creator/Anthropic-Cybersecurity-Skills
1
0
Fork 0
mirror of https://github.com/mukul975/Anthropic-Cybersecurity-Skills.git synced 2026-06-14 23:14:55 +03:00
Code Issues Packages Projects Releases Wiki Activity
Files
d5f3fa32486ea335db802d68fe2147fa2da69583
Anthropic-Cybersecurity-Skills/skills/tracking-threat-actor-infrastructure/references/workflows.md
T

51 lines
2.4 KiB
Markdown
Raw Blame History

# Infrastructure Tracking Workflows
## Workflow 1: IP-Centric Pivoting
```
[Known C2 IP] --> [Shodan/Censys] --> [Service Fingerprints]
| |
v v
[Passive DNS] --> [Associated Domains] --> [WHOIS Analysis] --> [Registrant Pivot]
| |
v v
[SSL Certs] --> [Subject Alt Names] --> [New Domains] --> [Additional IPs]
```
## Workflow 2: Domain-Centric Pivoting
```
[Known C2 Domain] --> [DNS History] --> [Historical IPs] --> [Co-hosted Domains]
| |
v v
[CT Logs] --> [Subdomains] --> [Infrastructure Map] --> [Shared Hosting Analysis]
|
v
[WHOIS] --> [Registrant/Email] --> [Other Registered Domains]
```
## Workflow 3: C2 Framework Hunting
```
[C2 Signature] --> [Shodan Search] --> [Candidate Servers] --> [Validation]
|
v
[JARM Fingerprint]
|
v
[Confirm C2 Type]
|
v
[Track Over Time]
```
## Workflow 4: Continuous Monitoring
```
[Watchlist IPs/Domains] --> [Scheduled Scans] --> [Change Detection] --> [Alerts]
|
+--------+--------+
| | |
v v v
[New Port] [DNS Change] [New Cert]
| | |
v v v
[Investigate] [Update TI] [Share]
```
Reference in New Issue View Git Blame Copy Permalink