Phishing

The detecting-business-email-compromise skill helps analysts, SOC teams, and incident responders identify BEC attempts using email-header checks, social-engineering clues, detection logic, and response-oriented workflows. Use it as a practical detecting-business-email-compromise guide for triage, validation, and containment.

The building-phishing-reporting-button-workflow skill helps you design a phishing report button workflow that preserves the original email, extracts IOCs, classifies reports, and routes triage and feedback for Microsoft 365 or similar email security setups.

analyzing-macro-malware-in-office-documents helps malware analysts inspect malicious VBA in Word, Excel, and PowerPoint files, decode obfuscation, and extract IOCs, execution paths, and payload staging logic for phishing triage, incident response, and document malware analysis.

Detect business email compromise with AI using NLP, stylometry, behavioral signals, and relationship context. This detecting-business-email-compromise-with-ai skill helps SOC, fraud, and Security Audit teams score suspicious emails, explain risk signals, and decide whether to quarantine, warn, or escalate.

The conducting-phishing-incident-response skill helps investigate suspicious emails, extract indicators, assess authentication, and recommend phishing response actions. It supports Incident Response workflows for message triage, credential-phishing cases, URL and attachment checks, and mailbox remediation. Use it when you need a structured guide instead of a generic prompt.

The analyzing-tls-certificate-transparency-logs skill helps security teams query Certificate Transparency data with crt.sh, pycrtsh, and related feeds to find suspicious TLS certificates, lookalike domains, typosquatting, and unauthorized issuance. It supports threat hunting, brand protection, and certificate monitoring with a practical workflow and similarity checks.

analyzing-malicious-url-with-urlscan helps analysts triage suspicious links with URLScan.io, inspect redirects, screenshots, DOM content, and network calls, and turn results into IOCs and a clear security decision. Use this guide for phishing response, URL analysis, and Security Audit workflows.

Analyzing-indicators-of-compromise helps triage IOCs such as IPs, domains, URLs, file hashes, and email artifacts. It supports threat-intelligence workflows for enrichment, confidence scoring, and block/monitor/whitelist decisions using source-backed checks and clear analyst context.