creator/Anthropic-Cybersecurity-Skills
1
0
Fork 0
mirror of https://github.com/mukul975/Anthropic-Cybersecurity-Skills.git synced 2026-06-11 05:34:55 +03:00
Code Issues Packages Projects Releases Wiki Activity

chore: auto-update index.json

Browse Source
This commit is contained in:
mukul975
2026-03-10 23:42:14 +00:00
parent aea97ff9ff
commit ab1fc6d87c
1 changed files with 253 additions and 20 deletions
Download Patch File Download Diff File Expand all files Collapse all files
index.json
+253 -20
View File
@@ -1,51 +1,51 @@
{
"version": "1.0.0",
"generated_at": "2026-03-10T23:40:24Z",
"generated_at": "2026-03-10T23:42:14Z",
"repository": "https://github.com/mukul975/Anthropic-Cybersecurity-Skills",
"total_skills": 659,
"total_skills": 673,
"total_domains": 1,
"total_subdomains": 28,
"domain_stats": {
"cybersecurity": 659
"cybersecurity": 673
},
"subdomain_stats": {
"digital-forensics": 35,
"security-operations": 32,
"threat-intelligence": 46,
"malware-analysis": 35,
"security-operations": 33,
"threat-intelligence": 48,
"malware-analysis": 36,
"cloud-security": 51,
"soc-operations": 33,
"mobile-security": 12,
"container-security": 29,
"phishing-defense": 16,
"network-security": 35,
"incident-response": 24,
"network-security": 36,
"incident-response": 25,
"red-teaming": 24,
"devsecops": 16,
"identity-access-management": 34,
"vulnerability-management": 24,
"threat-hunting": 37,
"web-application-security": 41,
"vulnerability-management": 25,
"threat-hunting": 40,
"web-application-security": 42,
"penetration-testing": 23,
"zero-trust-architecture": 13,
"cryptography": 13,
"endpoint-security": 16,
"ot-ics-security": 28,
"api-security": 28,
"threat-detection": 2,
"threat-detection": 4,
"ransomware-defense": 5,
"application-security": 1,
"application-security": 2,
"compliance-governance": 5,
"red-team": 1
},
"top_tags": [
{
"tag": "mitre-attack",
"count": 57
"count": 59
},
{
"tag": "threat-hunting",
"count": 45
"count": 49
},
{
"tag": "penetration-testing",
@@ -53,7 +53,7 @@
},
{
"tag": "threat-intelligence",
"count": 39
"count": 41
},
{
"tag": "cloud-security",
@@ -61,7 +61,7 @@
},
{
"tag": "owasp",
"count": 36
"count": 37
},
{
"tag": "network-security",
@@ -80,11 +80,11 @@
"count": 31
},
{
"tag": "api-security",
"count": 29
"tag": "web-security",
"count": 30
},
{
"tag": "web-security",
"tag": "api-security",
"count": 29
},
{
@@ -320,6 +320,25 @@
"license": "Apache-2.0",
"path": "skills/analyzing-cobalt-strike-malleable-profiles"
},
{
"name": "analyzing-cobaltstrike-malleable-c2-profiles",
"description": "Parse and analyze Cobalt Strike Malleable C2 profiles using dissect.cobaltstrike and pyMalleableC2 to extract C2 indicators, detect evasion techniques, and generate network detection signatures.",
"domain": "cybersecurity",
"subdomain": "malware-analysis",
"tags": [
"cobalt-strike",
"malleable-c2",
"c2-detection",
"beacon-analysis",
"network-signatures",
"threat-hunting",
"red-team-tools"
],
"version": "1.0",
"author": "mukul975",
"license": "Apache-2.0",
"path": "skills/analyzing-cobaltstrike-malleable-c2-profiles"
},
{
"name": "analyzing-command-and-control-communication",
"description": ">",
@@ -760,6 +779,17 @@
"license": "Apache-2.0",
"path": "skills/analyzing-network-flow-data-with-netflow"
},
{
"name": "analyzing-network-packets-with-scapy",
"description": "Craft, send, sniff, and dissect network packets using Scapy for protocol analysis, network reconnaissance, and traffic anomaly detection in authorized security testing",
"domain": "cybersecurity",
"subdomain": "network-security",
"tags": [],
"version": "1.0",
"author": "mukul975",
"license": "Apache-2.0",
"path": "skills/analyzing-network-packets-with-scapy"
},
{
"name": "analyzing-network-traffic-for-incidents",
"description": ">",
@@ -1031,6 +1061,25 @@
"license": "Apache-2.0",
"path": "skills/analyzing-threat-actor-ttps-with-mitre-attack"
},
{
"name": "analyzing-threat-actor-ttps-with-mitre-navigator",
"description": ">",
"domain": "cybersecurity",
"subdomain": "threat-intelligence",
"tags": [
"mitre-attack",
"navigator",
"threat-intelligence",
"apt",
"ttp-mapping",
"stix",
"attackcti"
],
"version": "1.0",
"author": "mukul975",
"license": "Apache-2.0",
"path": "skills/analyzing-threat-actor-ttps-with-mitre-navigator"
},
{
"name": "analyzing-threat-intelligence-feeds",
"description": ">",
@@ -3416,6 +3465,17 @@
"license": "Apache-2.0",
"path": "skills/detecting-container-escape-with-falco-rules"
},
{
"name": "detecting-credential-dumping-techniques",
"description": "Detect LSASS credential dumping, SAM database extraction, and NTDS.dit theft using Sysmon Event ID 10, Windows Security logs, and SIEM correlation rules",
"domain": "cybersecurity",
"subdomain": "threat-detection",
"tags": [],
"version": "1.0",
"author": "mukul975",
"license": "Apache-2.0",
"path": "skills/detecting-credential-dumping-techniques"
},
{
"name": "detecting-credential-dumping-with-edr",
"description": "Detect OS credential dumping techniques including LSASS access, SAM extraction, and DCSync using EDR telemetry and Sysmon logs.",
@@ -3531,6 +3591,25 @@
"license": "Apache-2.0",
"path": "skills/detecting-dns-exfiltration-with-dns-query-analysis"
},
{
"name": "detecting-email-account-compromise",
"description": "Detect compromised O365 and Google Workspace email accounts by analyzing inbox rule creation, suspicious sign-in locations, mail forwarding rules, and unusual API access patterns via Microsoft Graph and audit logs.",
"domain": "cybersecurity",
"subdomain": "incident-response",
"tags": [
"email-compromise",
"office365",
"microsoft-graph",
"bec",
"inbox-rules",
"sign-in-analysis",
"account-takeover"
],
"version": "1.0",
"author": "mukul975",
"license": "Apache-2.0",
"path": "skills/detecting-email-account-compromise"
},
{
"name": "detecting-email-forwarding-rules-attack",
"description": "Detect malicious email forwarding rules created by adversaries to maintain persistent access to email communications for intelligence collection and BEC attacks.",
@@ -3741,6 +3820,24 @@
"license": "Apache-2.0",
"path": "skills/detecting-living-off-the-land-attacks"
},
{
"name": "detecting-malicious-scheduled-tasks-with-sysmon",
"description": ">",
"domain": "cybersecurity",
"subdomain": "threat-hunting",
"tags": [
"sysmon",
"scheduled-tasks",
"persistence",
"detection",
"threat-hunting",
"windows-security"
],
"version": "1.0",
"author": "mukul975",
"license": "Apache-2.0",
"path": "skills/detecting-malicious-scheduled-tasks-with-sysmon"
},
{
"name": "detecting-mimikatz-execution-patterns",
"description": "Detect Mimikatz execution through command-line patterns, LSASS access signatures, binary indicators, and in-memory detection of known modules.",
@@ -3891,6 +3988,17 @@
"license": "Apache-2.0",
"path": "skills/detecting-pass-the-hash-attacks"
},
{
"name": "detecting-pass-the-ticket-attacks",
"description": "Detect Kerberos Pass-the-Ticket (PtT) attacks by analyzing Windows Event IDs 4768, 4769, and 4771 for anomalous ticket usage patterns in Splunk and Elastic SIEM",
"domain": "cybersecurity",
"subdomain": "threat-detection",
"tags": [],
"version": "1.0",
"author": "mukul975",
"license": "Apache-2.0",
"path": "skills/detecting-pass-the-ticket-attacks"
},
{
"name": "detecting-port-scanning-with-fail2ban",
"description": ">",
@@ -5203,6 +5311,25 @@
"license": "Apache-2.0",
"path": "skills/hunting-credential-stuffing-attacks"
},
{
"name": "hunting-for-anomalous-powershell-execution",
"description": ">",
"domain": "cybersecurity",
"subdomain": "threat-hunting",
"tags": [
"powershell",
"script-block-logging",
"event-4104",
"amsi",
"threat-hunting",
"evtx",
"obfuscation"
],
"version": "1.0",
"author": "mukul975",
"license": "Apache-2.0",
"path": "skills/hunting-for-anomalous-powershell-execution"
},
{
"name": "hunting-for-beaconing-with-frequency-analysis",
"description": "Identify command-and-control beaconing patterns in network traffic by applying statistical frequency analysis, jitter calculation, and coefficient of variation scoring to detect periodic callbacks from compromised endpoints.",
@@ -5391,6 +5518,25 @@
"license": "Apache-2.0",
"path": "skills/hunting-for-registry-persistence-mechanisms"
},
{
"name": "hunting-for-registry-run-key-persistence",
"description": "Detect MITRE ATT&CK T1547.001 registry Run key persistence by analyzing Sysmon Event ID 13 logs and registry queries to identify malicious auto-start entries.",
"domain": "cybersecurity",
"subdomain": "threat-hunting",
"tags": [
"persistence",
"registry-run-keys",
"t1547-001",
"sysmon",
"threat-hunting",
"windows-forensics",
"mitre-attack"
],
"version": "1.0",
"author": "mukul975",
"license": "Apache-2.0",
"path": "skills/hunting-for-registry-run-key-persistence"
},
{
"name": "hunting-for-scheduled-task-persistence",
"description": "Hunt for adversary persistence via Windows Scheduled Tasks by analyzing task creation events, suspicious task actions, and unusual scheduling patterns.",
@@ -7787,6 +7933,17 @@
"license": "Apache-2.0",
"path": "skills/implementing-siem-correlation-rules-for-apt"
},
{
"name": "implementing-siem-use-case-tuning",
"description": "Tune SIEM detection rules to reduce false positives by analyzing alert volumes, creating whitelists, adjusting thresholds, and measuring detection efficacy metrics in Splunk and Elastic",
"domain": "cybersecurity",
"subdomain": "security-operations",
"tags": [],
"version": "1.0",
"author": "mukul975",
"license": "Apache-2.0",
"path": "skills/implementing-siem-use-case-tuning"
},
{
"name": "implementing-siem-use-cases-for-detection",
"description": ">",
@@ -8036,6 +8193,25 @@
"license": "Apache-2.0",
"path": "skills/implementing-velociraptor-for-ir-collection"
},
{
"name": "implementing-vulnerability-management-with-greenbone",
"description": "Deploy and operate Greenbone/OpenVAS vulnerability management using the python-gvm library to create scan targets, execute vulnerability scans, and parse scan reports via GMP protocol.",
"domain": "cybersecurity",
"subdomain": "vulnerability-management",
"tags": [
"openvas",
"greenbone",
"vulnerability-scanning",
"gmp",
"python-gvm",
"vulnerability-management",
"compliance"
],
"version": "1.0",
"author": "mukul975",
"license": "Apache-2.0",
"path": "skills/implementing-vulnerability-management-with-greenbone"
},
{
"name": "implementing-vulnerability-remediation-sla",
"description": "Vulnerability remediation SLAs define mandatory timeframes for patching or mitigating identified vulnerabilities based on severity, asset criticality, and exploit availability. Effective SLA programs",
@@ -8073,6 +8249,25 @@
"license": "Apache-2.0",
"path": "skills/implementing-vulnerability-sla-breach-alerting"
},
{
"name": "implementing-web-application-logging-with-modsecurity",
"description": ">",
"domain": "cybersecurity",
"subdomain": "web-application-security",
"tags": [
"modsecurity",
"waf",
"crs",
"owasp",
"web-security",
"audit-logging",
"rule-tuning"
],
"version": "1.0",
"author": "mukul975",
"license": "Apache-2.0",
"path": "skills/implementing-web-application-logging-with-modsecurity"
},
{
"name": "implementing-zero-knowledge-proof-for-authentication",
"description": "Zero-Knowledge Proofs (ZKPs) allow a prover to demonstrate knowledge of a secret (such as a password or private key) without revealing the secret itself. This skill implements the Schnorr identificati",
@@ -9434,6 +9629,24 @@
"license": "Apache-2.0",
"path": "skills/performing-firmware-malware-analysis"
},
{
"name": "performing-fuzzing-with-aflplusplus",
"description": ">",
"domain": "cybersecurity",
"subdomain": "application-security",
"tags": [
"fuzzing",
"aflplusplus",
"coverage-guided",
"crash-triage",
"binary-analysis",
"security-testing"
],
"version": "1.0",
"author": "mukul975",
"license": "Apache-2.0",
"path": "skills/performing-fuzzing-with-aflplusplus"
},
{
"name": "performing-gcp-security-assessment-with-forseti",
"description": ">",
@@ -10927,6 +11140,26 @@
"license": "Apache-2.0",
"path": "skills/performing-threat-hunting-with-yara-rules"
},
{
"name": "performing-threat-intelligence-sharing-with-misp",
"description": "Use PyMISP to create, enrich, and share threat intelligence events on a MISP platform, including IOC management, feed integration, STIX export, and community sharing workflows.",
"domain": "cybersecurity",
"subdomain": "threat-intelligence",
"tags": [
"misp",
"pymisp",
"threat-intelligence",
"ioc-sharing",
"stix",
"taxii",
"threat-feeds",
"information-sharing"
],
"version": "1.0",
"author": "mukul975",
"license": "Apache-2.0",
"path": "skills/performing-threat-intelligence-sharing-with-misp"
},
{
"name": "performing-threat-landscape-assessment-for-sector",
"description": "Conduct a sector-specific threat landscape assessment by analyzing threat actor targeting patterns, common attack vectors, and industry-specific vulnerabilities to inform organizational risk management.",