mirror of https://github.com/mukul975/Anthropic-Cybersecurity-Skills.git synced 2026-06-11 05:34:55 +03:00

Files

T

mukul975 c21af3347e Complete folder anatomy for all 649 cybersecurity skills + update LICENSE to Mahipal

- Add scripts/agent.py and references/api-reference.md to all remaining skills
- Update all 648 LICENSE files: copyright now reads 'Mahipal'
- Add implementing-security-monitoring-with-datadog (new skill with full anatomy)
- All 649 skills now have: SKILL.md, LICENSE, scripts/agent.py, references/api-reference.md

2026-03-11 00:22:12 +01:00

1.4 KiB

Raw Blame History

PowerShell Deobfuscation — API Reference

Libraries

Library	Install	Purpose
re	stdlib	Regex pattern matching for obfuscation detection
base64	stdlib	Base64 decoding of encoded commands
pySigma	`pip install pySigma`	Sigma rule generation for detections

Common Obfuscation Techniques

Technique	Pattern	Example
Base64 Encoding	`-EncodedCommand <b64>`	`powershell -enc SQBFAFgA...`
String Concatenation	`'str1'+'str2'`	`'Inv'+'oke'+'-Exp'+'ression'`
Character Codes	`[char]73+[char]69`	`[char]73` = I, `[char]69` = E
Backtick Escape	`I`E`X	Backtick breaks keyword detection
Variable Substitution	`$env:COMSPEC`	Use env vars as execution paths
Compression	`IO.Compression.DeflateStream`	Compressed + Base64 payload

Detection Event IDs

Source	Event ID	Description
PowerShell	4104	Script block logging (deobfuscated content)
Sysmon	1	Process creation with command line
Defender	1116	Malware detection

1.4 KiB Raw Blame History

PowerShell Deobfuscation — API Reference

Libraries

Common Obfuscation Techniques

Detection Event IDs

External References

1.4 KiB

Raw Blame History