by mukul975
detecting-lateral-movement-with-zeek is a Zeek-based cybersecurity skill for threat hunting and incident response. It helps detect SMB admin share access, DCE/RPC service creation, NTLM spray, Kerberos anomalies, and suspicious internal transfers using Zeek logs such as conn.log, smb_mapping.log, smb_files.log, dce_rpc.log, ntlm.log, and kerberos.log.
by mukul975
detecting-rdp-brute-force-attacks helps analyze Windows Security Event Logs for RDP brute force patterns, including repeated 4625 failures, 4624 success after failures, NLA-related logons, and source-IP concentration. Use it for Security Audit, threat hunting, and repeatable EVTX-based investigations.
by mukul975
detecting-t1003-credential-dumping-with-edr skill for threat hunting with EDR, Sysmon, and Windows event correlation to detect LSASS, SAM, NTDS.dit, LSA secrets, and cached credential dumping. Use it to validate alerts, scope incidents, and reduce false positives with practical workflow guidance.
by mukul975
detecting-container-escape-with-falco-rules helps detect container escape attempts with Falco runtime security rules. It focuses on syscall signals, privileged containers, host-path abuse, validation, and incident response workflows for Kubernetes and Linux container environments.
