-model-analysis/SKILL.md b/skills/implementing-diamond-model-analysis/SKILL.md index b9801c5f..c09db39b 100644 --- a/skills/implementing-diamond-model-analysis/SKILL.md +++ b/skills/implementing-diamond-model-analysis/SKILL.md @@ -1,5 +1,5 @@ --- -name: None +name: implementing-diamond-model-analysis description: The Diamond Model of Intrusion Analysis provides a structured framework for analyzing cyber intrusions by examining four core features: Adversary, Capability, Infrastructure, and Victim. This skill co domain: cybersecurity subdomain: threat-intelligence diff --git a/skills/implementing-dmarc-dkim-spf-email-security/SKILL.md b/skills/implementing-dmarc-dkim-spf-email-security/SKILL.md index f0213620..865ee2aa 100644 --- a/skills/implementing-dmarc-dkim-spf-email-security/SKILL.md +++ b/skills/implementing-dmarc-dkim-spf-email-security/SKILL.md @@ -1,5 +1,5 @@ --- -name: implementing-dmarc,-dkim,-and-spf-email-security +name: implementing-dmarc-dkim-spf-email-security description: SPF, DKIM, and DMARC form the three pillars of email authentication. Together they prevent domain spoofing, validate message integrity, and define policies for handling unauthenticated mail. Proper im domain: cybersecurity subdomain: phishing-defense diff --git a/skills/implementing-email-security-with-dmarc-dkim-spf/SKILL.md b/skills/implementing-email-security-with-dmarc-dkim-spf/SKILL.md index 0a4bbb7b..753e69eb 100644 --- a/skills/implementing-email-security-with-dmarc-dkim-spf/SKILL.md +++ b/skills/implementing-email-security-with-dmarc-dkim-spf/SKILL.md @@ -6,6 +6,12 @@ description: >- validates SPF syntax and lookup counts, verifies DKIM selector records, parses DMARC policies, and identifies misconfigurations that enable email spoofing. Generates remediation recommendations. +domain: cybersecurity +subdomain: security-operations +tags: [implementing, email, security, with] +version: "1.0" +author: mahipal +license: MIT --- ## Instructions diff --git a/skills/implementing-honeytokens-for-breach-detection/SKILL.md b/skills/implementing-honeytokens-for-breach-detection/SKILL.md index 125072a2..8caa0449 100644 --- a/skills/implementing-honeytokens-for-breach-detection/SKILL.md +++ b/skills/implementing-honeytokens-for-breach-detection/SKILL.md @@ -5,6 +5,12 @@ description: > beacons, database records) that trigger alerts when accessed by attackers. Uses the Canarytokens API and custom webhook integrations for breach detection. Use when building deception-based early warning systems for intrusion detection. +domain: cybersecurity +subdomain: security-operations +tags: [implementing, honeytokens, for, breach] +version: "1.0" +author: mahipal +license: MIT --- # Implementing Honeytokens for Breach Detection diff --git a/skills/implementing-identity-governance-with-sailpoint/SKILL.md b/skills/implementing-identity-governance-with-sailpoint/SKILL.md index 72e215e1..95a3ba5e 100644 --- a/skills/implementing-identity-governance-with-sailpoint/SKILL.md +++ b/skills/implementing-identity-governance-with-sailpoint/SKILL.md @@ -1,5 +1,5 @@ --- -name: None +name: implementing-identity-governance-with-sailpoint description: Deploy SailPoint IdentityNow or IdentityIQ for identity governance and administration. Covers identity lifecycle management, access request workflows, certification campaigns, role mining, SOD policy domain: cybersecurity subdomain: identity-access-management diff --git a/skills/implementing-identity-verification-for-zero-trust/SKILL.md b/skills/implementing-identity-verification-for-zero-trust/SKILL.md index 1c120768..b3843b15 100644 --- a/skills/implementing-identity-verification-for-zero-trust/SKILL.md +++ b/skills/implementing-identity-verification-for-zero-trust/SKILL.md @@ -1,3 +1,14 @@ +--- +name: implementing-identity-verification-for-zero-trust +description: Implementing Identity Verification For Zero Trust +domain: cybersecurity +subdomain: security-operations +tags: [cybersecurity] +version: "1.0" +author: mahipal +license: MIT +--- + # Implementing Identity Verification for Zero Trust --- diff --git a/skills/implementing-just-in-time-access-provisioning/SKILL.md b/skills/implementing-just-in-time-access-provisioning/SKILL.md index d07f2597..007a6bf0 100644 --- a/skills/implementing-just-in-time-access-provisioning/SKILL.md +++ b/skills/implementing-just-in-time-access-provisioning/SKILL.md @@ -1,5 +1,5 @@ --- -name: None +name: implementing-just-in-time-access-provisioning description: Implement Just-In-Time (JIT) access provisioning to eliminate standing privileges by granting temporary, time-bound access only when needed. This skill covers JIT architecture design, approval workflo domain: cybersecurity subdomain: identity-access-management diff --git a/skills/implementing-kubernetes-pod-security-standards/SKILL.md b/skills/implementing-kubernetes-pod-security-standards/SKILL.md index f889ce47..045ba00b 100644 --- a/skills/implementing-kubernetes-pod-security-standards/SKILL.md +++ b/skills/implementing-kubernetes-pod-security-standards/SKILL.md @@ -1,5 +1,5 @@ --- -name: None +name: implementing-kubernetes-pod-security-standards description: Pod Security Standards (PSS) define three levels of security policies -- Privileged, Baseline, and Restricted -- enforced by the Pod Security Admission (PSA) controller built into Kubernetes 1.25+. PS domain: cybersecurity subdomain: container-security diff --git a/skills/implementing-log-integrity-with-blockchain/SKILL.md b/skills/implementing-log-integrity-with-blockchain/SKILL.md index 39f048e5..daaa4a90 100644 --- a/skills/implementing-log-integrity-with-blockchain/SKILL.md +++ b/skills/implementing-log-integrity-with-blockchain/SKILL.md @@ -6,6 +6,12 @@ description: >- where modifying any entry invalidates all subsequent hashes. Implements log ingestion, chain verification, tamper detection with pinpoint identification, and periodic checkpoint anchoring to external timestamping services. +domain: cybersecurity +subdomain: security-operations +tags: [implementing, log, integrity, with] +version: "1.0" +author: mahipal +license: MIT --- ## Instructions diff --git a/skills/implementing-mtls-for-zero-trust-services/SKILL.md b/skills/implementing-mtls-for-zero-trust-services/SKILL.md index 592a08cf..015dbcf3 100644 --- a/skills/implementing-mtls-for-zero-trust-services/SKILL.md +++ b/skills/implementing-mtls-for-zero-trust-services/SKILL.md @@ -5,6 +5,12 @@ description: > cryptography library for certificate generation and ssl module for TLS verification. Validates certificate chains, checks expiration, and audits mTLS deployment status. Use when implementing zero-trust service-to-service authentication. +domain: cybersecurity +subdomain: security-operations +tags: [implementing, mtls, for, zero] +version: "1.0" +author: mahipal +license: MIT --- # Implementing mTLS for Zero Trust Services diff --git a/skills/implementing-network-policies-for-kubernetes/SKILL.md b/skills/implementing-network-policies-for-kubernetes/SKILL.md index 57dee0ab..f5991d2d 100644 --- a/skills/implementing-network-policies-for-kubernetes/SKILL.md +++ b/skills/implementing-network-policies-for-kubernetes/SKILL.md @@ -1,5 +1,5 @@ --- -name: None +name: implementing-network-policies-for-kubernetes description: Kubernetes NetworkPolicies provide pod-level network segmentation by defining ingress and egress rules that control traffic flow between pods, namespaces, and external endpoints. Combined with CNI plu domain: cybersecurity subdomain: container-security diff --git a/skills/implementing-network-traffic-analysis-with-arkime/SKILL.md b/skills/implementing-network-traffic-analysis-with-arkime/SKILL.md index 5fb131ee..19b09fac 100644 --- a/skills/implementing-network-traffic-analysis-with-arkime/SKILL.md +++ b/skills/implementing-network-traffic-analysis-with-arkime/SKILL.md @@ -6,6 +6,12 @@ description: >- analyze connection patterns, detect beaconing behavior, and identify suspicious network flows. Monitors DNS queries, HTTP traffic, and TLS certificate anomalies across captured traffic. +domain: cybersecurity +subdomain: network-security +tags: [implementing, network, traffic, analysis] +version: "1.0" +author: mahipal +license: MIT --- ## Instructions diff --git a/skills/implementing-osquery-for-endpoint-monitoring/SKILL.md b/skills/implementing-osquery-for-endpoint-monitoring/SKILL.md index 80ca8752..2bada74a 100644 --- a/skills/implementing-osquery-for-endpoint-monitoring/SKILL.md +++ b/skills/implementing-osquery-for-endpoint-monitoring/SKILL.md @@ -5,6 +5,12 @@ description: >- network connections, file integrity, and persistence mechanisms. Generates osquery.conf with query packs, configures differential result logging, and analyzes query results to detect suspicious processes, unauthorized listeners, and file modifications in system directories. +domain: cybersecurity +subdomain: security-operations +tags: [implementing, osquery, for, endpoint] +version: "1.0" +author: mahipal +license: MIT --- ## Instructions diff --git a/skills/implementing-pam-for-database-access/SKILL.md b/skills/implementing-pam-for-database-access/SKILL.md index cc9fd3dd..bf8b516c 100644 --- a/skills/implementing-pam-for-database-access/SKILL.md +++ b/skills/implementing-pam-for-database-access/SKILL.md @@ -1,5 +1,5 @@ --- -name: None +name: implementing-pam-for-database-access description: Deploy privileged access management for database systems including Oracle, SQL Server, PostgreSQL, and MySQL. Covers session proxy configuration, credential vaulting, query auditing, dynamic credentia domain: cybersecurity subdomain: identity-access-management diff --git a/skills/implementing-passwordless-authentication-with-fido2/SKILL.md b/skills/implementing-passwordless-authentication-with-fido2/SKILL.md index f3667382..7bf1e93f 100644 --- a/skills/implementing-passwordless-authentication-with-fido2/SKILL.md +++ b/skills/implementing-passwordless-authentication-with-fido2/SKILL.md @@ -1,5 +1,5 @@ --- -name: None +name: implementing-passwordless-authentication-with-fido2 description: Deploy FIDO2/WebAuthn passwordless authentication using security keys and platform authenticators. Covers WebAuthn API integration, FIDO2 server configuration, passkey enrollment, biometric authentica domain: cybersecurity subdomain: identity-access-management diff --git a/skills/implementing-patch-management-workflow/SKILL.md b/skills/implementing-patch-management-workflow/SKILL.md index cc676458..4765dd13 100644 --- a/skills/implementing-patch-management-workflow/SKILL.md +++ b/skills/implementing-patch-management-workflow/SKILL.md @@ -1,5 +1,5 @@ --- -name: None +name: implementing-patch-management-workflow description: Patch management is the systematic process of identifying, testing, deploying, and verifying software updates to remediate vulnerabilities across an organization's IT infrastructure. An effective patc domain: cybersecurity subdomain: vulnerability-management diff --git a/skills/implementing-privileged-access-management-with-cyberark/SKILL.md b/skills/implementing-privileged-access-management-with-cyberark/SKILL.md index 181a4175..12dce907 100644 --- a/skills/implementing-privileged-access-management-with-cyberark/SKILL.md +++ b/skills/implementing-privileged-access-management-with-cyberark/SKILL.md @@ -1,5 +1,5 @@ --- -name: None +name: implementing-privileged-access-management-with-cyberark description: Deploy CyberArk Privileged Access Management to discover, vault, rotate, and monitor privileged credentials across enterprise infrastructure. This skill covers vault architecture, session isolation, c domain: cybersecurity subdomain: identity-access-management diff --git a/skills/implementing-rbac-for-kubernetes-cluster/SKILL.md b/skills/implementing-rbac-for-kubernetes-cluster/SKILL.md index 0c54fe5e..65e51b7f 100644 --- a/skills/implementing-rbac-for-kubernetes-cluster/SKILL.md +++ b/skills/implementing-rbac-for-kubernetes-cluster/SKILL.md @@ -1,5 +1,5 @@ --- -name: None +name: implementing-rbac-for-kubernetes-cluster description: Configure Kubernetes Role-Based Access Control (RBAC) to enforce least-privilege access to cluster resources. This skill covers Role/ClusterRole design, RoleBinding configuration, service account secu domain: cybersecurity subdomain: identity-access-management diff --git a/skills/implementing-saml-sso-with-okta/SKILL.md b/skills/implementing-saml-sso-with-okta/SKILL.md index 388ebf79..6e984406 100644 --- a/skills/implementing-saml-sso-with-okta/SKILL.md +++ b/skills/implementing-saml-sso-with-okta/SKILL.md @@ -1,5 +1,5 @@ --- -name: None +name: implementing-saml-sso-with-okta description: Implement SAML 2.0 Single Sign-On (SSO) using Okta as the Identity Provider (IdP). This skill covers end-to-end configuration of SAML authentication flows, attribute mapping, certificate management, a domain: cybersecurity subdomain: identity-access-management diff --git a/skills/implementing-security-chaos-engineering/SKILL.md b/skills/implementing-security-chaos-engineering/SKILL.md index ca4a8269..64d38f19 100644 --- a/skills/implementing-security-chaos-engineering/SKILL.md +++ b/skills/implementing-security-chaos-engineering/SKILL.md @@ -5,6 +5,12 @@ description: > security controls to verify detection and response capabilities. Tests WAF bypass, firewall rule removal, log pipeline disruption, and EDR disablement scenarios using boto3 and subprocess. Use when validating SOC detection coverage and resilience. +domain: cybersecurity +subdomain: security-operations +tags: [implementing, security, chaos, engineering] +version: "1.0" +author: mahipal +license: MIT --- # Implementing Security Chaos Engineering diff --git a/skills/implementing-siem-correlation-rules-for-apt/SKILL.md b/skills/implementing-siem-correlation-rules-for-apt/SKILL.md index 4f136a2a..76e04e11 100644 --- a/skills/implementing-siem-correlation-rules-for-apt/SKILL.md +++ b/skills/implementing-siem-correlation-rules-for-apt/SKILL.md @@ -5,6 +5,12 @@ description: >- process execution telemetry, and network connection logs across hosts. Uses Splunk SPL and Sigma rule format to correlate Event IDs 4624, 4648, 4688, and Sysmon Events 1/3 within sliding time windows to surface attack sequences invisible to single-event detections. +domain: cybersecurity +subdomain: security-operations +tags: [implementing, siem, correlation, rules] +version: "1.0" +author: mahipal +license: MIT --- ## Instructions diff --git a/skills/implementing-stix-taxii-feed-integration/SKILL.md b/skills/implementing-stix-taxii-feed-integration/SKILL.md index 2fcc96c5..00ca243a 100644 --- a/skills/implementing-stix-taxii-feed-integration/SKILL.md +++ b/skills/implementing-stix-taxii-feed-integration/SKILL.md @@ -1,5 +1,5 @@ --- -name: None +name: implementing-stix-taxii-feed-integration description: STIX (Structured Threat Information eXpression) and TAXII (Trusted Automated eXchange of Intelligence Information) are OASIS open standards for representing and transporting cyber threat intelligence. domain: cybersecurity subdomain: threat-intelligence diff --git a/skills/implementing-syslog-centralization-with-rsyslog/SKILL.md b/skills/implementing-syslog-centralization-with-rsyslog/SKILL.md index 6c7a51b3..fd9272a1 100644 --- a/skills/implementing-syslog-centralization-with-rsyslog/SKILL.md +++ b/skills/implementing-syslog-centralization-with-rsyslog/SKILL.md @@ -5,6 +5,12 @@ description: >- and log rotation. Generates server and client configuration files with GnuTLS stream drivers, x509 certificate authentication, per-host log segregation, and reliable queue settings for high-availability syslog infrastructure. +domain: cybersecurity +subdomain: security-operations +tags: [implementing, syslog, centralization, with] +version: "1.0" +author: mahipal +license: MIT --- ## Instructions diff --git a/skills/implementing-threat-intelligence-platform/SKILL.md b/skills/implementing-threat-intelligence-platform/SKILL.md index cac1a6ff..415c5a2d 100644 --- a/skills/implementing-threat-intelligence-platform/SKILL.md +++ b/skills/implementing-threat-intelligence-platform/SKILL.md @@ -5,6 +5,12 @@ description: >- correlates events with galaxy clusters, and enriches indicators via VirusTotal and AbuseIPDB. Uses PyMISP to create events, add attributes with IDS flags, tag with MITRE ATT&CK techniques, and export STIX 2.1 bundles for downstream SIEM consumption. +domain: cybersecurity +subdomain: threat-intelligence +tags: [implementing, threat, intelligence, platform] +version: "1.0" +author: mahipal +license: MIT --- ## Instructions diff --git a/skills/implementing-vulnerability-remediation-sla/SKILL.md b/skills/implementing-vulnerability-remediation-sla/SKILL.md index 4338977b..a1cbd6e2 100644 --- a/skills/implementing-vulnerability-remediation-sla/SKILL.md +++ b/skills/implementing-vulnerability-remediation-sla/SKILL.md @@ -1,5 +1,5 @@ --- -name: None +name: implementing-vulnerability-remediation-sla description: Vulnerability remediation SLAs define mandatory timeframes for patching or mitigating identified vulnerabilities based on severity, asset criticality, and exploit availability. Effective SLA programs domain: cybersecurity subdomain: vulnerability-management diff --git a/skills/implementing-zero-trust-network-access-with-zscaler/SKILL.md b/skills/implementing-zero-trust-network-access-with-zscaler/SKILL.md index 75094d6c..1e7dcbd4 100644 --- a/skills/implementing-zero-trust-network-access-with-zscaler/SKILL.md +++ b/skills/implementing-zero-trust-network-access-with-zscaler/SKILL.md @@ -1,3 +1,14 @@ +--- +name: implementing-zero-trust-network-access-with-zscaler +description: Implementing Zero Trust Network Access With Zscaler +domain: cybersecurity +subdomain: security-operations +tags: [cybersecurity] +version: "1.0" +author: mahipal +license: MIT +--- + # Implementing Zero Trust Network Access with Zscaler --- diff --git a/skills/performing-access-review-and-certification/SKILL.md b/skills/performing-access-review-and-certification/SKILL.md index eb899920..1a9d82e4 100644 --- a/skills/performing-access-review-and-certification/SKILL.md +++ b/skills/performing-access-review-and-certification/SKILL.md @@ -1,5 +1,5 @@ --- -name: None +name: performing-access-review-and-certification description: Conduct systematic access reviews and certifications to ensure users have appropriate access rights aligned with their roles. This skill covers review campaign design, reviewer selection, risk-based p domain: cybersecurity subdomain: identity-access-management diff --git a/skills/performing-authenticated-vulnerability-scan/SKILL.md b/skills/performing-authenticated-vulnerability-scan/SKILL.md index 29d206e9..b5f441ec 100644 --- a/skills/performing-authenticated-vulnerability-scan/SKILL.md +++ b/skills/performing-authenticated-vulnerability-scan/SKILL.md @@ -1,5 +1,5 @@ --- -name: None +name: performing-authenticated-vulnerability-scan description: Authenticated (credentialed) vulnerability scanning uses valid system credentials to log into target hosts and perform deep inspection of installed software, patches, configurations, and security sett domain: cybersecurity subdomain: vulnerability-management diff --git a/skills/performing-cloud-native-forensics-with-falco/SKILL.md b/skills/performing-cloud-native-forensics-with-falco/SKILL.md index a4d9bbf8..40665d16 100644 --- a/skills/performing-cloud-native-forensics-with-falco/SKILL.md +++ b/skills/performing-cloud-native-forensics-with-falco/SKILL.md @@ -5,6 +5,12 @@ description: > monitoring syscalls for shell spawns, file tampering, network anomalies, and privilege escalation. Manages Falco rules via the Falco gRPC API and parses Falco alert output. Use when building container runtime security or investigating k8s cluster compromises. +domain: cybersecurity +subdomain: cloud-security +tags: [performing, cloud, native, forensics] +version: "1.0" +author: mahipal +license: MIT --- # Performing Cloud Native Forensics with Falco diff --git a/skills/performing-container-escape-detection/SKILL.md b/skills/performing-container-escape-detection/SKILL.md index ee6a14d8..75a7ba65 100644 --- a/skills/performing-container-escape-detection/SKILL.md +++ b/skills/performing-container-escape-detection/SKILL.md @@ -5,6 +5,12 @@ description: > container checks, dangerous capability assignments, and host path mounts using the kubernetes Python client. Identifies CVE-2022-0492 style escapes via cgroup abuse. Use when auditing container security posture or investigating escape attempts. +domain: cybersecurity +subdomain: container-security +tags: [performing, container, escape, detection] +version: "1.0" +author: mahipal +license: MIT --- # Performing Container Escape Detection diff --git a/skills/performing-dark-web-monitoring-for-threats/SKILL.md b/skills/performing-dark-web-monitoring-for-threats/SKILL.md index 99bb8bf6..fadb40c4 100644 --- a/skills/performing-dark-web-monitoring-for-threats/SKILL.md +++ b/skills/performing-dark-web-monitoring-for-threats/SKILL.md @@ -1,5 +1,5 @@ --- -name: None +name: performing-dark-web-monitoring-for-threats description: Dark web monitoring involves systematically scanning Tor hidden services, underground forums, paste sites, and dark web marketplaces to identify threats targeting an organization, including leaked cre domain: cybersecurity subdomain: threat-intelligence diff --git a/skills/performing-dns-tunneling-detection/SKILL.md b/skills/performing-dns-tunneling-detection/SKILL.md index f0e38e2a..5559d248 100644 --- a/skills/performing-dns-tunneling-detection/SKILL.md +++ b/skills/performing-dns-tunneling-detection/SKILL.md @@ -5,6 +5,12 @@ description: > query length distributions, inspecting TXT record payloads, and identifying high subdomain cardinality. Uses scapy for packet capture analysis and statistical methods to distinguish legitimate DNS from covert channels. Use when hunting for data exfiltration. +domain: cybersecurity +subdomain: security-operations +tags: [performing, dns, tunneling, detection] +version: "1.0" +author: mahipal +license: MIT --- # Performing DNS Tunneling Detection diff --git a/skills/performing-docker-bench-security-assessment/SKILL.md b/skills/performing-docker-bench-security-assessment/SKILL.md index 86901e9f..1c9c8df8 100644 --- a/skills/performing-docker-bench-security-assessment/SKILL.md +++ b/skills/performing-docker-bench-security-assessment/SKILL.md @@ -1,5 +1,5 @@ --- -name: None +name: performing-docker-bench-security-assessment description: Docker Bench for Security is an open-source script that checks dozens of common best practices around deploying Docker containers in production. Based on the CIS Docker Benchmark, it audits host confi domain: cybersecurity subdomain: container-security diff --git a/skills/performing-indicator-lifecycle-management/SKILL.md b/skills/performing-indicator-lifecycle-management/SKILL.md index bd9ea406..66378038 100644 --- a/skills/performing-indicator-lifecycle-management/SKILL.md +++ b/skills/performing-indicator-lifecycle-management/SKILL.md @@ -1,5 +1,5 @@ --- -name: None +name: performing-indicator-lifecycle-management description: Indicator lifecycle management tracks IOCs from initial discovery through validation, enrichment, deployment, monitoring, and eventual retirement. This skill covers implementing systematic processes f domain: cybersecurity subdomain: threat-intelligence diff --git a/skills/performing-kubernetes-penetration-testing/SKILL.md b/skills/performing-kubernetes-penetration-testing/SKILL.md index 5f860831..cec3b082 100644 --- a/skills/performing-kubernetes-penetration-testing/SKILL.md +++ b/skills/performing-kubernetes-penetration-testing/SKILL.md @@ -1,5 +1,5 @@ --- -name: None +name: performing-kubernetes-penetration-testing description: Kubernetes penetration testing systematically evaluates cluster security by simulating attacker techniques against the API server, kubelet, etcd, pods, RBAC, network policies, and secrets. Using tools domain: cybersecurity subdomain: container-security diff --git a/skills/performing-malware-ioc-extraction/SKILL.md b/skills/performing-malware-ioc-extraction/SKILL.md index 130c334c..64837755 100644 --- a/skills/performing-malware-ioc-extraction/SKILL.md +++ b/skills/performing-malware-ioc-extraction/SKILL.md @@ -1,5 +1,5 @@ --- -name: None +name: performing-malware-ioc-extraction description: Malware IOC extraction is the process of analyzing malicious software to identify actionable indicators of compromise including file hashes, network indicators (C2 domains, IP addresses, URLs), regist domain: cybersecurity subdomain: threat-intelligence diff --git a/skills/performing-privileged-account-discovery/SKILL.md b/skills/performing-privileged-account-discovery/SKILL.md index a3f5dbcb..24affa7d 100644 --- a/skills/performing-privileged-account-discovery/SKILL.md +++ b/skills/performing-privileged-account-discovery/SKILL.md @@ -1,5 +1,5 @@ --- -name: None +name: performing-privileged-account-discovery description: Discover and inventory all privileged accounts across enterprise infrastructure including domain admins, local admins, service accounts, database admins, cloud IAM roles, and application admin account domain: cybersecurity subdomain: identity-access-management diff --git a/skills/performing-red-team-phishing-with-gophish/SKILL.md b/skills/performing-red-team-phishing-with-gophish/SKILL.md index 623a1113..87b8d7b2 100644 --- a/skills/performing-red-team-phishing-with-gophish/SKILL.md +++ b/skills/performing-red-team-phishing-with-gophish/SKILL.md @@ -5,6 +5,12 @@ description: >- templates with tracking pixels, configures SMTP sending profiles, builds target groups from CSV, launches campaigns, and analyzes results including open rates, click rates, and credential submission statistics for security awareness assessment. +domain: cybersecurity +subdomain: security-operations +tags: [performing, red, team, phishing] +version: "1.0" +author: mahipal +license: MIT --- ## Instructions diff --git a/skills/performing-service-account-audit/SKILL.md b/skills/performing-service-account-audit/SKILL.md index e0fd7568..5f2d947d 100644 --- a/skills/performing-service-account-audit/SKILL.md +++ b/skills/performing-service-account-audit/SKILL.md @@ -1,5 +1,5 @@ --- -name: None +name: performing-service-account-audit description: Audit service accounts across enterprise infrastructure to identify orphaned, over-privileged, and non-compliant accounts. This skill covers discovery of service accounts in Active Directory, cloud pl domain: cybersecurity subdomain: identity-access-management diff --git a/skills/performing-ssrf-vulnerability-exploitation/SKILL.md b/skills/performing-ssrf-vulnerability-exploitation/SKILL.md index 45376182..17707ba7 100644 --- a/skills/performing-ssrf-vulnerability-exploitation/SKILL.md +++ b/skills/performing-ssrf-vulnerability-exploitation/SKILL.md @@ -5,6 +5,12 @@ description: >- internal network services, and protocol handlers through user-controllable URL parameters. Tests AWS/GCP/Azure metadata APIs (169.254.169.254), internal port scanning via HTTP, URL scheme bypass techniques, and DNS rebinding detection. +domain: cybersecurity +subdomain: security-operations +tags: [performing, ssrf, vulnerability, exploitation] +version: "1.0" +author: mahipal +license: MIT --- ## Instructions diff --git a/skills/performing-threat-emulation-with-atomic-red-team/SKILL.md b/skills/performing-threat-emulation-with-atomic-red-team/SKILL.md index 4d883a97..8e00846a 100644 --- a/skills/performing-threat-emulation-with-atomic-red-team/SKILL.md +++ b/skills/performing-threat-emulation-with-atomic-red-team/SKILL.md @@ -5,6 +5,12 @@ description: > atomic-operator Python framework. Loads test definitions from YAML atomics, runs attack simulations, and validates detection coverage. Use when testing SIEM detection rules, validating EDR coverage, or conducting purple team exercises. +domain: cybersecurity +subdomain: threat-intelligence +tags: [performing, threat, emulation, with] +version: "1.0" +author: mahipal +license: MIT --- # Performing Threat Emulation with Atomic Red Team diff --git a/skills/performing-web-application-scanning-with-nikto/SKILL.md b/skills/performing-web-application-scanning-with-nikto/SKILL.md index 6b3e8a14..b2829e1a 100644 --- a/skills/performing-web-application-scanning-with-nikto/SKILL.md +++ b/skills/performing-web-application-scanning-with-nikto/SKILL.md @@ -1,5 +1,5 @@ --- -name: None +name: performing-web-application-scanning-with-nikto description: Nikto is an open-source web server and web application scanner that tests against over 7,000 potentially dangerous files/programs, checks for outdated versions of over 1,250 servers, and identifies ve domain: cybersecurity subdomain: vulnerability-management diff --git a/skills/prioritizing-vulnerabilities-with-cvss-scoring/SKILL.md b/skills/prioritizing-vulnerabilities-with-cvss-scoring/SKILL.md index fdffe19a..aaad22b6 100644 --- a/skills/prioritizing-vulnerabilities-with-cvss-scoring/SKILL.md +++ b/skills/prioritizing-vulnerabilities-with-cvss-scoring/SKILL.md @@ -1,5 +1,5 @@ --- -name: None +name: prioritizing-vulnerabilities-with-cvss-scoring description: The Common Vulnerability Scoring System (CVSS) is the industry standard framework maintained by FIRST (Forum of Incident Response and Security Teams) for assessing vulnerability severity. CVSS v4.0 (r domain: cybersecurity subdomain: vulnerability-management diff --git a/skills/scanning-docker-images-with-trivy/SKILL.md b/skills/scanning-docker-images-with-trivy/SKILL.md index ace2fcd4..1b48242c 100644 --- a/skills/scanning-docker-images-with-trivy/SKILL.md +++ b/skills/scanning-docker-images-with-trivy/SKILL.md @@ -1,5 +1,5 @@ --- -name: None +name: scanning-docker-images-with-trivy description: Trivy is a comprehensive open-source vulnerability scanner by Aqua Security that detects vulnerabilities in OS packages, language-specific dependencies, misconfigurations, secrets, and license violati domain: cybersecurity subdomain: container-security diff --git a/skills/scanning-infrastructure-with-nessus/SKILL.md b/skills/scanning-infrastructure-with-nessus/SKILL.md index c036955d..e4bea70c 100644 --- a/skills/scanning-infrastructure-with-nessus/SKILL.md +++ b/skills/scanning-infrastructure-with-nessus/SKILL.md @@ -1,5 +1,5 @@ --- -name: None +name: scanning-infrastructure-with-nessus description: Tenable Nessus is the industry-leading vulnerability scanner used to identify security weaknesses across network infrastructure including servers, workstations, network devices, and operating systems. domain: cybersecurity subdomain: vulnerability-management diff --git a/skills/securing-container-registry-with-harbor/SKILL.md b/skills/securing-container-registry-with-harbor/SKILL.md index 1722ad76..a325851a 100644 --- a/skills/securing-container-registry-with-harbor/SKILL.md +++ b/skills/securing-container-registry-with-harbor/SKILL.md @@ -1,5 +1,5 @@ --- -name: None +name: securing-container-registry-with-harbor description: Harbor is an open-source container registry that provides security features including vulnerability scanning (integrated Trivy), image signing (Notary/Cosign), RBAC, content trust policies, replicatio domain: cybersecurity subdomain: container-security diff --git a/skills/tracking-threat-actor-infrastructure/SKILL.md b/skills/tracking-threat-actor-infrastructure/SKILL.md index 85fe94ab..ee9447eb 100644 --- a/skills/tracking-threat-actor-infrastructure/SKILL.md +++ b/skills/tracking-threat-actor-infrastructure/SKILL.md @@ -1,5 +1,5 @@ --- -name: None +name: tracking-threat-actor-infrastructure description: Threat actor infrastructure tracking involves monitoring and mapping adversary-controlled assets including command-and-control (C2) servers, phishing domains, exploit kit hosts, bulletproof hosting, a domain: cybersecurity subdomain: threat-intelligence