Browse Skills
Detecting Misconfigured Azure Storage
v1.0.0>
Detecting Modbus Command Injection Attacks
v1.0.0>
Detecting Modbus Protocol Anomalies
v1.0.0>
Detecting Network Anomalies With Zeek
v1.0.0>
Detecting Network Scanning With Ids Signatures
v1.0.0Detect network reconnaissance and port scanning using Suricata and Snort IDS signatures, threshold-based detection rules, and traffic anomaly analysis to identify Nmap, Masscan, and custom scanning activity.
Detecting Oauth Token Theft
v1.0.0>
Detecting Pass The Hash Attacks
v1.0.0Detect Pass-the-Hash attacks by analyzing NTLM authentication patterns, identifying Type 3 logons with NTLM where Kerberos is expected, and correlating with credential dumping.
Detecting Pass The Ticket Attacks
v1.0.0Detect Kerberos Pass-the-Ticket (PtT) attacks by analyzing Windows Event IDs 4768, 4769, and 4771 for anomalous ticket usage patterns in Splunk and Elastic SIEM
Detecting Port Scanning With Fail2ban
v1.0.0>
Detecting Privilege Escalation Attempts
v1.0.0Detect privilege escalation attempts including token manipulation, UAC bypass, unquoted service paths, kernel exploits, and sudo/doas abuse across Windows and Linux.
Detecting Process Hollowing Technique
v1.0.0Detect process hollowing (T1055.012) by analyzing memory-mapped sections, hollowed process indicators, and parent-child process anomalies in EDR telemetry.
Detecting Process Injection Techniques
v1.0.0>