by mukul975
exploiting-excessive-data-exposure-in-api helps security audit teams inspect API responses for over-shared fields, including PII, secrets, internal IDs, and debug data. It provides a focused workflow, reference patterns, and analyzer logic for comparing returned data against expected schema and roles.
by mukul975
detecting-exfiltration-over-dns-with-zeek helps detect DNS data exfiltration from Zeek dns.log by flagging high-entropy subdomains, long labels, and unusual query volume. Use this detecting-exfiltration-over-dns-with-zeek skill for threat hunting, triage, and repeatable analysis with Zeek field references and scripts.
by mukul975
analyzing-dns-logs-for-exfiltration helps SOC analysts detect DNS tunneling, DGA-like domains, TXT abuse, and covert C2 patterns from SIEM or Zeek logs. Use it for Security Audit workflows when you need entropy analysis, query-volume anomalies, and practical triage guidance.
