detecting-oauth-token-theft
>
detecting-pass-the-hash-attacks
Detect Pass-the-Hash attacks by analyzing NTLM authentication patterns, identifying Type 3 logons with NTLM where Kerberos is expected, and correlating with credential dumping.
detecting-pass-the-ticket-attacks
Detect Kerberos Pass-the-Ticket (PtT) attacks by analyzing Windows Event IDs 4768, 4769, and 4771 for anomalous ticket usage patterns in Splunk and Elastic SIEM
detecting-port-scanning-with-fail2ban
>
detecting-privilege-escalation-attempts
Detect privilege escalation attempts including token manipulation, UAC bypass, unquoted service paths, kernel exploits, and sudo/doas abuse across Windows and Linux.
detecting-privilege-escalation-in-kubernetes-pods
Detect and prevent privilege escalation in Kubernetes pods by monitoring security contexts, capabilities, and syscall patterns with Falco and OPA policies.
detecting-process-injection-techniques
>
detecting-qr-code-phishing-with-email-security
Detect and prevent QR code phishing (quishing) attacks that bypass traditional email security by embedding malicious URLs in QR code images within emails.
detecting-rdp-brute-force-attacks
Detect RDP brute force attacks by analyzing Windows Security Event Logs for failed authentication patterns (Event ID 4625), successful logons after failures (Event ID 4624), NLA failures, and source IP frequency analysis.
detecting-rootkit-activity
>
detecting-s3-data-exfiltration-attempts
>
detecting-serverless-function-injection
>
detecting-service-account-abuse
Detect abuse of service accounts through anomalous interactive logons, privilege escalation, lateral movement, and unauthorized access patterns.
detecting-shadow-api-endpoints
Discover and inventory shadow API endpoints that operate outside documented specifications using traffic analysis, code scanning, and API discovery platforms.
detecting-shadow-it-cloud-usage
Detect unauthorized SaaS and cloud service usage (shadow IT) by analyzing proxy logs, DNS query logs, and netflow data using Python pandas for traffic pattern analysis and domain classification.
detecting-spearphishing-with-email-gateway
Spearphishing targets specific individuals using personalized, researched content that bypasses generic spam filters. Email security gateways (SEGs) like Microsoft Defender for Office 365, Proofpoint,
detecting-sql-injection-via-waf-logs
>-
detecting-stuxnet-style-attacks
>
detecting-supply-chain-attacks-in-ci-cd
>
detecting-suspicious-oauth-application-consent
Detect risky OAuth application consent grants in Azure AD / Microsoft Entra ID using Microsoft Graph API, audit logs, and permission analysis to identify illicit consent grant attacks.
detecting-suspicious-powershell-execution
Detect suspicious PowerShell execution patterns including encoded commands, download cradles, AMSI bypass attempts, and constrained language mode evasion.
detecting-t1003-credential-dumping-with-edr
Detect OS credential dumping techniques targeting LSASS memory, SAM database, NTDS.dit, and cached credentials using EDR telemetry, Sysmon process access monitoring, and Windows security event correlation.
detecting-t1055-process-injection-with-sysmon
Detect process injection techniques (T1055) including classic DLL injection, process hollowing, and APC injection by analyzing Sysmon events for cross-process memory operations, remote thread creation, and anomalous DLL loading patterns.
detecting-t1548-abuse-elevation-control-mechanism
Detect abuse of elevation control mechanisms including UAC bypass, sudo exploitation, and setuid/setgid manipulation by monitoring registry modifications, process elevation flags, and unusual parent-child process relationships.
detecting-typosquatting-packages-in-npm-pypi
>
detecting-wmi-persistence
Detect WMI event subscription persistence by analyzing Sysmon Event IDs 19, 20, and 21 for malicious EventFilter, EventConsumer, and FilterToConsumerBinding creation.
developer-growth-analysis
Analyzes your recent Claude Code chat history to identify coding patterns,
differential-review
Security-focused code review of diffs and pull requests using Trail of Bits expertise.
flix-datalog
Flix-based Datalog reasoning with lattice semantics and GF(3) coloring. Use for declarative rule-based routing, lattice fixed-point computation, and skill composition with derangement properties.
flow
One-parameter group of diffeomorphisms generated by vector field
flowglad-integration
Zero-webhook billing for AI agents
flox-mcp
MCP server wrapper for flox CLI operations - environment management via JSON-RPC
flox
Reproducible development environments powered by Nix.
fnox-secrets
fnox Secrets Management Skill
fokker-planck-analyzer
Layer 5: Convergence to Equilibrium Analysis
forester
Jon Sterling's forester tool for tending mathematical forests — syntax, escaping, verbatim, tree files, skill2tree conversion
fp-check
Systematically verifies suspected security bugs to eliminate false positives. Produces TRUE POSITIVE or FALSE POSITIVE verdicts with documented evidence for each bug.
frustration-eradication
Frustration Eradication Skill
fswatch-duckdb
FileSystemWatcher over /tmp with DuckDB/DuckLake persistence. Auto-starts on Amp sessions for resilient file monitoring with temporal queries.
fuzzing-dictionary
Building effective fuzzing dictionaries for improved fuzzer performance.
fuzzing-obstacles
Overcoming fuzzing obstacles and improving fuzzer effectiveness.
gap-language
GAP (Groups, Algorithms, Programming) system integration for computational discrete algebra. Generates group-theoretic structures, character tables, and algebraic objects for the Plurigrid ecosystem.
gay-fokker-planck-staging
Two Fokker-Plancks per staging gate, conditioned on (rama OR goblins)
gay-integration
Gay.jl integration for bisimulation games with proper hue-based trit derivation and GF(3) conservation
gay-julia
Wide-gamut color sampling with splittable determinism using Pigeons.jl
gay-monte-carlo
Gay Monte Carlo Measurements
generating-threat-intelligence-reports
>
geodesic-manifold
Geodesic Manifold Skill
geohash-coloring
Geohash Coloring Skill
gestalt-hacking
Gestalt Hacking Skill (ERGODIC 0)
Page 852 of 1486 · 74266 results
