diff --git a/index.json b/index.json index ac37c596..849e8683 100644 --- a/index.json +++ b/index.json @@ -1,51 +1,51 @@ { "version": "1.0.0", - "generated_at": "2026-03-10T23:40:24Z", + "generated_at": "2026-03-10T23:42:14Z", "repository": "https://github.com/mukul975/Anthropic-Cybersecurity-Skills", - "total_skills": 659, + "total_skills": 673, "total_domains": 1, "total_subdomains": 28, "domain_stats": { - "cybersecurity": 659 + "cybersecurity": 673 }, "subdomain_stats": { "digital-forensics": 35, - "security-operations": 32, - "threat-intelligence": 46, - "malware-analysis": 35, + "security-operations": 33, + "threat-intelligence": 48, + "malware-analysis": 36, "cloud-security": 51, "soc-operations": 33, "mobile-security": 12, "container-security": 29, "phishing-defense": 16, - "network-security": 35, - "incident-response": 24, + "network-security": 36, + "incident-response": 25, "red-teaming": 24, "devsecops": 16, "identity-access-management": 34, - "vulnerability-management": 24, - "threat-hunting": 37, - "web-application-security": 41, + "vulnerability-management": 25, + "threat-hunting": 40, + "web-application-security": 42, "penetration-testing": 23, "zero-trust-architecture": 13, "cryptography": 13, "endpoint-security": 16, "ot-ics-security": 28, "api-security": 28, - "threat-detection": 2, + "threat-detection": 4, "ransomware-defense": 5, - "application-security": 1, + "application-security": 2, "compliance-governance": 5, "red-team": 1 }, "top_tags": [ { "tag": "mitre-attack", - "count": 57 + "count": 59 }, { "tag": "threat-hunting", - "count": 45 + "count": 49 }, { "tag": "penetration-testing", @@ -53,7 +53,7 @@ }, { "tag": "threat-intelligence", - "count": 39 + "count": 41 }, { "tag": "cloud-security", @@ -61,7 +61,7 @@ }, { "tag": "owasp", - "count": 36 + "count": 37 }, { "tag": "network-security", @@ -80,11 +80,11 @@ "count": 31 }, { - "tag": "api-security", - "count": 29 + "tag": "web-security", + "count": 30 }, { - "tag": "web-security", + "tag": "api-security", "count": 29 }, { @@ -320,6 +320,25 @@ "license": "Apache-2.0", "path": "skills/analyzing-cobalt-strike-malleable-profiles" }, + { + "name": "analyzing-cobaltstrike-malleable-c2-profiles", + "description": "Parse and analyze Cobalt Strike Malleable C2 profiles using dissect.cobaltstrike and pyMalleableC2 to extract C2 indicators, detect evasion techniques, and generate network detection signatures.", + "domain": "cybersecurity", + "subdomain": "malware-analysis", + "tags": [ + "cobalt-strike", + "malleable-c2", + "c2-detection", + "beacon-analysis", + "network-signatures", + "threat-hunting", + "red-team-tools" + ], + "version": "1.0", + "author": "mukul975", + "license": "Apache-2.0", + "path": "skills/analyzing-cobaltstrike-malleable-c2-profiles" + }, { "name": "analyzing-command-and-control-communication", "description": ">", @@ -760,6 +779,17 @@ "license": "Apache-2.0", "path": "skills/analyzing-network-flow-data-with-netflow" }, + { + "name": "analyzing-network-packets-with-scapy", + "description": "Craft, send, sniff, and dissect network packets using Scapy for protocol analysis, network reconnaissance, and traffic anomaly detection in authorized security testing", + "domain": "cybersecurity", + "subdomain": "network-security", + "tags": [], + "version": "1.0", + "author": "mukul975", + "license": "Apache-2.0", + "path": "skills/analyzing-network-packets-with-scapy" + }, { "name": "analyzing-network-traffic-for-incidents", "description": ">", @@ -1031,6 +1061,25 @@ "license": "Apache-2.0", "path": "skills/analyzing-threat-actor-ttps-with-mitre-attack" }, + { + "name": "analyzing-threat-actor-ttps-with-mitre-navigator", + "description": ">", + "domain": "cybersecurity", + "subdomain": "threat-intelligence", + "tags": [ + "mitre-attack", + "navigator", + "threat-intelligence", + "apt", + "ttp-mapping", + "stix", + "attackcti" + ], + "version": "1.0", + "author": "mukul975", + "license": "Apache-2.0", + "path": "skills/analyzing-threat-actor-ttps-with-mitre-navigator" + }, { "name": "analyzing-threat-intelligence-feeds", "description": ">", @@ -3416,6 +3465,17 @@ "license": "Apache-2.0", "path": "skills/detecting-container-escape-with-falco-rules" }, + { + "name": "detecting-credential-dumping-techniques", + "description": "Detect LSASS credential dumping, SAM database extraction, and NTDS.dit theft using Sysmon Event ID 10, Windows Security logs, and SIEM correlation rules", + "domain": "cybersecurity", + "subdomain": "threat-detection", + "tags": [], + "version": "1.0", + "author": "mukul975", + "license": "Apache-2.0", + "path": "skills/detecting-credential-dumping-techniques" + }, { "name": "detecting-credential-dumping-with-edr", "description": "Detect OS credential dumping techniques including LSASS access, SAM extraction, and DCSync using EDR telemetry and Sysmon logs.", @@ -3531,6 +3591,25 @@ "license": "Apache-2.0", "path": "skills/detecting-dns-exfiltration-with-dns-query-analysis" }, + { + "name": "detecting-email-account-compromise", + "description": "Detect compromised O365 and Google Workspace email accounts by analyzing inbox rule creation, suspicious sign-in locations, mail forwarding rules, and unusual API access patterns via Microsoft Graph and audit logs.", + "domain": "cybersecurity", + "subdomain": "incident-response", + "tags": [ + "email-compromise", + "office365", + "microsoft-graph", + "bec", + "inbox-rules", + "sign-in-analysis", + "account-takeover" + ], + "version": "1.0", + "author": "mukul975", + "license": "Apache-2.0", + "path": "skills/detecting-email-account-compromise" + }, { "name": "detecting-email-forwarding-rules-attack", "description": "Detect malicious email forwarding rules created by adversaries to maintain persistent access to email communications for intelligence collection and BEC attacks.", @@ -3741,6 +3820,24 @@ "license": "Apache-2.0", "path": "skills/detecting-living-off-the-land-attacks" }, + { + "name": "detecting-malicious-scheduled-tasks-with-sysmon", + "description": ">", + "domain": "cybersecurity", + "subdomain": "threat-hunting", + "tags": [ + "sysmon", + "scheduled-tasks", + "persistence", + "detection", + "threat-hunting", + "windows-security" + ], + "version": "1.0", + "author": "mukul975", + "license": "Apache-2.0", + "path": "skills/detecting-malicious-scheduled-tasks-with-sysmon" + }, { "name": "detecting-mimikatz-execution-patterns", "description": "Detect Mimikatz execution through command-line patterns, LSASS access signatures, binary indicators, and in-memory detection of known modules.", @@ -3891,6 +3988,17 @@ "license": "Apache-2.0", "path": "skills/detecting-pass-the-hash-attacks" }, + { + "name": "detecting-pass-the-ticket-attacks", + "description": "Detect Kerberos Pass-the-Ticket (PtT) attacks by analyzing Windows Event IDs 4768, 4769, and 4771 for anomalous ticket usage patterns in Splunk and Elastic SIEM", + "domain": "cybersecurity", + "subdomain": "threat-detection", + "tags": [], + "version": "1.0", + "author": "mukul975", + "license": "Apache-2.0", + "path": "skills/detecting-pass-the-ticket-attacks" + }, { "name": "detecting-port-scanning-with-fail2ban", "description": ">", @@ -5203,6 +5311,25 @@ "license": "Apache-2.0", "path": "skills/hunting-credential-stuffing-attacks" }, + { + "name": "hunting-for-anomalous-powershell-execution", + "description": ">", + "domain": "cybersecurity", + "subdomain": "threat-hunting", + "tags": [ + "powershell", + "script-block-logging", + "event-4104", + "amsi", + "threat-hunting", + "evtx", + "obfuscation" + ], + "version": "1.0", + "author": "mukul975", + "license": "Apache-2.0", + "path": "skills/hunting-for-anomalous-powershell-execution" + }, { "name": "hunting-for-beaconing-with-frequency-analysis", "description": "Identify command-and-control beaconing patterns in network traffic by applying statistical frequency analysis, jitter calculation, and coefficient of variation scoring to detect periodic callbacks from compromised endpoints.", @@ -5391,6 +5518,25 @@ "license": "Apache-2.0", "path": "skills/hunting-for-registry-persistence-mechanisms" }, + { + "name": "hunting-for-registry-run-key-persistence", + "description": "Detect MITRE ATT&CK T1547.001 registry Run key persistence by analyzing Sysmon Event ID 13 logs and registry queries to identify malicious auto-start entries.", + "domain": "cybersecurity", + "subdomain": "threat-hunting", + "tags": [ + "persistence", + "registry-run-keys", + "t1547-001", + "sysmon", + "threat-hunting", + "windows-forensics", + "mitre-attack" + ], + "version": "1.0", + "author": "mukul975", + "license": "Apache-2.0", + "path": "skills/hunting-for-registry-run-key-persistence" + }, { "name": "hunting-for-scheduled-task-persistence", "description": "Hunt for adversary persistence via Windows Scheduled Tasks by analyzing task creation events, suspicious task actions, and unusual scheduling patterns.", @@ -7787,6 +7933,17 @@ "license": "Apache-2.0", "path": "skills/implementing-siem-correlation-rules-for-apt" }, + { + "name": "implementing-siem-use-case-tuning", + "description": "Tune SIEM detection rules to reduce false positives by analyzing alert volumes, creating whitelists, adjusting thresholds, and measuring detection efficacy metrics in Splunk and Elastic", + "domain": "cybersecurity", + "subdomain": "security-operations", + "tags": [], + "version": "1.0", + "author": "mukul975", + "license": "Apache-2.0", + "path": "skills/implementing-siem-use-case-tuning" + }, { "name": "implementing-siem-use-cases-for-detection", "description": ">", @@ -8036,6 +8193,25 @@ "license": "Apache-2.0", "path": "skills/implementing-velociraptor-for-ir-collection" }, + { + "name": "implementing-vulnerability-management-with-greenbone", + "description": "Deploy and operate Greenbone/OpenVAS vulnerability management using the python-gvm library to create scan targets, execute vulnerability scans, and parse scan reports via GMP protocol.", + "domain": "cybersecurity", + "subdomain": "vulnerability-management", + "tags": [ + "openvas", + "greenbone", + "vulnerability-scanning", + "gmp", + "python-gvm", + "vulnerability-management", + "compliance" + ], + "version": "1.0", + "author": "mukul975", + "license": "Apache-2.0", + "path": "skills/implementing-vulnerability-management-with-greenbone" + }, { "name": "implementing-vulnerability-remediation-sla", "description": "Vulnerability remediation SLAs define mandatory timeframes for patching or mitigating identified vulnerabilities based on severity, asset criticality, and exploit availability. Effective SLA programs", @@ -8073,6 +8249,25 @@ "license": "Apache-2.0", "path": "skills/implementing-vulnerability-sla-breach-alerting" }, + { + "name": "implementing-web-application-logging-with-modsecurity", + "description": ">", + "domain": "cybersecurity", + "subdomain": "web-application-security", + "tags": [ + "modsecurity", + "waf", + "crs", + "owasp", + "web-security", + "audit-logging", + "rule-tuning" + ], + "version": "1.0", + "author": "mukul975", + "license": "Apache-2.0", + "path": "skills/implementing-web-application-logging-with-modsecurity" + }, { "name": "implementing-zero-knowledge-proof-for-authentication", "description": "Zero-Knowledge Proofs (ZKPs) allow a prover to demonstrate knowledge of a secret (such as a password or private key) without revealing the secret itself. This skill implements the Schnorr identificati", @@ -9434,6 +9629,24 @@ "license": "Apache-2.0", "path": "skills/performing-firmware-malware-analysis" }, + { + "name": "performing-fuzzing-with-aflplusplus", + "description": ">", + "domain": "cybersecurity", + "subdomain": "application-security", + "tags": [ + "fuzzing", + "aflplusplus", + "coverage-guided", + "crash-triage", + "binary-analysis", + "security-testing" + ], + "version": "1.0", + "author": "mukul975", + "license": "Apache-2.0", + "path": "skills/performing-fuzzing-with-aflplusplus" + }, { "name": "performing-gcp-security-assessment-with-forseti", "description": ">", @@ -10927,6 +11140,26 @@ "license": "Apache-2.0", "path": "skills/performing-threat-hunting-with-yara-rules" }, + { + "name": "performing-threat-intelligence-sharing-with-misp", + "description": "Use PyMISP to create, enrich, and share threat intelligence events on a MISP platform, including IOC management, feed integration, STIX export, and community sharing workflows.", + "domain": "cybersecurity", + "subdomain": "threat-intelligence", + "tags": [ + "misp", + "pymisp", + "threat-intelligence", + "ioc-sharing", + "stix", + "taxii", + "threat-feeds", + "information-sharing" + ], + "version": "1.0", + "author": "mukul975", + "license": "Apache-2.0", + "path": "skills/performing-threat-intelligence-sharing-with-misp" + }, { "name": "performing-threat-landscape-assessment-for-sector", "description": "Conduct a sector-specific threat landscape assessment by analyzing threat actor targeting patterns, common attack vectors, and industry-specific vulnerabilities to inform organizational risk management.",