Loading...
Loading...
Found 14 Skills
Guides defensive security analysis—alert triage, log and SIEM investigation, threat hunting, detection engineering basics, MITRE ATT&CK mapping, incident scoping, containment recommendations, and DFIR evidence handling for SOC and blue-team analysts. Use when investigating security alerts, writing detection rules, tuning false positives, analyzing EDR/network/auth logs, building timelines of suspicious activity, recommending containment steps, or documenting findings for incident command—not for enterprise security strategy (cybersecurity), CI/CD pipeline hardening (devsecops), offensive pentest execution (authorize red team separately), or LLM adversarial testing (ai-redteam), or designing on-call rotations and postmortem programs (incident-management-engineer).
Guides authoring of high-quality YARA-X detection rules for malware identification. Use when writing, reviewing, or optimizing YARA rules. Covers naming conventions, string selection, performance optimization, migration from legacy YARA, and false positive reduction. Triggers on: YARA, YARA-X, malware detection, threat hunting, IOC, signature, crx module, dex module.
Detect compromised O365 and Google Workspace email accounts by analyzing inbox rule creation, suspicious sign-in locations, mail forwarding rules, and unusual API access patterns via Microsoft Graph and audit logs.
Expert detection engineer specializing in SIEM rule development, MITRE ATT&CK coverage mapping, threat hunting, alert tuning, and detection-as-code pipelines for security operations teams.
Use when hunting for threats in an environment, analyzing IOCs, or detecting behavioral anomalies in telemetry. Covers hypothesis-driven threat hunting, IOC sweep generation, z-score anomaly detection, and MITRE ATT&CK-mapped signal prioritization.
Query unified Sigma, Splunk, Elastic, KQL, Sublime, and CrowdStrike security detection rules via MCP server with MITRE ATT&CK mapping and coverage analysis
Monitor and analyze ransomware group data leak sites (DLS) to track victim postings, extract threat intelligence on group tactics, and assess sector-specific ransomware risk for proactive defense.
Detect insider threat behavioral indicators including unusual data access, off-hours activity, mass file downloads, privilege abuse, and resignation-correlated data theft.
Guide for security-related Agent Skills including penetration testing, code auditing, threat hunting, and forensics skills.
Queries Certificate Transparency logs via crt.sh and pycrtsh to detect phishing domains, unauthorized certificate issuance, and shadow IT. Monitors newly issued certificates for typosquatting and brand impersonation using Levenshtein distance. Use for proactive phishing domain detection and certificate monitoring.
Investigate supply chain attack artifacts including trojanized software updates, compromised build pipelines, and sideloaded dependencies to identify intrusion vectors and scope of compromise.
Security detection use cases for identifying threats across network, endpoint, identity, cloud, application, and email vectors. Use for building detection rules, analyzing security events, and threat hunting operations.