Search Skills
Search across 54932 indexed skills
analyzing-network-traffic-of-malware
Sandbox execution has captured a PCAP file and the network behavior needs detailed analysis Identifying the C2 protocol structure for writing network ...
analyzing-ransomware-payment-wallets
An organization has been hit by ransomware and the ransom note contains a Bitcoin or cryptocurrency wallet address that needs investigation Law enforc...
analyzing-threat-intelligence-feeds
Use this skill when: Ingesting new commercial or OSINT threat feeds and assessing their signal-to-noise ratio Normalizing heterogeneous IOC formats (S...
analyzing-typosquatting-domains-with-dnstwist
DNSTwist is a domain name permutation engine that generates similar-looking domain names to detect typosquatting, homograph phishing attacks, and bran...
analyzing-uefi-bootkit-persistence
A compromised system re-establishes C2 communication after OS reinstallation or disk replacement Secure Boot has been tampered with, disabled, or show...
analyzing-usb-device-connection-history
When investigating potential data exfiltration via removable storage devices During insider threat investigations to track USB device usage For compli...
analyzing-memory-forensics-with-lime-and-volatility
When investigating security incidents that require analyzing memory forensics with lime and volatility When building detection rules or threat hunting...
analyzing-network-covert-channels-in-malware
Malware uses covert channels to disguise C2 communication and data exfiltration within legitimate-looking network traffic. DNS tunneling encodes data ...
analyzing-network-flow-data-with-netflow
When investigating security incidents that require analyzing network flow data with netflow When building detection rules or threat hunting queries fo...
analyzing-network-packets-with-scapy
Scapy is a Python packet manipulation library that enables crafting, sending, sniffing, and dissecting network packets at granular protocol layers. Th...
analyzing-malicious-url-with-urlscan
URLScan.io is a free service for scanning and analyzing suspicious URLs. It captures screenshots, DOM content, HTTP transactions, JavaScript behavior,...
analyzing-malware-behavior-with-cuckoo-sandbox
A suspicious sample passed static analysis triage and requires behavioral observation in a controlled environment You need to capture network traffic,...