Modbus

detecting-modbus-protocol-anomalies helps detect suspicious Modbus/TCP and Modbus RTU behavior in OT and ICS networks, including invalid function codes, out-of-range register access, abnormal polling timing, unauthorized writes, and malformed frames. Useful for a Security Audit and evidence-based triage.

detecting-modbus-command-injection-attacks helps security analysts spot suspicious Modbus TCP/RTU write activity, anomalous function codes, malformed frames, and baseline deviations in ICS and SCADA environments. Use it for incident triage, OT monitoring, and a Security Audit when you need Modbus-aware detection guidance, not a generic anomaly prompt.

The detecting-stuxnet-style-attacks skill helps defenders detect Stuxnet-like OT and ICS intrusion patterns, including PLC logic tampering, spoofed sensor data, engineering workstation compromise, and IT-to-OT lateral movement. Use it for threat hunting, incident triage, and process-integrity monitoring with protocol, host, and process evidence.