by mukul975
detecting-t1003-credential-dumping-with-edr skill for threat hunting with EDR, Sysmon, and Windows event correlation to detect LSASS, SAM, NTDS.dit, LSA secrets, and cached credential dumping. Use it to validate alerts, scope incidents, and reduce false positives with practical workflow guidance.
by mukul975
detecting-dcsync-attack-in-active-directory is a threat-hunting skill for spotting DCSync abuse in Active Directory by correlating 4662 events, replication GUIDs, and legitimate DC accounts. Use it to confirm, triage, and document credential-theft activity with Splunk, KQL, and parsing scripts.
by mukul975
extracting-config-from-agent-tesla-rat skill for Malware Analysis: extract Agent Tesla .NET config, SMTP/FTP/Telegram credentials, keylogger settings, and C2 endpoints with repeatable workflow guidance.
