GitHub
Skills harvested from GitHub repositories
14810 skills availableanalyzing-malware-sandbox-evasion-techniques
Sandbox evasion (MITRE ATT&CK T1497) allows malware to detect analysis environments and alter behavior to avoid detectio...
analyzing-malware-behavior-with-cuckoo-sandbox
A suspicious sample passed static analysis triage and requires behavioral observation in a controlled environment You ne...
analyzing-malicious-url-with-urlscan
URLScan.io is a free service for scanning and analyzing suspicious URLs. It captures screenshots, DOM content, HTTP tran...
analyzing-lnk-file-and-jump-list-artifacts
Windows LNK (shortcut) files and Jump Lists are critical forensic artifacts that provide evidence of file access, progra...
analyzing-linux-kernel-rootkits
Linux kernel rootkits operate at ring 0, modifying kernel data structures to hide processes, files, network connections,...
analyzing-linux-elf-malware
A Linux server or container has been compromised and suspicious ELF binaries are found Analyzing Linux botnets (Mirai, G...
analyzing-linux-audit-logs-for-intrusion
Investigating suspected unauthorized access or privilege escalation on Linux hosts Hunting for evidence of exploitation,...
analyzing-ios-app-security-with-objection
Use this skill when: Performing runtime security assessment of iOS applications during authorized penetration tests Insp...
analyzing-ethereum-smart-contract-vulnerabilities
Smart contract vulnerabilities have led to billions of dollars in losses across DeFi protocols. Unlike traditional softw...
analyzing-email-headers-for-phishing-investigation
When investigating a suspected phishing email to determine its true origin For verifying sender authenticity and detecti...
analyzing-dns-logs-for-exfiltration
Use this skill when: SOC teams suspect data exfiltration through DNS tunneling to bypass firewall/proxy controls Threat ...
analyzing-disk-image-with-autopsy
When you have a forensic disk image and need structured analysis of its contents During investigations requiring file re...
analyzing-cobalt-strike-beacon-configuration
Cobalt Strike is a commercial adversary simulation tool widely abused by threat actors for post-exploitation operations....
analyzing-cloud-storage-access-patterns
When investigating security incidents that require analyzing cloud storage access patterns When building detection rules...
analyzing-campaign-attribution-evidence
Campaign attribution analysis involves systematically evaluating evidence to determine which threat actor or group is re...
analyzing-bootkit-and-rootkit-samples
A system shows signs of compromise that persist through OS reinstallation Antivirus and EDR are unable to detect malware...
analyzing-apt-group-with-mitre-navigator
MITRE ATT&CK Navigator is a web-based tool for annotating and exploring ATT&CK matrices, enabling analysts to visualize ...
analyzing-api-gateway-access-logs
When investigating security incidents that require analyzing api gateway access logs When building detection rules or th...
analyzing-android-malware-with-apktool
Android malware distributed as APK files can be statically analyzed to extract permissions, activities, services, broadc...
hunting-for-data-exfiltration-indicators
When hunting for data theft in compromised environments After detecting unusual outbound data volumes or patterns When i...
conducting-external-reconnaissance-with-osint
Performing the initial reconnaissance phase of a penetration test to gather intelligence before active scanning Mapping ...
building-role-mining-for-rbac-optimization
Role mining is the process of analyzing existing user-permission assignments to discover optimal roles for a Role-Based ...
implementing-cloud-waf-rules
When deploying new web applications or APIs behind cloud load balancers requiring OWASP protection When application pene...
building-phishing-reporting-button-workflow
A phishing reporting button empowers users to flag suspicious emails directly from their email client, creating a critic...