Top Rated
The most starred skills loved by the community. Quality guaranteed!
analyzing-malware-behavior-with-cuckoo-sandbox
by mukul975
Executes malware samples in Cuckoo Sandbox to observe runtime behavior including process creation, file system modifications, registry changes, network communications, and API calls. Generates comprehensive behavioral reports for malware classification and IOC extraction. Activates for requests involving dynamic malware analysis, sandbox detonation, behavioral analysis, or automated malware execution.
hindsight-docs
by vectorize-io
Complete Hindsight documentation for AI agents. Use this to learn about Hindsight architecture, APIs, configuration, and best practices.
dyad:pr-fix
by dyad-sh
Address all outstanding issues on a GitHub Pull Request by handling both review comments and failing CI checks.
hindsight-self-hosted
by vectorize-io
Store team knowledge, project conventions, and learnings from tasks. Use to remember what works and recall context before new tasks. Connects to a self-hosted Hindsight server. (user)
but
by gitbutlerapp
"Commit, push, branch, and manage version control with GitButler. Use for: commit my changes, check what changed, create a PR, push my branch, view diff, create branches, stage files, edit commit history, squash commits, amend commits, undo commits, pull requests, merge, stash work. Replaces git - use 'but' instead of git commit, git status, git push, git checkout, git add, git diff, git branch, git rebase, git stash, git merge. Covers all git, version control, and source control operations."
analyzing-cobalt-strike-beacon-configuration
by mukul975
Extract and analyze Cobalt Strike beacon configuration from PE files and memory dumps to identify C2 infrastructure,
analyzing-ios-app-security-with-objection
by mukul975
'Performs runtime mobile security exploration of iOS applications using Objection, a Frida-powered toolkit that
analyzing-email-headers-for-phishing-investigation
by mukul975
Parse and analyze email headers to trace the origin of phishing emails, verify sender authenticity, and identify
analyzing-ransomware-leak-site-intelligence
by mukul975
Monitor and analyze ransomware group data leak sites (DLS) to track victim postings, extract threat intelligence on group tactics, and assess sector-specific ransomware risk for proactive defense.
analyzing-apt-group-with-mitre-navigator
by mukul975
Analyze advanced persistent threat (APT) group techniques using MITRE ATT&CK Navigator to create layered heatmaps
analyzing-malicious-url-with-urlscan
by mukul975
URLScan.io is a free service for scanning and analyzing suspicious URLs. It captures screenshots, DOM content,
analyzing-certificate-transparency-for-phishing
by mukul975
Monitor Certificate Transparency logs using crt.sh and Certstream to detect phishing domains, lookalike certificates,
analyzing-windows-lnk-files-for-artifacts
by mukul975
Parse Windows LNK shortcut files to extract target paths, timestamps, volume information, and machine identifiers for forensic timeline reconstruction.
hindsight-cloud
by vectorize-io
Store team knowledge, project conventions, and learnings from tasks. Use to remember what works and recall context before new tasks. Connects to Hindsight Cloud. (user)
analyzing-golang-malware-with-ghidra
by mukul975
Reverse engineer Go-compiled malware using Ghidra with specialized scripts for function recovery, string extraction, and type reconstruction in stripped Go binaries.
analyzing-indicators-of-compromise
by mukul975
Analyzes indicators of compromise (IOCs) including IP addresses, domains, file hashes, URLs, and email artifacts to determine maliciousness confidence, campaign attribution, and blocking priority. Use when triaging IOCs from phishing emails, security alerts, or external threat feeds; enriching raw IOCs with multi-source intelligence; or making block/monitor/whitelist decisions. Activates for requests involving VirusTotal, AbuseIPDB, MalwareBazaar, MISP, or IOC enrichment pipelines.
analyzing-threat-intelligence-feeds
by mukul975
Analyzes structured and unstructured threat intelligence feeds to extract actionable indicators, adversary tactics, and campaign context. Use when ingesting commercial or open-source CTI feeds, evaluating feed quality, normalizing data into STIX 2.1 format, or enriching existing IOCs with campaign attribution. Activates for requests involving ThreatConnect, Recorded Future, Mandiant Advantage, MISP, AlienVault OTX, or automated feed aggregation pipelines.
analyzing-network-traffic-for-incidents
by mukul975
Analyzes network traffic captures and flow data to identify adversary activity during security incidents, including command-and-control communications, lateral movement, data exfiltration, and exploitation attempts. Uses Wireshark, Zeek, and NetFlow analysis techniques. Activates for requests involving network traffic analysis, packet capture investigation, PCAP analysis, network forensics, C2 traffic detection, or exfiltration detection.
p7
by tanweai
"P7 Senior Engineer mode — solution-driven execution under P8 supervision. Use when user says 'P7模式', '方案驱动', or when spawned as sub-task executor by P8. Produces: implementation plan + code + 3-question self-review, delivered via [P7-COMPLETION]."
verify
by pubkey
Verifies code changes by running tests and generation scripts
analyzing-outlook-pst-for-email-forensics
by mukul975
Analyze Microsoft Outlook PST and OST files for email forensic evidence including message content, headers, attachments,
analyzing-security-logs-with-splunk
by mukul975
Leverages Splunk Enterprise Security and SPL (Search Processing Language) to investigate security incidents through log correlation, timeline reconstruction, and anomaly detection. Covers Windows event logs, firewall logs, proxy logs, and authentication data analysis. Activates for requests involving Splunk investigation, SPL queries, SIEM log analysis, security event correlation, or log-based incident investigation.
analyzing-campaign-attribution-evidence
by mukul975
Campaign attribution analysis involves systematically evaluating evidence to determine which threat actor or
acquiring-disk-image-with-dd-and-dcfldd
by mukul975
Create forensically sound bit-for-bit disk images using dd and dcfldd while preserving evidence integrity through