Claude Code Skills·Claude Skills·The open SKILL.md registry for Claude
ClaudSkillsAuthors › mahipal › Page 12

mahipal

756 Claude Code skills authored by mahipal.

updated 2026-07-06 · showing 661–720 of 756 by quality score

Average Pro QualityScore: 78.8/100

For the full experience including quality scoring and one-click install features for each skill — upgrade to Pro.

Implements application whitelisting using Windows AppLocker to restrict unauthorized software execution on endpoints,
Model threat actors, intrusion sets, campaigns, and TTPs as a STIX 2.1 knowledge graph in OpenCTI (Filigran) using the pycti Python client, connectors, and import workers for…
Hunt for adversary persistence through Windows Management Instrumentation event subscriptions by monitoring WMI
Parse Windows Prefetch files to determine program execution history including run counts, timestamps, and referenced
Deploys canary tokens and honeytokens (fake AWS credentials, DNS canaries, document beacons, database records)
Deploy and configure Wazuh SIEM/XDR for endpoint detection including agent management, custom decoder and rule
Detect NTFS timestamp manipulation (MITRE T1070.006) by comparing $STANDARD_INFORMATION vs $FILE_NAME timestamps
Hunt for adversary abuse of Living Off the Land Binaries (LOLBins) by analyzing endpoint process creation logs
Conduct red team operations using the Covenant C2 framework for authorized adversary simulation, including listener
Deploy Zeek network security monitor to capture, parse, and analyze network traffic metadata for threat detection,
Performs purple team exercises by coordinating red team adversary emulation with blue team detection validation
Triage npm packages for install-script malware, exfiltration, and worming behavior.
Nikto is an open-source web server and web application scanner that tests against over 7,000 potentially dangerous
Deploys and configures osquery for real-time endpoint monitoring using SQL-based queries to inspect running
Extract embedded configuration from Agent Tesla RAT samples including SMTP/FTP/Telegram exfiltration credentials,
Detect anomalies in DNP3 (Distributed Network Protocol 3) communications used in SCADA systems by monitoring
Extract and catalog attack patterns from cyber threat intelligence reports into a structured STIX-based library
Implement a structured threat intelligence lifecycle encompassing planning, collection, processing, analysis, — from Undermybelt/hermes-skills
Queries Certificate Transparency logs via crt.sh and pycrtsh to detect phishing domains, unauthorized certificate
Detect OS credential dumping techniques targeting LSASS memory, SAM database, NTDS.dit, and cached credentials
Parse and analyze email headers to trace the origin of phishing emails, verify sender authenticity, and identify
Implements 802.1X port-based network access control using RADIUS authentication, PacketFence NAC, and switch
Collect Active Directory data with SharpHound and Entra ID data with AzureHound, ingest into BloodHound Community Edition, and analyze on-prem, cloud, and hybrid attack paths with…
Performs proactive threat hunting in Elastic Security SIEM using KQL/EQL queries, detection rules, and Timeline
Analyze advanced persistent threat (APT) group techniques using MITRE ATT&CK Navigator to create layered heatmaps
Implementing device posture assessment as a zero trust access control by integrating endpoint health signals
Deploy CyberArk Secure Cloud Access to eliminate standing privileges in hybrid and multi-cloud environments using
Analyze memory dumps using Volatility3 plugins to detect injected code, rootkits, credential theft, and malware
Hardens Linux endpoints using CIS Benchmark recommendations for Ubuntu, RHEL, and CentOS to reduce attack surface,
Analyzes Windows Security, System, and Sysmon event logs in Splunk to detect authentication attacks, privilege
Extract and analyze browser history, cookies, cache, downloads, and bookmarks from Chrome, Firefox, and Edge
Detects fileless malware and in-memory attacks that execute entirely in RAM without writing persistent files
Exploits JWT algorithm confusion vulnerabilities where the server''s token verification library accepts the
Analyze the NTFS Master File Table ($MFT) to recover metadata and content of deleted files by examining MFT record
Performs static analysis of Windows PE (Portable Executable) malware samples using PEStudio to examine file
Tests OAuth 2.0 and OpenID Connect implementations for security flaws including authorization code interception, — from mahipal
Collect, parse, and correlate system, application, and security logs to reconstruct events and establish timelines
Monitor for brand impersonation attacks across domains, social media, mobile apps, and dark web channels to detect
Deploy Aqua Security's Trivy scanner to detect vulnerabilities, misconfigurations, secrets, and license issues
Exploit privileged pods, host mounts, runC CVEs, and exposed Docker sockets to break out of a container and reach the underlying host during authorized container-security…
Establish SAML 2.0 identity federation between on-premises Active Directory and Azure AD (Microsoft Entra ID)
Detect command injection attacks against Modbus TCP/RTU protocol in ICS environments by monitoring for unauthorized
Assess Bluetooth Low Energy device security by scanning, enumerating GATT services, and detecting vulnerabilities
Implements cloud workload protection using boto3 and google-cloud APIs for runtime security monitoring, process
Perform lateral movement across Windows networks using WMI-based remote execution techniques including Impacket
Tests APIs for excessive data exposure where endpoints return more data than the client application needs, relying
Executes malware samples in Cuckoo Sandbox to observe runtime behavior including process creation, file system
Tenable Nessus is the industry-leading vulnerability scanner used to identify security weaknesses across network
Designs and documents structured incident response playbooks that define step-by-step procedures for specific
Captures and analyzes network packet data using Wireshark and tshark to identify malicious traffic patterns,
Detect and exploit blind Server-Side Request Forgery vulnerabilities using out-of-band techniques, DNS interactions,
Ed25519 is a high-performance digital signature algorithm using the Edwards curve Curve25519. It provides 128-bit
Investigate USB device connection history from Windows registry, event logs, and setupapi logs to track removable
This skill teaches security teams how to detect and respond to unauthorized cryptocurrency mining operations
This skill covers hardening container images by minimizing attack surface, removing unnecessary packages, implementing
This skill covers deploying Microsoft Sentinel as a cloud-native SIEM and SOAR platform for centralized security
This skill guides practitioners through hardening AWS Identity and Access Management configurations to enforce
This skill covers implementing Okta as a centralized identity provider for cloud environments, configuring SSO
This skill covers conducting comprehensive security assessments of Operational Technology (OT) networks including
This skill outlines methodologies for performing authorized penetration testing against AWS, Azure, and GCP
Search all 756 skills by mahipal →