hunting-for-dns-tunneling-with-zeek
Detect DNS tunneling and data exfiltration by analyzing Zeek dns.log for high-entropy subdomain queries, excessive query volume, long query lengths, and unusual DNS record types indicating covert channel communication.
hunting-for-dns-based-persistence
Hunt for DNS-based persistence mechanisms including DNS hijacking, dangling CNAME records, wildcard DNS abuse, and unauthorized zone modifications using passive DNS databases, SecurityTrails API, and DNS audit log analysis.
hunting-for-defense-evasion-via-timestomping
>
hunting-for-dcsync-attacks
Detect DCSync attacks by analyzing Windows Event ID 4662 for unauthorized DS-Replication-Get-Changes requests from non-domain-controller accounts.
hunting-for-dcom-lateral-movement
>
hunting-for-data-staging-before-exfiltration
Detect data staging activity before exfiltration by monitoring for archive creation with 7-Zip/RAR, unusual temp folder access, large file consolidation, and staging directory patterns via EDR and process telemetry
hunting-for-data-exfiltration-indicators
Hunt for data exfiltration through network traffic analysis, detecting unusual data flows, DNS tunneling, cloud storage uploads, and encrypted channel abuse.
hunting-for-command-and-control-beaconing
Detect C2 beaconing patterns in network traffic using frequency analysis, jitter detection, and domain reputation to identify compromised endpoints communicating with adversary infrastructure.
hunting-for-cobalt-strike-beacons
Detect Cobalt Strike beacon network activity using default TLS certificate signatures (serial 8BB00EE), JA3/JA3S/JARM fingerprints, HTTP C2 profile pattern matching, beacon jitter analysis, and named pipe detection via Zeek, Suricata, and Python PCAP analysis.
hunting-for-beaconing-with-frequency-analysis
Identify command-and-control beaconing patterns in network traffic by applying statistical frequency analysis, jitter calculation, and coefficient of variation scoring to detect periodic callbacks from compromised endpoints.
hunting-for-anomalous-powershell-execution
>
hunting-credential-stuffing-attacks
>
hunting-advanced-persistent-threats
>
hopf
Bifurcation creating limit cycle from equilibrium
hoot
Scheme→WebAssembly compiler (4K lines info).
homoiconic-rewriting
Unified homoiconic graph rewriting - λ-calculus, interaction nets, ACSets, CUDA parallelism
holes
Narya interactive proof development with typed holes
hatchery-index
Index of 1057 hatchery repos with GAY.md color assignments. Maps plurigrid/bmorphism/TeglonLabs ecosystem to skills.
haskell-diagrams
haskell-diagrams - Declarative Vector Graphics with Diagrams DSL
fix-review
Review security fixes and patches for completeness and correctness.
finder-color-walk
Finder Color Walk Skill
file-organizer
Intelligently organizes your files and folders across your computer by
ffmpeg
Media processing (10 man pages).
ffmpeg-media
FFmpeg media processing. Video/audio transcoding, stream manipulation, and filter graphs.
fasttime-mcp
Maximum velocity MCP execution via geodesic untangling. Maoist self-criticism for why slowtime was ever necessary. Topological cybernetic feedback for ongoing tour discovery.
extracting-windows-event-logs-artifacts
Extract, parse, and analyze Windows Event Logs (EVTX) using Chainsaw, Hayabusa, and EvtxECmd to detect lateral movement, persistence, and privilege escalation.
extracting-memory-artifacts-with-rekall
>
extracting-iocs-from-malware-samples
>
extracting-credentials-from-memory-dump
Extract cached credentials, password hashes, Kerberos tickets, and authentication tokens from memory dumps using Volatility and Mimikatz for forensic investigation.
extracting-config-from-agent-tesla-rat
Extract embedded configuration from Agent Tesla RAT samples including SMTP/FTP/Telegram exfiltration credentials, keylogger settings, and C2 endpoints using .NET decompilation and memory analysis.
extracting-browser-history-artifacts
Extract and analyze browser history, cookies, cache, downloads, and bookmarks from Chrome, Firefox, and Edge for forensic evidence of user web activity.
exploiting-zerologon-vulnerability-cve-2020-1472
Exploit the Zerologon vulnerability (CVE-2020-1472) in the Netlogon Remote Protocol to achieve domain controller compromise by resetting the machine account password to empty.
exploiting-websocket-vulnerabilities
Testing WebSocket implementations for authentication bypass, cross-site hijacking, injection attacks, and insecure message handling during authorized security assessments.
exploiting-vulnerabilities-with-metasploit-framework
The Metasploit Framework is the world's most widely used penetration testing platform, maintained by Rapid7. It contains over 2,300 exploits, 1,200 auxiliary modules, and 400 post-exploitation modules
detecting-lateral-movement-in-network
>
conducting-api-security-testing
>
conducting-cloud-penetration-testing
>
conducting-domain-persistence-with-dcsync
Perform DCSync attacks to replicate Active Directory credentials and establish domain persistence by extracting KRBTGT, Domain Admin, and service account hashes for Golden Ticket creation.
conducting-external-reconnaissance-with-osint
>
conducting-full-scope-red-team-engagement
Plan and execute a comprehensive red team engagement covering reconnaissance through post-exploitation using MITRE ATT&CK-aligned TTPs to evaluate an organization's detection and response capabilities.
conducting-internal-network-penetration-test
Execute an internal network penetration test simulating an insider threat or post-breach attacker to identify lateral movement paths, privilege escalation vectors, and sensitive data exposure within the corporate network.
conducting-internal-reconnaissance-with-bloodhound-ce
Conduct internal Active Directory reconnaissance using BloodHound Community Edition to map attack paths, identify privilege escalation chains, and discover misconfigurations in domain environments.
conducting-malware-incident-response
>
conducting-man-in-the-middle-attack-simulation
>
conducting-memory-forensics-with-volatility
>
conducting-mobile-app-penetration-test
>
conducting-network-penetration-test
>
conducting-pass-the-ticket-attack
Pass-the-Ticket (PtT) is a lateral movement technique that uses stolen Kerberos tickets (TGT or TGS) to authenticate to services without knowing the user's password. By extracting Kerberos tickets fro
conducting-phishing-incident-response
>
conducting-post-incident-lessons-learned
Facilitate structured post-incident reviews to identify root causes, document what worked and failed, and produce actionable recommendations to improve future incident response.
Page 856 of 1486 · 74266 results
