chore: auto-update index.json

This commit is contained in:
mukul975
2026-03-10 23:42:14 +00:00
parent aea97ff9ff
commit ab1fc6d87c
+253 -20
View File
@@ -1,51 +1,51 @@
{ {
"version": "1.0.0", "version": "1.0.0",
"generated_at": "2026-03-10T23:40:24Z", "generated_at": "2026-03-10T23:42:14Z",
"repository": "https://github.com/mukul975/Anthropic-Cybersecurity-Skills", "repository": "https://github.com/mukul975/Anthropic-Cybersecurity-Skills",
"total_skills": 659, "total_skills": 673,
"total_domains": 1, "total_domains": 1,
"total_subdomains": 28, "total_subdomains": 28,
"domain_stats": { "domain_stats": {
"cybersecurity": 659 "cybersecurity": 673
}, },
"subdomain_stats": { "subdomain_stats": {
"digital-forensics": 35, "digital-forensics": 35,
"security-operations": 32, "security-operations": 33,
"threat-intelligence": 46, "threat-intelligence": 48,
"malware-analysis": 35, "malware-analysis": 36,
"cloud-security": 51, "cloud-security": 51,
"soc-operations": 33, "soc-operations": 33,
"mobile-security": 12, "mobile-security": 12,
"container-security": 29, "container-security": 29,
"phishing-defense": 16, "phishing-defense": 16,
"network-security": 35, "network-security": 36,
"incident-response": 24, "incident-response": 25,
"red-teaming": 24, "red-teaming": 24,
"devsecops": 16, "devsecops": 16,
"identity-access-management": 34, "identity-access-management": 34,
"vulnerability-management": 24, "vulnerability-management": 25,
"threat-hunting": 37, "threat-hunting": 40,
"web-application-security": 41, "web-application-security": 42,
"penetration-testing": 23, "penetration-testing": 23,
"zero-trust-architecture": 13, "zero-trust-architecture": 13,
"cryptography": 13, "cryptography": 13,
"endpoint-security": 16, "endpoint-security": 16,
"ot-ics-security": 28, "ot-ics-security": 28,
"api-security": 28, "api-security": 28,
"threat-detection": 2, "threat-detection": 4,
"ransomware-defense": 5, "ransomware-defense": 5,
"application-security": 1, "application-security": 2,
"compliance-governance": 5, "compliance-governance": 5,
"red-team": 1 "red-team": 1
}, },
"top_tags": [ "top_tags": [
{ {
"tag": "mitre-attack", "tag": "mitre-attack",
"count": 57 "count": 59
}, },
{ {
"tag": "threat-hunting", "tag": "threat-hunting",
"count": 45 "count": 49
}, },
{ {
"tag": "penetration-testing", "tag": "penetration-testing",
@@ -53,7 +53,7 @@
}, },
{ {
"tag": "threat-intelligence", "tag": "threat-intelligence",
"count": 39 "count": 41
}, },
{ {
"tag": "cloud-security", "tag": "cloud-security",
@@ -61,7 +61,7 @@
}, },
{ {
"tag": "owasp", "tag": "owasp",
"count": 36 "count": 37
}, },
{ {
"tag": "network-security", "tag": "network-security",
@@ -80,11 +80,11 @@
"count": 31 "count": 31
}, },
{ {
"tag": "api-security", "tag": "web-security",
"count": 29 "count": 30
}, },
{ {
"tag": "web-security", "tag": "api-security",
"count": 29 "count": 29
}, },
{ {
@@ -320,6 +320,25 @@
"license": "Apache-2.0", "license": "Apache-2.0",
"path": "skills/analyzing-cobalt-strike-malleable-profiles" "path": "skills/analyzing-cobalt-strike-malleable-profiles"
}, },
{
"name": "analyzing-cobaltstrike-malleable-c2-profiles",
"description": "Parse and analyze Cobalt Strike Malleable C2 profiles using dissect.cobaltstrike and pyMalleableC2 to extract C2 indicators, detect evasion techniques, and generate network detection signatures.",
"domain": "cybersecurity",
"subdomain": "malware-analysis",
"tags": [
"cobalt-strike",
"malleable-c2",
"c2-detection",
"beacon-analysis",
"network-signatures",
"threat-hunting",
"red-team-tools"
],
"version": "1.0",
"author": "mukul975",
"license": "Apache-2.0",
"path": "skills/analyzing-cobaltstrike-malleable-c2-profiles"
},
{ {
"name": "analyzing-command-and-control-communication", "name": "analyzing-command-and-control-communication",
"description": ">", "description": ">",
@@ -760,6 +779,17 @@
"license": "Apache-2.0", "license": "Apache-2.0",
"path": "skills/analyzing-network-flow-data-with-netflow" "path": "skills/analyzing-network-flow-data-with-netflow"
}, },
{
"name": "analyzing-network-packets-with-scapy",
"description": "Craft, send, sniff, and dissect network packets using Scapy for protocol analysis, network reconnaissance, and traffic anomaly detection in authorized security testing",
"domain": "cybersecurity",
"subdomain": "network-security",
"tags": [],
"version": "1.0",
"author": "mukul975",
"license": "Apache-2.0",
"path": "skills/analyzing-network-packets-with-scapy"
},
{ {
"name": "analyzing-network-traffic-for-incidents", "name": "analyzing-network-traffic-for-incidents",
"description": ">", "description": ">",
@@ -1031,6 +1061,25 @@
"license": "Apache-2.0", "license": "Apache-2.0",
"path": "skills/analyzing-threat-actor-ttps-with-mitre-attack" "path": "skills/analyzing-threat-actor-ttps-with-mitre-attack"
}, },
{
"name": "analyzing-threat-actor-ttps-with-mitre-navigator",
"description": ">",
"domain": "cybersecurity",
"subdomain": "threat-intelligence",
"tags": [
"mitre-attack",
"navigator",
"threat-intelligence",
"apt",
"ttp-mapping",
"stix",
"attackcti"
],
"version": "1.0",
"author": "mukul975",
"license": "Apache-2.0",
"path": "skills/analyzing-threat-actor-ttps-with-mitre-navigator"
},
{ {
"name": "analyzing-threat-intelligence-feeds", "name": "analyzing-threat-intelligence-feeds",
"description": ">", "description": ">",
@@ -3416,6 +3465,17 @@
"license": "Apache-2.0", "license": "Apache-2.0",
"path": "skills/detecting-container-escape-with-falco-rules" "path": "skills/detecting-container-escape-with-falco-rules"
}, },
{
"name": "detecting-credential-dumping-techniques",
"description": "Detect LSASS credential dumping, SAM database extraction, and NTDS.dit theft using Sysmon Event ID 10, Windows Security logs, and SIEM correlation rules",
"domain": "cybersecurity",
"subdomain": "threat-detection",
"tags": [],
"version": "1.0",
"author": "mukul975",
"license": "Apache-2.0",
"path": "skills/detecting-credential-dumping-techniques"
},
{ {
"name": "detecting-credential-dumping-with-edr", "name": "detecting-credential-dumping-with-edr",
"description": "Detect OS credential dumping techniques including LSASS access, SAM extraction, and DCSync using EDR telemetry and Sysmon logs.", "description": "Detect OS credential dumping techniques including LSASS access, SAM extraction, and DCSync using EDR telemetry and Sysmon logs.",
@@ -3531,6 +3591,25 @@
"license": "Apache-2.0", "license": "Apache-2.0",
"path": "skills/detecting-dns-exfiltration-with-dns-query-analysis" "path": "skills/detecting-dns-exfiltration-with-dns-query-analysis"
}, },
{
"name": "detecting-email-account-compromise",
"description": "Detect compromised O365 and Google Workspace email accounts by analyzing inbox rule creation, suspicious sign-in locations, mail forwarding rules, and unusual API access patterns via Microsoft Graph and audit logs.",
"domain": "cybersecurity",
"subdomain": "incident-response",
"tags": [
"email-compromise",
"office365",
"microsoft-graph",
"bec",
"inbox-rules",
"sign-in-analysis",
"account-takeover"
],
"version": "1.0",
"author": "mukul975",
"license": "Apache-2.0",
"path": "skills/detecting-email-account-compromise"
},
{ {
"name": "detecting-email-forwarding-rules-attack", "name": "detecting-email-forwarding-rules-attack",
"description": "Detect malicious email forwarding rules created by adversaries to maintain persistent access to email communications for intelligence collection and BEC attacks.", "description": "Detect malicious email forwarding rules created by adversaries to maintain persistent access to email communications for intelligence collection and BEC attacks.",
@@ -3741,6 +3820,24 @@
"license": "Apache-2.0", "license": "Apache-2.0",
"path": "skills/detecting-living-off-the-land-attacks" "path": "skills/detecting-living-off-the-land-attacks"
}, },
{
"name": "detecting-malicious-scheduled-tasks-with-sysmon",
"description": ">",
"domain": "cybersecurity",
"subdomain": "threat-hunting",
"tags": [
"sysmon",
"scheduled-tasks",
"persistence",
"detection",
"threat-hunting",
"windows-security"
],
"version": "1.0",
"author": "mukul975",
"license": "Apache-2.0",
"path": "skills/detecting-malicious-scheduled-tasks-with-sysmon"
},
{ {
"name": "detecting-mimikatz-execution-patterns", "name": "detecting-mimikatz-execution-patterns",
"description": "Detect Mimikatz execution through command-line patterns, LSASS access signatures, binary indicators, and in-memory detection of known modules.", "description": "Detect Mimikatz execution through command-line patterns, LSASS access signatures, binary indicators, and in-memory detection of known modules.",
@@ -3891,6 +3988,17 @@
"license": "Apache-2.0", "license": "Apache-2.0",
"path": "skills/detecting-pass-the-hash-attacks" "path": "skills/detecting-pass-the-hash-attacks"
}, },
{
"name": "detecting-pass-the-ticket-attacks",
"description": "Detect Kerberos Pass-the-Ticket (PtT) attacks by analyzing Windows Event IDs 4768, 4769, and 4771 for anomalous ticket usage patterns in Splunk and Elastic SIEM",
"domain": "cybersecurity",
"subdomain": "threat-detection",
"tags": [],
"version": "1.0",
"author": "mukul975",
"license": "Apache-2.0",
"path": "skills/detecting-pass-the-ticket-attacks"
},
{ {
"name": "detecting-port-scanning-with-fail2ban", "name": "detecting-port-scanning-with-fail2ban",
"description": ">", "description": ">",
@@ -5203,6 +5311,25 @@
"license": "Apache-2.0", "license": "Apache-2.0",
"path": "skills/hunting-credential-stuffing-attacks" "path": "skills/hunting-credential-stuffing-attacks"
}, },
{
"name": "hunting-for-anomalous-powershell-execution",
"description": ">",
"domain": "cybersecurity",
"subdomain": "threat-hunting",
"tags": [
"powershell",
"script-block-logging",
"event-4104",
"amsi",
"threat-hunting",
"evtx",
"obfuscation"
],
"version": "1.0",
"author": "mukul975",
"license": "Apache-2.0",
"path": "skills/hunting-for-anomalous-powershell-execution"
},
{ {
"name": "hunting-for-beaconing-with-frequency-analysis", "name": "hunting-for-beaconing-with-frequency-analysis",
"description": "Identify command-and-control beaconing patterns in network traffic by applying statistical frequency analysis, jitter calculation, and coefficient of variation scoring to detect periodic callbacks from compromised endpoints.", "description": "Identify command-and-control beaconing patterns in network traffic by applying statistical frequency analysis, jitter calculation, and coefficient of variation scoring to detect periodic callbacks from compromised endpoints.",
@@ -5391,6 +5518,25 @@
"license": "Apache-2.0", "license": "Apache-2.0",
"path": "skills/hunting-for-registry-persistence-mechanisms" "path": "skills/hunting-for-registry-persistence-mechanisms"
}, },
{
"name": "hunting-for-registry-run-key-persistence",
"description": "Detect MITRE ATT&CK T1547.001 registry Run key persistence by analyzing Sysmon Event ID 13 logs and registry queries to identify malicious auto-start entries.",
"domain": "cybersecurity",
"subdomain": "threat-hunting",
"tags": [
"persistence",
"registry-run-keys",
"t1547-001",
"sysmon",
"threat-hunting",
"windows-forensics",
"mitre-attack"
],
"version": "1.0",
"author": "mukul975",
"license": "Apache-2.0",
"path": "skills/hunting-for-registry-run-key-persistence"
},
{ {
"name": "hunting-for-scheduled-task-persistence", "name": "hunting-for-scheduled-task-persistence",
"description": "Hunt for adversary persistence via Windows Scheduled Tasks by analyzing task creation events, suspicious task actions, and unusual scheduling patterns.", "description": "Hunt for adversary persistence via Windows Scheduled Tasks by analyzing task creation events, suspicious task actions, and unusual scheduling patterns.",
@@ -7787,6 +7933,17 @@
"license": "Apache-2.0", "license": "Apache-2.0",
"path": "skills/implementing-siem-correlation-rules-for-apt" "path": "skills/implementing-siem-correlation-rules-for-apt"
}, },
{
"name": "implementing-siem-use-case-tuning",
"description": "Tune SIEM detection rules to reduce false positives by analyzing alert volumes, creating whitelists, adjusting thresholds, and measuring detection efficacy metrics in Splunk and Elastic",
"domain": "cybersecurity",
"subdomain": "security-operations",
"tags": [],
"version": "1.0",
"author": "mukul975",
"license": "Apache-2.0",
"path": "skills/implementing-siem-use-case-tuning"
},
{ {
"name": "implementing-siem-use-cases-for-detection", "name": "implementing-siem-use-cases-for-detection",
"description": ">", "description": ">",
@@ -8036,6 +8193,25 @@
"license": "Apache-2.0", "license": "Apache-2.0",
"path": "skills/implementing-velociraptor-for-ir-collection" "path": "skills/implementing-velociraptor-for-ir-collection"
}, },
{
"name": "implementing-vulnerability-management-with-greenbone",
"description": "Deploy and operate Greenbone/OpenVAS vulnerability management using the python-gvm library to create scan targets, execute vulnerability scans, and parse scan reports via GMP protocol.",
"domain": "cybersecurity",
"subdomain": "vulnerability-management",
"tags": [
"openvas",
"greenbone",
"vulnerability-scanning",
"gmp",
"python-gvm",
"vulnerability-management",
"compliance"
],
"version": "1.0",
"author": "mukul975",
"license": "Apache-2.0",
"path": "skills/implementing-vulnerability-management-with-greenbone"
},
{ {
"name": "implementing-vulnerability-remediation-sla", "name": "implementing-vulnerability-remediation-sla",
"description": "Vulnerability remediation SLAs define mandatory timeframes for patching or mitigating identified vulnerabilities based on severity, asset criticality, and exploit availability. Effective SLA programs", "description": "Vulnerability remediation SLAs define mandatory timeframes for patching or mitigating identified vulnerabilities based on severity, asset criticality, and exploit availability. Effective SLA programs",
@@ -8073,6 +8249,25 @@
"license": "Apache-2.0", "license": "Apache-2.0",
"path": "skills/implementing-vulnerability-sla-breach-alerting" "path": "skills/implementing-vulnerability-sla-breach-alerting"
}, },
{
"name": "implementing-web-application-logging-with-modsecurity",
"description": ">",
"domain": "cybersecurity",
"subdomain": "web-application-security",
"tags": [
"modsecurity",
"waf",
"crs",
"owasp",
"web-security",
"audit-logging",
"rule-tuning"
],
"version": "1.0",
"author": "mukul975",
"license": "Apache-2.0",
"path": "skills/implementing-web-application-logging-with-modsecurity"
},
{ {
"name": "implementing-zero-knowledge-proof-for-authentication", "name": "implementing-zero-knowledge-proof-for-authentication",
"description": "Zero-Knowledge Proofs (ZKPs) allow a prover to demonstrate knowledge of a secret (such as a password or private key) without revealing the secret itself. This skill implements the Schnorr identificati", "description": "Zero-Knowledge Proofs (ZKPs) allow a prover to demonstrate knowledge of a secret (such as a password or private key) without revealing the secret itself. This skill implements the Schnorr identificati",
@@ -9434,6 +9629,24 @@
"license": "Apache-2.0", "license": "Apache-2.0",
"path": "skills/performing-firmware-malware-analysis" "path": "skills/performing-firmware-malware-analysis"
}, },
{
"name": "performing-fuzzing-with-aflplusplus",
"description": ">",
"domain": "cybersecurity",
"subdomain": "application-security",
"tags": [
"fuzzing",
"aflplusplus",
"coverage-guided",
"crash-triage",
"binary-analysis",
"security-testing"
],
"version": "1.0",
"author": "mukul975",
"license": "Apache-2.0",
"path": "skills/performing-fuzzing-with-aflplusplus"
},
{ {
"name": "performing-gcp-security-assessment-with-forseti", "name": "performing-gcp-security-assessment-with-forseti",
"description": ">", "description": ">",
@@ -10927,6 +11140,26 @@
"license": "Apache-2.0", "license": "Apache-2.0",
"path": "skills/performing-threat-hunting-with-yara-rules" "path": "skills/performing-threat-hunting-with-yara-rules"
}, },
{
"name": "performing-threat-intelligence-sharing-with-misp",
"description": "Use PyMISP to create, enrich, and share threat intelligence events on a MISP platform, including IOC management, feed integration, STIX export, and community sharing workflows.",
"domain": "cybersecurity",
"subdomain": "threat-intelligence",
"tags": [
"misp",
"pymisp",
"threat-intelligence",
"ioc-sharing",
"stix",
"taxii",
"threat-feeds",
"information-sharing"
],
"version": "1.0",
"author": "mukul975",
"license": "Apache-2.0",
"path": "skills/performing-threat-intelligence-sharing-with-misp"
},
{ {
"name": "performing-threat-landscape-assessment-for-sector", "name": "performing-threat-landscape-assessment-for-sector",
"description": "Conduct a sector-specific threat landscape assessment by analyzing threat actor targeting patterns, common attack vectors, and industry-specific vulnerabilities to inform organizational risk management.", "description": "Conduct a sector-specific threat landscape assessment by analyzing threat actor targeting patterns, common attack vectors, and industry-specific vulnerabilities to inform organizational risk management.",