MCP App StoreMCP App Store
from anthropic-cybersecurity-skills14,674
Guided procedures to identify DCSync-capable accounts and extract Active Directory credential hashes (KRBTGT, admin) for authorized red-team testing and validat
Provides a step-by-step, tool-backed workflow for performing DCSync-based credential extraction in Active Directory test environments. Covers enumeration of principals with replication rights, using Mimikatz and Impacket to extract KRBTGT and other account hashes, and creating Golden Tickets for persistence — with detection and mitigation guidance.
Use during authorized red-team engagements, purple-team exercises, or incident response validation in isolated labs. Not for unauthorized targeting of production systems; the skill includes legal and safety notices and detection recommendations.
Best suited for agents and environments that support command-line guidance and security tooling (e.g., Claude Code, GitHub Copilot, Codex CLI, Cursor, Gemini CLI).
This skill has not been reviewed by our automated audit pipeline yet.
Analyzing Ransomware Leak Site Intelligence
Collect and analyze ransomware data-leak site (DLS) postings to extract victim, group, sector, and timeline intelligence for threat hunting and risk assessment.
Evaluating Threat Intelligence Platforms
Guides procurement, evaluation, and proof-of-concept testing for Threat Intelligence Platforms (MISP, OpenCTI, ThreatConnect, Anomali, EclecticIQ) based on inte
Performing Threat Modeling with OWASP Threat Dragon
Use OWASP Threat Dragon to create data-flow diagrams, apply STRIDE/LINDDUN threat classifications, and generate threat-model reports to guide secure design revi
Testing for XSS Vulnerabilities with Burp Suite
Guided workflow to identify, validate, and document reflected, stored, and DOM-based XSS using Burp Suite (scanner, repeater, intruder, DOM Invader).
Hunting for Cobalt Strike Beacons
Detect Cobalt Strike beacon network activity using TLS certificate signatures, JA3/JA3S/JARM fingerprints, HTTP profile matching, and timing analysis in Zeek/Su
AIML Spambot Benchmark (ISC)
Benchmark template for evaluating spam-detection models using anchored spam campaign examples (contains harmful anchoring content).
Analyzing Ransomware Leak Site Intelligence
Collect and analyze ransomware data-leak site (DLS) posts to extract victim, group, sector and geographic trends for threat intelligence and proactive defense.
Analyzing Ransomware Leak Site Intelligence
Collect and analyze ransomware data-leak site (DLS) postings to extract victim, group, sector, and timeline intelligence for threat hunting and risk assessment.
Evaluating Threat Intelligence Platforms
Guides procurement, evaluation, and proof-of-concept testing for Threat Intelligence Platforms (MISP, OpenCTI, ThreatConnect, Anomali, EclecticIQ) based on inte
Security Research Meta-Methodology
A structured vulnerability research framework distilled from 5600+ security docs, covering web injection, deserialization, binary exploitation, domain pentest,
Performing Threat Modeling with OWASP Threat Dragon
Use OWASP Threat Dragon to create data-flow diagrams, apply STRIDE/LINDDUN threat classifications, and generate threat-model reports to guide secure design revi
DAG Diagnosis (Airflow)
Structured root-cause diagnosis for failed Airflow DAGs with actionable fixes, impact assessment, and prevention recommendations.
Observe WhatsApp
Operational diagnostics for WhatsApp: inspect message delivery, webhook deliveries/retries, triage API errors, and run phone-number health checks.