detecting-qr-code-phishing-with-email-security
Detect and prevent QR code phishing (quishing) attacks that bypass traditional email security by embedding malicious URLs in QR code images within emails.
detecting-rdp-brute-force-attacks
Detect RDP brute force attacks by analyzing Windows Security Event Logs for failed authentication patterns (Event ID 4625), successful logons after failures (Event ID 4624), NLA failures, and source IP frequency analysis.
detecting-rootkit-activity
>
detecting-s3-data-exfiltration-attempts
>
detecting-serverless-function-injection
>
detecting-service-account-abuse
Detect abuse of service accounts through anomalous interactive logons, privilege escalation, lateral movement, and unauthorized access patterns.
detecting-shadow-api-endpoints
Discover and inventory shadow API endpoints that operate outside documented specifications using traffic analysis, code scanning, and API discovery platforms.
detecting-shadow-it-cloud-usage
Detect unauthorized SaaS and cloud service usage (shadow IT) by analyzing proxy logs, DNS query logs, and netflow data using Python pandas for traffic pattern analysis and domain classification.
detecting-spearphishing-with-email-gateway
Spearphishing targets specific individuals using personalized, researched content that bypasses generic spam filters. Email security gateways (SEGs) like Microsoft Defender for Office 365, Proofpoint,
detecting-sql-injection-via-waf-logs
>-
detecting-stuxnet-style-attacks
>
detecting-supply-chain-attacks-in-ci-cd
>
detecting-suspicious-oauth-application-consent
Detect risky OAuth application consent grants in Azure AD / Microsoft Entra ID using Microsoft Graph API, audit logs, and permission analysis to identify illicit consent grant attacks.
detecting-suspicious-powershell-execution
Detect suspicious PowerShell execution patterns including encoded commands, download cradles, AMSI bypass attempts, and constrained language mode evasion.
detecting-t1003-credential-dumping-with-edr
Detect OS credential dumping techniques targeting LSASS memory, SAM database, NTDS.dit, and cached credentials using EDR telemetry, Sysmon process access monitoring, and Windows security event correlation.
detecting-t1055-process-injection-with-sysmon
Detect process injection techniques (T1055) including classic DLL injection, process hollowing, and APC injection by analyzing Sysmon events for cross-process memory operations, remote thread creation, and anomalous DLL loading patterns.
detecting-t1548-abuse-elevation-control-mechanism
Detect abuse of elevation control mechanisms including UAC bypass, sudo exploitation, and setuid/setgid manipulation by monitoring registry modifications, process elevation flags, and unusual parent-child process relationships.
detecting-typosquatting-packages-in-npm-pypi
>
detecting-wmi-persistence
Detect WMI event subscription persistence by analyzing Sysmon Event IDs 19, 20, and 21 for malicious EventFilter, EventConsumer, and FilterToConsumerBinding creation.
developer-growth-analysis
Analyzes your recent Claude Code chat history to identify coding patterns,
differential-review
Security-focused code review of diffs and pull requests using Trail of Bits expertise.
dimensional-analysis
Annotates codebases with dimensional analysis comments documenting units, dimensions, and decimal scaling. Use when someone asks to annotate units in a codebase, perform a dimensional analysis, or find vulnerabilities in a DeFi protocol, offchain code, or other blockchain-related codebase with arithmetic. Prevents dimensional mismatches and catches formula bugs early.
discopy-operads
DiscoPy Operads Skill
discopy
DisCoPy: Python library for computing with string diagrams - monoidal
discrete-backprop
Gradient-free optimization via discrete perturbations and trit-based learning
doc-coauthoring
Guide users through a structured workflow for co-authoring documentation.
docs-acset
Google Docs/Sheets management via ACSet condensation. Transforms documents into GF(3)-typed Interactions, tracks comments/cells, detects saturation when all comments resolved. Use for document workflows, spreadsheet automation, or applying ANIMA principles to Workspace documents.
docx
Comprehensive document creation, editing, and analysis with support for
domain-name-brainstormer
Generates creative domain name ideas for your project and checks availability
drive-acset
Google Drive management via DriveACSet schema with GF(3) triadic routing. Transforms files/folders into typed Interactions, routes to queue fibers, detects saturation for organized-drive-as-condensed-state.
duck-agent
DuckDB file discovery agent with verified absolute paths
duckdb-ies
Layer 4: IES Interactome Analytics with GF(3) Momentum Tracking
duckdb-quadruple-interleave
Chaotic interleaving across local DuckDB databases modeled as coupled quadruple pendula. Random walks both BETWEEN databases and WITHIN tables for context injection.
duckdb-spatial
DuckDB Spatial Skill
duckdb-timetravel
Layer 3: Temporal Versioning and ACSet Schema Generation for DuckDB
ducklake-walk
Ergodic random walks over DuckLake lakehouses with GF(3) triadic concurrent walkers. Society-of-mind coordination for schema exploration.
dune-analytics
Query Dune Analytics API for blockchain data, pyUSD flows, stablecoin metrics, and on-chain analytics. Use when analyzing DeFi protocols, token flows, or building dashboards.
dwarf-expert
Provides expertise for analyzing DWARF debug files and understanding the DWARF debug format/standard (v3-v5). Triggers when understanding DWARF information, interacting with DWARF files, answering DWARF-related questions, or working with code that parses DWARF data.
dynamic-sufficiency-goblin
Self-regulating Goblins actor implementing Ivan Illich's dynamic sufficiency
dynamic-sufficiency
Causal state gating via ε-machine. Coworld observer that prevents action
dynamical-system-functor
Categorical structure of dynamical systems
effective-topos
FloxHub publication `bmorphism/effective-topos` - a comprehensive development
eigenvalue-stability
Stability classification via Jacobian eigenvalues
elisp
Emacs Lisp reference (106K lines info).
emacs-color-chain
Control Emacs via deterministic Gay-MCP color chains — seed-derived palettes drive buffer themes, mode-line, org headers, and window focus
emacs-info
Emacs Info documentation system. Navigate and query Info manuals for Emacs, Elisp, and GNU tools.
emacs
Emacs ecosystem = elisp + org + gnus + tramp + eglot.
entropy-sim2real
Entropy-driven sim2real transfer. Uses maximum entropy RL, domain randomization, and information-theoretic bridging to close the reality gap.
entry-point-analyzer
Analyzes smart contract codebases to identify state-changing entry points for security auditing. Detects externally callable functions that modify state, categorizes them by access level (public, admin, role-restricted, contract-only), and generates structured audit reports. Excludes view/pure/read-only functions. Use when auditing smart contracts (Solidity, Vyper, Solana/Rust, Move, TON, CosmWasm) or when asked to find entry points, audit flows, external functions, access control patterns, or privileged operations.
enzyme-autodiff
Enzyme.jl Automatic Differentiation Skill
Page 11 of 41 · 2048 results