Dns

detecting-shadow-it-cloud-usage helps identify unauthorized SaaS and cloud usage from proxy logs, DNS queries, and netflow. It classifies domains, compares them with approved lists, and supports security audit workflows with structured evidence from the detecting-shadow-it-cloud-usage skill guide.

detecting-exfiltration-over-dns-with-zeek helps detect DNS data exfiltration from Zeek dns.log by flagging high-entropy subdomains, long labels, and unusual query volume. Use this detecting-exfiltration-over-dns-with-zeek skill for threat hunting, triage, and repeatable analysis with Zeek field references and scripts.

detecting-command-and-control-over-dns is a cybersecurity skill for spotting C2 over DNS, including tunneling, beaconing, DGA domains, and TXT/CNAME abuse. It supports SOC analysts, threat hunters, and security audits with entropy checks, passive DNS correlation, and Zeek or Suricata-style detection workflows.

conducting-external-reconnaissance-with-osint skill for passive external footprinting, attack surface mapping, and Security Audit prep using public sources like DNS, crt.sh, Shodan, GitHub, and leak data. Built for authorized reconnaissance with clear scope control, source separation, and practical findings.

analyzing-network-traffic-of-malware helps inspect PCAPs and telemetry from sandbox runs or incident response to find C2, exfiltration, payload downloads, DNS tunneling, and detection ideas. It is a practical analyzing-network-traffic-of-malware guide for Security Audit and malware triage.

analyzing-dns-logs-for-exfiltration helps SOC analysts detect DNS tunneling, DGA-like domains, TXT abuse, and covert C2 patterns from SIEM or Zeek logs. Use it for Security Audit workflows when you need entropy analysis, query-volume anomalies, and practical triage guidance.