Claude Code Skills·Claude Skills·The open SKILL.md registry for Claude
ClaudSkillsAuthors › mahipal › Page 3

mahipal

756 Claude Code skills authored by mahipal.

updated 2026-07-06 · showing 121–180 of 756 by quality score

Average Pro QualityScore: 78.8/100

For the full experience including quality scoring and one-click install features for each skill — upgrade to Pro.

Conducts external reconnaissance using Open Source Intelligence (OSINT) techniques to map an organization''s
Classify and prioritize security incidents using structured IR playbooks to determine severity, assign response
Plan and execute a comprehensive red team engagement covering reconnaissance through post-exploitation using
Detects defense evasion techniques used by adversaries in endpoint logs including log tampering, timestomping,
Detect and prevent privilege escalation in Kubernetes pods by monitoring security contexts, capabilities, and
Integrate gitleaks and trufflehog into CI/CD pipelines to detect leaked secrets before deployment
Hunt for registry-based persistence mechanisms including Run keys, Winlogon modifications, IFEO injection, and
Detects insider data exfiltration by analyzing DLP policy violations, file access patterns, upload volume anomalies,
Implement GCP Binary Authorization to enforce deploy-time security controls that ensure only trusted, attested
Identifying and validating cross-site scripting vulnerabilities using Burp Suite's scanner, intruder, and repeater — from mahipal
Configure Cloudflare DDoS protection with managed rulesets, rate limiting, WAF rules, Bot Management, and origin
Parse NetFlow v9 and IPFIX records to detect volumetric anomalies, port scanning, data exfiltration, and C2 beaconing
Conduct internal Active Directory reconnaissance using BloodHound Community Edition to map attack paths, identify
Analyzes RAM memory dumps from compromised systems using the Volatility framework to identify malicious processes,
Collects and synthesizes open-source intelligence (OSINT) about threat actors, malicious infrastructure, and
Conduct a sector-specific threat landscape assessment by analyzing threat actor targeting patterns, common attack
Build an automated system to track adversary infrastructure using passive DNS, certificate transparency, WHOIS — from mahipal
Implements Mobile Application Management (MAM) policies to protect enterprise data on managed and unmanaged
Performs User and Entity Behavior Analytics (UEBA) to detect anomalous user activities including impossible
Configures host-based intrusion detection systems (HIDS) to monitor endpoint file integrity, system calls, and
Configures Microsoft Defender for Endpoint (MDE) advanced protection settings including attack surface reduction
Performs initial triage of security incidents to determine severity, scope, and required response actions using
Performs runtime dynamic analysis of Android applications using Frida, Objection, and Android Debug Bridge to
Secure Helm chart deployments by validating chart integrity, scanning templates for misconfigurations, and enforcing
Executes authorized phishing simulation campaigns to assess an organization''s susceptibility to email-based
Deploy Cisco Identity Services Engine for 802.1X wired and wireless authentication, MAC Authentication Bypass,
Indicator lifecycle management tracks IOCs from initial discovery through validation, enrichment, deployment,
Deploy Runtime Application Self-Protection (RASP) agents to detect and block attacks from within application
Parses Kubernetes API server audit logs (JSON lines) to detect exec-into-pod, secret access, RBAC modifications,
Investigate supply chain attack artifacts including trojanized software updates, compromised build pipelines,
Detect abuse of legitimate Windows binaries (LOLBins) used for living off the land attacks. Monitors process
Implement network segmentation based on the Purdue Enterprise Reference Architecture (PERA) model to separate
Build effective detection rules using Splunk Search Processing Language (SPL) correlation searches to identify
Automate phishing incident response using Splunk SOAR REST API to create containers, add artifacts, and trigger
Deploy a Havoc team server with Yaotl profiles, generate evasive Demon agents with indirect syscalls and sleep obfuscation, and run post-exploitation and pivoting for adversary…
Perform security assessments of SCADA Human-Machine Interface (HMI) systems to identify vulnerabilities in web-based
Deploy privileged access management for database systems including Oracle, SQL Server, PostgreSQL, and MySQL.
Harbor is an open-source container registry that provides security features including vulnerability scanning
Captures WPA/WPA2 handshakes and performs offline password cracking using aircrack-ng, hashcat, and dictionary
Analyzes indicators of compromise (IOCs) including IP addresses, domains, file hashes, URLs, and email artifacts
Parse Windows LNK shortcut files to extract target paths, timestamps, volume information, and machine identifiers
Implement continuous identity verification for zero trust using phishing-resistant MFA (FIDO2/WebAuthn), risk-based
Perform forensic analysis of SQLite databases to recover deleted records from freelists and WAL files, decode
Responds to security incidents in cloud environments (AWS, Azure, GCP) by performing identity-based containment,
Perform comprehensive Windows forensic artifact analysis using Eric Zimmerman's open-source EZ Tools suite including
Hunt for Volume Shadow Copy deletion activity that indicates ransomware preparation or anti-forensics by monitoring
Performs entitlement review and access certification campaigns using SailPoint IdentityIQ including manager
Installs, configures, and tunes Snort 3 intrusion detection system to monitor network traffic for malicious
Detects ransomware encryption activity in real time using entropy analysis, file system I/O monitoring, and
Detect and analyze Linux persistence mechanisms including crontab entries, systemd service units, LD_PRELOAD
Detect Kerberos Pass-the-Ticket (PtT) attacks by analyzing Windows Event IDs 4768, 4769, and 4771 for anomalous
Detect unauthorized SaaS and cloud service usage (shadow IT) by analyzing proxy logs, DNS query logs, and netflow
Integrates Static Application Security Testing (SAST), Dynamic Application Security Testing (DAST), and Software
Implements Security Orchestration, Automation, and Response (SOAR) workflows using Splunk SOAR (formerly Phantom)
MITRE ATT&CK is a globally-accessible knowledge base of adversary tactics, techniques, and procedures (TTPs)
Implement eBPF-based runtime security observability and enforcement in Kubernetes clusters using Cilium Tetragon
Deploy MISP (Malware Information Sharing Platform) to aggregate, correlate, and distribute threat intelligence
Harden the Docker daemon by configuring daemon.json with user namespace remapping, TLS authentication, rootless
Implement Kubernetes Pod Security Admission to enforce baseline and restricted security profiles at namespace
Vulnerability remediation SLAs define mandatory timeframes for patching or mitigating identified vulnerabilities
Search all 756 skills by mahipal →