by mukul975
analyzing-campaign-attribution-evidence helps analysts weigh infrastructure overlap, ATT&CK consistency, malware similarity, timing, and language artifacts for defensible campaign attribution. Use this analyzing-campaign-attribution-evidence guide for CTI, incident analysis, and Security Audit reviews.
by mukul975
analyzing-azure-activity-logs-for-threats skill for querying Azure Monitor activity logs and sign-in logs to spot suspicious admin actions, impossible travel, privilege escalation, and resource tampering. Built for incident triage with KQL patterns, an execution path, and practical Azure log table guidance.
by mukul975
analyzing-apt-group-with-mitre-navigator helps analysts map APT group techniques into MITRE ATT&CK Navigator layers for detection gap analysis, threat modeling, and repeatable threat intelligence workflows. It includes practical guidance for ATT&CK data lookup, layer generation, and comparing adversary TTP coverage.
by mukul975
detecting-cloud-threats-with-guardduty guides AWS teams through enabling Amazon GuardDuty, reviewing findings, and building automated response for cloud threats across accounts and workloads. It is useful for GuardDuty install, usage, and day-two operations in Cloud Architecture.
by mukul975
detecting-aws-cloudtrail-anomalies helps analyze AWS CloudTrail activity for unusual API sources, first-time actions, high-frequency calls, and suspicious behavior tied to credential compromise or privilege escalation. Use it for structured anomaly detection with boto3, baselining, and event-field analysis.
by mukul975
The conducting-phishing-incident-response skill helps investigate suspicious emails, extract indicators, assess authentication, and recommend phishing response actions. It supports Incident Response workflows for message triage, credential-phishing cases, URL and attachment checks, and mailbox remediation. Use it when you need a structured guide instead of a generic prompt.
by mukul975
conducting-malware-incident-response helps IR teams triage suspected malware, confirm infections, scope spread, contain endpoints, and support eradication and recovery. It is designed for conducting-malware-incident-response for Incident Response workflows with evidence-backed steps, telemetry-driven decisions, and practical containment guidance.
by mukul975
The collecting-threat-intelligence-with-misp skill helps you collect, normalize, search, and export threat intelligence in MISP. Use this collecting-threat-intelligence-with-misp guide for feeds, PyMISP workflows, event filtering, warninglist reduction, and practical collecting-threat-intelligence-with-misp for Threat Modeling and CTI operations.
by mukul975
building-threat-intelligence-platform skill for designing, deploying, and reviewing a threat intelligence platform with MISP, OpenCTI, TheHive, Cortex, STIX/TAXII, and Elasticsearch. Use it for installation guidance, usage workflows, and Security Audit planning backed by repository references and scripts.
by mukul975
automating-ioc-enrichment helps automate IOC enrichment with VirusTotal, AbuseIPDB, Shodan, and STIX 2.1 for SOAR playbooks, Python pipelines, and Workflow Automation. Use this automating-ioc-enrichment skill to standardize analyst-ready context, reduce triage time, and shape repeatable enrichment outputs.
by mukul975
Analyzing-threat-intelligence-feeds helps you ingest CTI feeds, normalize indicators, assess feed quality, and enrich IOCs for STIX 2.1 workflows. This analyzing-threat-intelligence-feeds skill is built for threat intel operations and Data Analysis, with practical guidance for TAXII, MISP, and commercial feeds.
by mukul975
The analyzing-persistence-mechanisms-in-linux skill helps investigate Linux persistence after compromise, including crontab jobs, systemd units, LD_PRELOAD abuse, shell profile changes, and SSH authorized_keys backdoors. It is designed for incident response, threat hunting, and security audit workflows with auditd and file-integrity checks.
