Search Skills
Search across 54932 indexed skills
implementing-secret-scanning-with-gitleaks
When developers may accidentally commit API keys, passwords, tokens, or private keys to repositories When establishing pre-commit gates that prevent s...
analyzing-cyber-kill-chain
Use this skill when: Conducting post-incident analysis to determine how far an adversary progressed through an attack sequence Designing layered defen...
hunting-for-living-off-the-land-binaries
When investigating fileless malware campaigns that bypass traditional AV During proactive threat hunts targeting defense evasion techniques When EDR a...
auditing-cloud-with-cis-benchmarks
When performing initial security audits of cloud environments against industry-standard benchmarks When preparing for SOC 2, ISO 27001, or regulatory ...
performing-network-traffic-analysis-with-tshark
This skill automates packet capture analysis using tshark (Wireshark CLI) and pyshark (Python wrapper). It extracts protocol distribution statistics, ...
analyzing-windows-amcache-artifacts
Determining which programs have existed or executed on a Windows system during incident response Correlating SHA-1 hashes from Amcache against known m...
analyzing-windows-prefetch-with-python
Windows Prefetch files (.pf) record application execution data including executable names, run counts, timestamps, loaded DLLs, and accessed directori...
auditing-azure-active-directory-configuration
When performing a security assessment of an Azure tenant's identity configuration When compliance audits require review of authentication policies, MF...
analyzing-powershell-script-block-logging
When investigating security incidents that require analyzing powershell script block logging When building detection rules or threat hunting queries f...
analyzing-ransomware-leak-site-intelligence
Ransomware groups operating under double-extortion models maintain data leak sites (DLS) on Tor hidden services where they post victim names, stolen d...
analyzing-ransomware-network-indicators
Before and during ransomware execution, adversaries establish C2 channels, exfiltrate data, and download encryption keys. This skill analyzes Zeek con...
analyzing-network-traffic-for-incidents
SIEM alerts on anomalous network traffic patterns requiring deeper investigation C2 beaconing is suspected and needs confirmation through packet-level...