hunting-for-living-off-the-cloud-techniques

Part of the largest open-source cybersecurity skills library with 754 skills across 26 security domains. Provides digital forensics guidance on acquiring disk images using dd and dcfldd tools for incident response and forensic investigations.

A cybersecurity skill for analyzing API gateway access logs, part of the Anthropic Cybersecurity Skills library of 754 production-grade skills across 26 security domains with MITRE ATT&CK and NIST framework mappings.

Analyzes intrusion activity against the Lockheed Martin Cyber Kill Chain framework to identify completed attack phases, evaluate defense successes/failures, and recommend controls for earlier attack interruption, with MITRE ATT&CK integration.

Parses and analyzes email headers to trace the origin of phishing emails, verify sender authenticity, and identify spoofing through SPF, DKIM, and DMARC validation with DNS lookup tools and threat intelligence integration.

A cybersecurity skill teaching AI agents to analyze Android malware using APKTool for reverse engineering APK files, examining manifests, decompiled code, and identifying malicious behaviors.

A digital forensics skill for analyzing Chromium-based browser artifacts (Chrome, Edge, Brave, Opera) using Hindsight to extract and correlate browsing history, downloads, cookies, autofill data, saved passwords, and extensions into unified forensic timelines.

Guides investigating compromised Docker containers by analyzing images, layers, volumes, logs, and runtime artifacts to identify malicious activity, container escape attempts, and security misconfigurations.

A cybersecurity skill from a 754-skill library that teaches AI agents to analyze Certificate Transparency logs to detect and investigate phishing infrastructure.

A cybersecurity skill from the Anthropic Cybersecurity Skills library that guides AI agents in analyzing cloud storage access patterns to identify unauthorized access, data exfiltration attempts, and misconfigured permissions across cloud environments.

Detects dangerous ACL misconfigurations in Active Directory using ldap3 to identify GenericAll, WriteDACL, and WriteOwner abuse paths for security investigations.