Browse Skills
Detecting Kerberoasting Attacks
v1.0.0Detect Kerberoasting attacks by monitoring for anomalous Kerberos TGS requests targeting service accounts with SPNs for offline password cracking.
Detecting Insider Threat With Ueba
v1.0.0Implement User and Entity Behavior Analytics using Elasticsearch/OpenSearch to build behavioral baselines, calculate anomaly scores, perform peer group analysis, and detect insider threat indicators such as data exfiltration, privilege abuse, and unauthorized access patterns.
Detecting Insider Threat Behaviors
v1.0.0Detect insider threat behavioral indicators including unusual data access, off-hours activity, mass file downloads, privilege abuse, and resignation-correlated data theft.
Detecting Insider Data Exfiltration Via Dlp
v1.0.0>
Detecting Golden Ticket Forgery
v1.0.0Detect Kerberos Golden Ticket forgery by analyzing Windows Event ID 4769 for RC4 encryption downgrades (0x17), abnormal ticket lifetimes, and krbtgt account anomalies in Splunk and Elastic SIEM
Detecting Golden Ticket Attacks In Kerberos Logs
v1.0.0Detect Golden Ticket attacks in Active Directory by analyzing Kerberos TGT anomalies including mismatched encryption types, impossible ticket lifetimes, non-existent accounts, and forged PAC signatures in domain controller event logs.
Detecting Golden Ticket Attacks
v1.0.0>-
Detecting Fileless Malware Techniques
v1.0.0>
Detecting Fileless Attacks On Endpoints
v1.0.0>
Detecting Exfiltration Over Dns With Zeek
v1.0.0Detect DNS-based data exfiltration by analyzing Zeek dns.log for high-entropy subdomains and anomalous query patterns
Detecting Evasion Techniques In Endpoint Logs
v1.0.0>
Detecting Email Forwarding Rules Attack
v1.0.0Detect malicious email forwarding rules created by adversaries to maintain persistent access to email communications for intelligence collection and BEC attacks.