Scada

detecting-modbus-protocol-anomalies helps detect suspicious Modbus/TCP and Modbus RTU behavior in OT and ICS networks, including invalid function codes, out-of-range register access, abnormal polling timing, unauthorized writes, and malformed frames. Useful for a Security Audit and evidence-based triage.

detecting-modbus-command-injection-attacks helps security analysts spot suspicious Modbus TCP/RTU write activity, anomalous function codes, malformed frames, and baseline deviations in ICS and SCADA environments. Use it for incident triage, OT monitoring, and a Security Audit when you need Modbus-aware detection guidance, not a generic anomaly prompt.

The detecting-stuxnet-style-attacks skill helps defenders detect Stuxnet-like OT and ICS intrusion patterns, including PLC logic tampering, spoofed sensor data, engineering workstation compromise, and IT-to-OT lateral movement. Use it for threat hunting, incident triage, and process-integrity monitoring with protocol, host, and process evidence.

detecting-dnp3-protocol-anomalies helps analyze DNP3 traffic in SCADA environments to flag unauthorized control commands, protocol violations, restart attempts, and deviations from baseline behavior. Use this detecting-dnp3-protocol-anomalies skill for Security Audit, IDS tuning, and reviewing Zeek logs or packet captures.

detecting-attacks-on-scada-systems is a cybersecurity skill for spotting attacks on SCADA and OT/ICS environments. It helps analyze industrial protocol abuse, unauthorized PLC commands, HMI compromise, historian tampering, and denial-of-service, with practical guidance for incident response and detection validation.