mukul975
@mukul975
Public Skills
analyzing-kubernetes-audit-logs
by mukul975
'Parses Kubernetes API server audit logs (JSON lines) to detect exec-into-pod, secret access, RBAC modifications,
analyzing-cloud-storage-access-patterns
by mukul975
Detect abnormal access patterns in AWS S3, GCS, and Azure Blob Storage by analyzing CloudTrail Data Events, GCS
analyzing-malware-family-relationships-with-malpedia
by mukul975
Use the Malpedia platform and API to research malware family relationships, track variant evolution, link families to threat actors, and integrate YARA rules for detection across malware lineages.
analyzing-bootkit-and-rootkit-samples
by mukul975
Analyzes bootkit and advanced rootkit malware that infects the Master Boot Record (MBR), Volume Boot Record (VBR), or UEFI firmware to gain persistence below the operating system. Covers boot sector analysis, UEFI module inspection, and anti-rootkit detection techniques. Activates for requests involving bootkit analysis, MBR malware investigation, UEFI persistence analysis, or pre-OS malware detection.
analyzing-pdf-malware-with-pdfid
by mukul975
Analyzes malicious PDF files using PDFiD, pdf-parser, and peepdf to identify embedded JavaScript, shellcode, exploits, and suspicious objects without opening the document. Determines the attack vector and extracts embedded payloads for further analysis. Activates for requests involving PDF malware analysis, malicious document analysis, PDF exploit investigation, or suspicious attachment triage.
analyzing-slack-space-and-file-system-artifacts
by mukul975
Examine file system slack space, MFT entries, USN journal, and alternate data streams to recover hidden data and reconstruct file activity on NTFS volumes.
analyzing-lnk-file-and-jump-list-artifacts
by mukul975
Analyze Windows LNK shortcut files and Jump List artifacts to establish evidence of file access, program execution, and user activity using LECmd, JLECmd, and manual binary parsing of the Shell Link Binary format.
analyzing-cyber-kill-chain
by mukul975
'Analyzes intrusion activity against the Lockheed Martin Cyber Kill Chain framework to identify which phases
analyzing-cobaltstrike-malleable-c2-profiles
by mukul975
Parse and analyze Cobalt Strike Malleable C2 profiles using dissect.cobaltstrike and pyMalleableC2 to extract
analyzing-browser-forensics-with-hindsight
by mukul975
Analyze Chromium-based browser artifacts using Hindsight to extract browsing history, downloads, cookies, cached
analyzing-macro-malware-in-office-documents
by mukul975
'Analyzes malicious VBA macros embedded in Microsoft Office documents (Word, Excel, PowerPoint) to identify download
analyzing-dns-logs-for-exfiltration
by mukul975
'Analyzes DNS query logs to detect data exfiltration via DNS tunneling, DGA domain communication, and covert
analyzing-linux-system-artifacts
by mukul975
Examine Linux system artifacts including auth logs, cron jobs, shell history, and system configuration to uncover
analyzing-linux-audit-logs-for-intrusion
by mukul975
'Uses the Linux Audit framework (auditd) with ausearch and aureport utilities to detect intrusion attempts, unauthorized
analyzing-heap-spray-exploitation
by mukul975
Detect and analyze heap spray attacks in memory dumps using Volatility3 plugins to identify NOP sled patterns,
analyzing-linux-elf-malware
by mukul975
Analyzes malicious Linux ELF (Executable and Linkable Format) binaries including botnets, cryptominers, ransomware, and rootkits targeting Linux servers, containers, and cloud infrastructure. Covers static analysis, dynamic tracing, and reverse engineering of x86_64 and ARM ELF samples. Activates for requests involving Linux malware analysis, ELF binary investigation, Linux server compromise assessment, or container malware analysis.
analyzing-typosquatting-domains-with-dnstwist
by mukul975
Detect typosquatting, homograph phishing, and brand impersonation domains using dnstwist to generate domain permutations and identify registered lookalike domains targeting your organization.
analyzing-network-covert-channels-in-malware
by mukul975
Detect and analyze covert communication channels used by malware including DNS tunneling, ICMP exfiltration,
analyzing-apt-group-with-mitre-navigator
by mukul975
Analyze advanced persistent threat (APT) group techniques using MITRE ATT&CK Navigator to create layered heatmaps
analyzing-malicious-url-with-urlscan
by mukul975
URLScan.io is a free service for scanning and analyzing suspicious URLs. It captures screenshots, DOM content,
analyzing-cobalt-strike-beacon-configuration
by mukul975
Extract and analyze Cobalt Strike beacon configuration from PE files and memory dumps to identify C2 infrastructure,
analyzing-ios-app-security-with-objection
by mukul975
'Performs runtime mobile security exploration of iOS applications using Objection, a Frida-powered toolkit that
analyzing-email-headers-for-phishing-investigation
by mukul975
Parse and analyze email headers to trace the origin of phishing emails, verify sender authenticity, and identify
analyzing-ransomware-leak-site-intelligence
by mukul975
Monitor and analyze ransomware group data leak sites (DLS) to track victim postings, extract threat intelligence on group tactics, and assess sector-specific ransomware risk for proactive defense.
analyzing-packed-malware-with-upx-unpacker
by mukul975
'Identifies and unpacks UPX-packed and other packed malware samples to expose the original executable code for
analyzing-windows-lnk-files-for-artifacts
by mukul975
Parse Windows LNK shortcut files to extract target paths, timestamps, volume information, and machine identifiers for forensic timeline reconstruction.
analyzing-certificate-transparency-for-phishing
by mukul975
Monitor Certificate Transparency logs using crt.sh and Certstream to detect phishing domains, lookalike certificates,
analyzing-active-directory-acl-abuse
by mukul975
Detect dangerous ACL misconfigurations in Active Directory using ldap3 to identify GenericAll, WriteDACL, and
analyzing-security-logs-with-splunk
by mukul975
Leverages Splunk Enterprise Security and SPL (Search Processing Language) to investigate security incidents through log correlation, timeline reconstruction, and anomaly detection. Covers Windows event logs, firewall logs, proxy logs, and authentication data analysis. Activates for requests involving Splunk investigation, SPL queries, SIEM log analysis, security event correlation, or log-based incident investigation.
analyzing-campaign-attribution-evidence
by mukul975
Campaign attribution analysis involves systematically evaluating evidence to determine which threat actor or
analyzing-memory-dumps-with-volatility
by mukul975
'Analyzes RAM memory dumps from compromised systems using the Volatility framework to identify malicious processes,
analyzing-linux-kernel-rootkits
by mukul975
Detect kernel-level rootkits in Linux memory dumps using Volatility3 linux plugins (check_syscall, lsmod, hidden_modules),
analyzing-outlook-pst-for-email-forensics
by mukul975
Analyze Microsoft Outlook PST and OST files for email forensic evidence including message content, headers, attachments,
acquiring-disk-image-with-dd-and-dcfldd
by mukul975
Create forensically sound bit-for-bit disk images using dd and dcfldd while preserving evidence integrity through
analyzing-malware-persistence-with-autoruns
by mukul975
Use Sysinternals Autoruns to systematically identify and analyze malware persistence mechanisms across registry
analyzing-windows-registry-for-artifacts
by mukul975
Extract and analyze Windows Registry hives to uncover user activity, installed software, autostart entries, and evidence of system compromise.
analyzing-docker-container-forensics
by mukul975
Investigate compromised Docker containers by analyzing images, layers, volumes, logs, and runtime artifacts to
analyzing-golang-malware-with-ghidra
by mukul975
Reverse engineer Go-compiled malware using Ghidra with specialized scripts for function recovery, string extraction, and type reconstruction in stripped Go binaries.
analyzing-indicators-of-compromise
by mukul975
Analyzes indicators of compromise (IOCs) including IP addresses, domains, file hashes, URLs, and email artifacts to determine maliciousness confidence, campaign attribution, and blocking priority. Use when triaging IOCs from phishing emails, security alerts, or external threat feeds; enriching raw IOCs with multi-source intelligence; or making block/monitor/whitelist decisions. Activates for requests involving VirusTotal, AbuseIPDB, MalwareBazaar, MISP, or IOC enrichment pipelines.
auditing-aws-s3-bucket-permissions
by mukul975
Systematically audit AWS S3 bucket permissions to identify publicly accessible buckets, overly permissive ACLs, misconfigured bucket policies, and missing encryption settings using AWS CLI, S3audit, and Prowler to enforce least-privilege data access controls.
analyzing-threat-intelligence-feeds
by mukul975
Analyzes structured and unstructured threat intelligence feeds to extract actionable indicators, adversary tactics, and campaign context. Use when ingesting commercial or open-source CTI feeds, evaluating feed quality, normalizing data into STIX 2.1 format, or enriching existing IOCs with campaign attribution. Activates for requests involving ThreatConnect, Recorded Future, Mandiant Advantage, MISP, AlienVault OTX, or automated feed aggregation pipelines.
analyzing-network-traffic-for-incidents
by mukul975
Analyzes network traffic captures and flow data to identify adversary activity during security incidents, including command-and-control communications, lateral movement, data exfiltration, and exploitation attempts. Uses Wireshark, Zeek, and NetFlow analysis techniques. Activates for requests involving network traffic analysis, packet capture investigation, PCAP analysis, network forensics, C2 traffic detection, or exfiltration detection.
analyzing-command-and-control-communication
by mukul975
Analyzes malware command-and-control (C2) communication protocols to understand beacon patterns, command structures, data encoding, and infrastructure. Covers HTTP, HTTPS, DNS, and custom protocol C2 analysis for detection development and threat intelligence. Activates for requests involving C2 analysis, beacon detection, C2 protocol reverse engineering, or command-and-control infrastructure mapping.
analyzing-malware-behavior-with-cuckoo-sandbox
by mukul975
Executes malware samples in Cuckoo Sandbox to observe runtime behavior including process creation, file system modifications, registry changes, network communications, and API calls. Generates comprehensive behavioral reports for malware classification and IOC extraction. Activates for requests involving dynamic malware analysis, sandbox detonation, behavioral analysis, or automated malware execution.
analyzing-memory-forensics-with-lime-and-volatility
by mukul975
'Performs Linux memory acquisition using LiME (Linux Memory Extractor) kernel module and analysis with Volatility
auditing-azure-active-directory-configuration
by mukul975
Auditing Microsoft Entra ID (Azure Active Directory) configuration to identify risky authentication policies, overly permissive role assignments, stale accounts, conditional access gaps, and guest user risks using AzureAD PowerShell, Microsoft Graph API, and ScoutSuite.
analyzing-office365-audit-logs-for-compromise
by mukul975
Parse Office 365 Unified Audit Logs via Microsoft Graph API to detect email forwarding rule creation, inbox delegation,
analyzing-azure-activity-logs-for-threats
by mukul975
'Queries Azure Monitor activity logs and sign-in logs via azure-monitor-query to detect suspicious administrative
analyzing-disk-image-with-autopsy
by mukul975
Perform comprehensive forensic analysis of disk images using Autopsy to recover files, examine artifacts, and
analyzing-android-malware-with-apktool
by mukul975
Perform static analysis of Android APK malware samples using apktool for decompilation, jadx for Java source
analyzing-malicious-pdf-with-peepdf
by mukul975
Perform static analysis of malicious PDF documents using peepdf, pdfid, and pdf-parser to extract embedded JavaScript,
analyzing-malware-sandbox-evasion-techniques
by mukul975
Detect sandbox evasion techniques in malware samples by analyzing timing checks, VM artifact queries, user interaction
analyzing-ethereum-smart-contract-vulnerabilities
by mukul975
Perform static and symbolic analysis of Solidity smart contracts using Slither and Mythril to detect reentrancy,
analyzing-api-gateway-access-logs
by mukul975
'Parses API Gateway access logs (AWS API Gateway, Kong, Nginx) to detect BOLA/IDOR attacks, rate limit bypass,
analyzing-network-flow-data-with-netflow
by mukul975
Parse NetFlow v9 and IPFIX records to detect volumetric anomalies, port scanning, data exfiltration, and C2 beaconing
analyzing-network-traffic-of-malware
by mukul975
'Analyzes network traffic generated by malware during sandbox execution or live incident response to identify
analyzing-network-packets-with-scapy
by mukul975
Craft, send, sniff, and dissect network packets using Scapy for protocol analysis, network reconnaissance, and
analyzing-network-traffic-with-wireshark
by mukul975
'Captures and analyzes network packet data using Wireshark and tshark to identify malicious traffic patterns,
analyzing-mft-for-deleted-file-recovery
by mukul975
Analyze the NTFS Master File Table ($MFT) to recover metadata and content of deleted files by examining MFT record entries, $LogFile, $UsnJrnl, and MFT slack space using MFTECmd, analyzeMFT, and X-Ways Forensics.