Browse Skills
Hunting For Data Staging Before Exfiltration
v1.0.0Detect data staging activity before exfiltration by monitoring for archive creation with 7-Zip/RAR, unusual temp folder access, large file consolidation, and staging directory patterns via EDR and process telemetry
Hunting For Data Exfiltration Indicators
v1.0.0Hunt for data exfiltration through network traffic analysis, detecting unusual data flows, DNS tunneling, cloud storage uploads, and encrypted channel abuse.
Hunting For Command And Control Beaconing
v1.0.0Detect C2 beaconing patterns in network traffic using frequency analysis, jitter detection, and domain reputation to identify compromised endpoints communicating with adversary infrastructure.
Hunting For Cobalt Strike Beacons
v1.0.0Detect Cobalt Strike beacon network activity using default TLS certificate signatures (serial 8BB00EE), JA3/JA3S/JARM fingerprints, HTTP C2 profile pattern matching, beacon jitter analysis, and named pipe detection via Zeek, Suricata, and Python PCAP analysis.
Hunting For Beaconing With Frequency Analysis
v1.0.0Identify command-and-control beaconing patterns in network traffic by applying statistical frequency analysis, jitter calculation, and coefficient of variation scoring to detect periodic callbacks from compromised endpoints.
Hunting For Anomalous Powershell Execution
v1.0.0>
Hunting Credential Stuffing Attacks
v1.0.0>
Hunting Advanced Persistent Threats
v1.0.0>
Hardening Windows Endpoint With Cis Benchmark
v1.0.0>
Hardening Linux Endpoint With Cis Benchmark
v1.0.0>
Hardening Docker Daemon Configuration
v1.0.0Harden the Docker daemon by configuring daemon.json with user namespace remapping, TLS authentication, rootless mode, and CIS benchmark controls.
Hardening Docker Containers For Production
v1.0.0Hardening Docker containers for production involves applying security best practices aligned with CIS Docker Benchmark v1.8.0 to minimize attack surface, prevent privilege escalation, and enforce leas