extracting-browser-history-artifacts
Extract and analyze browser history, cookies, cache, downloads, and bookmarks from Chrome, Firefox, and Edge for forensic evidence of user web activity.
extracting-config-from-agent-tesla-rat
Extract embedded configuration from Agent Tesla RAT samples including SMTP/FTP/Telegram exfiltration credentials, keylogger settings, and C2 endpoints using .NET decompilation and memory analysis.
extracting-credentials-from-memory-dump
Extract cached credentials, password hashes, Kerberos tickets, and authentication tokens from memory dumps using Volatility and Mimikatz for forensic investigation.
extracting-iocs-from-malware-samples
>
extracting-memory-artifacts-with-rekall
>
extracting-windows-event-logs-artifacts
Extract, parse, and analyze Windows Event Logs (EVTX) using Chainsaw, Hayabusa, and EvtxECmd to detect lateral movement, persistence, and privilege escalation.
fasttime-mcp
Maximum velocity MCP execution via geodesic untangling. Maoist self-criticism for why slowtime was ever necessary. Topological cybernetic feedback for ongoing tour discovery.
ffmpeg-media
FFmpeg media processing. Video/audio transcoding, stream manipulation, and filter graphs.
ffmpeg
Media processing (10 man pages).
file-organizer
Intelligently organizes your files and folders across your computer by
finder-color-walk
Finder Color Walk Skill
fix-review
Review security fixes and patches for completeness and correctness.
detecting-arp-poisoning-in-network-traffic
Detect and prevent ARP spoofing attacks using ARPWatch, Dynamic ARP Inspection, Wireshark analysis, and custom monitoring scripts to protect against man-in-the-middle interception.
detecting-attacks-on-historian-servers
>
detecting-attacks-on-scada-systems
>
detecting-aws-cloudtrail-anomalies
Detect unusual API call patterns in AWS CloudTrail logs using boto3, statistical baselining, and behavioral analysis to identify credential compromise, privilege escalation, and unauthorized resource access.
detecting-aws-credential-exposure-with-trufflehog
>
detecting-aws-guardduty-findings-automation
Automate AWS GuardDuty threat detection findings processing using EventBridge and Lambda to enable real-time incident response, automatic quarantine of compromised resources, and security notification workflows.
detecting-aws-iam-privilege-escalation
Detect AWS IAM privilege escalation paths using boto3 and Cloudsplaining policy analysis to identify overly permissive policies, dangerous permission combinations, and least-privilege violations
detecting-azure-lateral-movement
Detect lateral movement in Azure AD/Entra ID environments using Microsoft Graph API audit logs, Azure Sentinel KQL hunting queries, and sign-in anomaly correlation to identify privilege escalation, token theft, and cross-tenant pivoting.
detecting-azure-service-principal-abuse
Detect and investigate Azure service principal abuse including privilege escalation, credential compromise, admin consent bypass, and unauthorized enumeration in Microsoft Entra ID environments.
detecting-azure-storage-account-misconfigurations
Audit Azure Blob and ADLS storage accounts for public access exposure, weak or long-lived SAS tokens, missing encryption at rest, disabled HTTPS-only traffic, and outdated TLS versions using the azure-mgmt-storage Python SDK.
detecting-beaconing-patterns-with-zeek
>
detecting-bluetooth-low-energy-attacks
>
detecting-broken-object-property-level-authorization
Detect and test for OWASP API3:2023 Broken Object Property Level Authorization vulnerabilities including excessive data exposure and mass assignment attacks.
detecting-business-email-compromise-with-ai
Deploy AI and NLP-powered detection systems to identify business email compromise attacks by analyzing writing style, behavioral patterns, and contextual anomalies that evade traditional rule-based filters.
detecting-business-email-compromise
Business Email Compromise (BEC) is a sophisticated fraud scheme where attackers impersonate executives, vendors, or trusted partners to trick employees into transferring funds, sharing sensitive data,
detecting-cloud-threats-with-guardduty
>
detecting-command-and-control-over-dns
>
detecting-compromised-cloud-credentials
>
detecting-container-drift-at-runtime
Detect unauthorized modifications to running containers by monitoring for binary execution drift, file system changes, and configuration deviations from the original container image.
detecting-kerberoasting-attacks
Detect Kerberoasting attacks by monitoring for anomalous Kerberos TGS requests targeting service accounts with SPNs for offline password cracking.
detecting-container-escape-attempts
Container escape is a critical attack technique where an adversary breaks out of container isolation to access the host system or other containers. Detection involves monitoring for escape indicators
detecting-container-escape-with-falco-rules
Detect container escape attempts in real-time using Falco runtime security rules that monitor syscalls, file access, and privilege escalation.
detecting-credential-dumping-techniques
Detect LSASS credential dumping, SAM database extraction, and NTDS.dit theft using Sysmon Event ID 10, Windows Security logs, and SIEM correlation rules
detecting-cryptomining-in-cloud
>
detecting-dcsync-attack-in-active-directory
Detect DCSync attacks where adversaries abuse Active Directory replication privileges to extract password hashes by monitoring for non-domain-controller accounts requesting directory replication via DsGetNCChanges.
detecting-deepfake-audio-in-vishing-attacks
>
detecting-dll-sideloading-attacks
Detect DLL side-loading attacks where adversaries place malicious DLLs alongside legitimate applications to hijack execution flow for defense evasion.
detecting-dnp3-protocol-anomalies
>
detecting-dns-exfiltration-with-dns-query-analysis
Detect data exfiltration through DNS tunneling by analyzing query entropy, subdomain length, query volume, TXT record abuse, and response payload sizes using passive DNS monitoring.
detecting-email-account-compromise
Detect compromised O365 and Google Workspace email accounts by analyzing inbox rule creation, suspicious sign-in locations, mail forwarding rules, and unusual API access patterns via Microsoft Graph and audit logs.
detecting-email-forwarding-rules-attack
Detect malicious email forwarding rules created by adversaries to maintain persistent access to email communications for intelligence collection and BEC attacks.
detecting-evasion-techniques-in-endpoint-logs
>
detecting-exfiltration-over-dns-with-zeek
Detect DNS-based data exfiltration by analyzing Zeek dns.log for high-entropy subdomains and anomalous query patterns
detecting-fileless-attacks-on-endpoints
>
detecting-api-enumeration-attacks
Detect and prevent API enumeration attacks including BOLA and IDOR exploitation by monitoring sequential identifier access patterns and authorization failures.
hunting-for-scheduled-task-persistence
Hunt for adversary persistence via Windows Scheduled Tasks by analyzing task creation events, suspicious task actions, and unusual scheduling patterns.
hunting-for-registry-run-key-persistence
Detect MITRE ATT&CK T1547.001 registry Run key persistence by analyzing Sysmon Event ID 13 logs and registry queries to identify malicious auto-start entries.
hunting-for-registry-persistence-mechanisms
Hunt for registry-based persistence mechanisms including Run keys, Winlogon modifications, IFEO injection, and COM hijacking in Windows environments.
Page 854 of 1486 · 74266 results
