Inspect captured RAM images to enumerate processes, modules, handles, and suspicious in-memory behavior before escalation or evidence handoff.
Score 70/100
Perform static analysis of Android APK malware samples using apktool for decompilation, jadx for Java source
Score 70/100
Parses API Gateway access logs (AWS API Gateway, Kong, Nginx) to detect BOLA/IDOR attacks, rate limit bypass,
Score 70/100
Analyze advanced persistent threat (APT) group techniques using MITRE ATT&CK Navigator to create layered heatmaps
Score 70/100
Queries Azure Monitor activity logs and sign-in logs via azure-monitor-query to detect suspicious administrative
Score 70/100
Analyzes bootkit and advanced rootkit malware that infects the Master Boot Record (MBR), Volume Boot Record
Score 70/100
Campaign attribution analysis involves systematically evaluating evidence to determine which threat actor or
Score 70/100
Monitor Certificate Transparency logs using crt.sh and Certstream to detect phishing domains, lookalike certificates,
Score 70/100
Analyzes malware command-and-control (C2) communication protocols to understand beacon patterns, command structures,
Score 70/100
Expert at analyzing the quality and effectiveness of Claude Code components (agents, skills, commands, hooks). Assumes component is already technically valid.
Score 70/100
Identifies weak cryptographic algorithms, hardcoded keys, and insecure key management practices in binary code.
Score 70/100
Analyzes intrusion activity against the Lockheed Martin Cyber Kill Chain framework to identify which phases
Score 70/100
Analyze dependencies for known security vulnerabilities and outdated versions. Use when auditing third-party libraries.
Score 70/100
Parse and analyze email headers to trace the origin of phishing emails, verify sender authenticity, and identify
Score 70/100
Perform static and symbolic analysis of Solidity smart contracts using Slither and Mythril to detect reentrancy,
Score 70/100
Reverse engineer Go-compiled malware using Ghidra with specialized scripts for function recovery, string extraction,
Score 70/100
Detect and analyze heap spray attacks in memory dumps using Volatility3 plugins to identify NOP sled patterns,
Score 70/100
Performs runtime mobile security exploration of iOS applications using Objection, a Frida-powered toolkit that
Score 70/100
Uses the Linux Audit framework (auditd) with ausearch and aureport utilities to detect intrusion attempts, unauthorized
Score 70/100
Analyzes malicious Linux ELF (Executable and Linkable Format) binaries including botnets, cryptominers, ransomware,
Score 70/100
Analyzes malicious VBA macros embedded in Microsoft Office documents (Word, Excel, PowerPoint) to identify download
Score 70/100
Executes malware samples in Cuckoo Sandbox to observe runtime behavior including process creation, file system
Score 70/100
Use the Malpedia platform and API to research malware family relationships, track variant evolution, link families
Score 70/100
Use Sysinternals Autoruns to systematically identify and analyze malware persistence mechanisms across registry
Score 70/100
Detect sandbox evasion techniques in malware samples by analyzing timing checks, VM artifact queries, user interaction
Score 70/100
Analyze cryptocurrency market sentiment using Fear & Greed Index, news analysis, and market momentum.
Score 70/100
Detect and analyze covert communication channels used by malware including DNS tunneling, ICMP exfiltration,
Score 70/100
Analyzes network traffic captures and flow data to identify adversary activity during security incidents, including
Score 70/100
Analyzes network traffic generated by malware during sandbox execution or live incident response to identify
Score 70/100
Captures and analyzes network packet data using Wireshark and tshark to identify malicious traffic patterns,
Score 70/100
Process perform on-chain analysis including whale tracking, token flows, and network activity. Use when performing crypto analysis.
Score 70/100
Track crypto options flow to identify institutional positioning and market sentiment. Use when tracking institutional options flow.
Score 70/100
Identifies and unpacks UPX-packed and other packed malware samples to expose the original executable code for
Score 70/100
Analyzes malicious PDF files using PDFiD, pdf-parser, and peepdf to identify embedded JavaScript, shellcode,
Score 70/100
Analyzes network protocol implementations to identify parsing vulnerabilities, state machine issues, and protocol-level security problems.
Score 70/100
Analyzes encryption algorithms, key management, and file encryption routines used by ransomware families to
Score 70/100
Monitor and analyze ransomware group data leak sites (DLS) to track victim postings, extract threat intelligence
Score 70/100
Identify ransomware network indicators including C2 beaconing patterns, TOR exit node connections, data exfiltration
Score 70/100
Traces ransomware cryptocurrency payment flows using blockchain analysis tools such as Chainalysis Reactor,
Score 70/100
Parses Software Bill of Materials (SBOM) in CycloneDX and SPDX JSON formats to identify supply chain vulnerabilities
Score 70/100
Analyze HTTP security headers of web domains to identify vulnerabilities and misconfigurations. Use when you need to audit website security headers, assess header compliance, or…
Score 70/100
Leverages Splunk Enterprise Security and SPL (Search Processing Language) to investigate security incidents
Score 70/100
Detects session management vulnerabilities including session fixation, session hijacking, and insecure cookie handling.
Score 70/100
Investigate supply chain attack artifacts including trojanized software updates, compromised build pipelines,
Score 70/100
Tracks untrusted input propagation from sources to sinks in binary code to identify injection vulnerabilities.
Score 70/100
MITRE ATT&CK is a globally-accessible knowledge base of adversary tactics, techniques, and procedures (TTPs)
Score 70/100
Map advanced persistent threat (APT) group tactics, techniques, and procedures (TTPs) to the MITRE ATT&CK framework
Score 70/100
Analyzes structured and unstructured threat intelligence feeds to extract actionable indicators, adversary tactics,
Score 70/100
Analyze the threat landscape using MISP (Malware Information Sharing Platform) by querying event statistics,
Score 70/100
Queries Certificate Transparency logs via crt.sh and pycrtsh to detect phishing domains, unauthorized certificate
Score 70/100
Detect typosquatting, homograph phishing, and brand impersonation domains using dnstwist to generate domain permutations
Score 70/100
Parse Apache and Nginx access logs to detect SQL injection attempts, local file inclusion, directory traversal,
Score 70/100
Analyzes Windows Security, System, and Sysmon event logs in Splunk to detect authentication attacks, privilege
Score 70/100
Expert Anchor smart contract development for Solana (January 2026). Use when (1) Writing or auditing Solana programs, (2) Implementing security patterns, (3) Defining account…
Score 70/100
Scaffold a production-ready native Android app -- generate a complete Kotlin project with Jetpack Compose UI, MVVM architecture, Hilt dependency injection, Room database with…
Score 70/100
AndroidアプリのセキュリティレビューをOWASP Mobile Top 10 2024およびMASVS (Mobile Application Security Verification Standard) の観点で実施し、Markdownレポートを生成する。 Use when: (1) Androidアプリのセキュリティ監査/レビュー依頼時 (2)…
Score 70/100
Configure Android release build signing with dual-source credentials (env vars + gradle.properties)
Score 70/100
Secure Anima and Figma tokens for design-to-code pipelines. Use when protecting API credentials, restricting Figma access scope, or hardening CI/CD design automation pipelines.
Score 70/100
Annual security report aggregation and analysis. USE WHEN annual reports, security reports, threat reports, industry reports, update reports, analyze reports, vendor reports,…
Score 70/100
Apply Anthropic Claude API security best practices for key management, input validation, and prompt injection defense.
Score 70/100