
from Anthropic Cybersecurity Skills23,316
Guides procurement, evaluation, and proof-of-concept testing for Threat Intelligence Platforms (MISP, OpenCTI, ThreatConnect, Anomali, EclecticIQ) based on inte
Provides a practical, structured evaluation workflow for selecting and implementing Threat Intelligence Platforms (TIPs). The skill defines mandatory and desired criteria (STIX/TAXII support, API capabilities, SIEM/EDR/SOAR integrations, deduplication, RBAC), outlines vendor pros/cons for MISP, OpenCTI, ThreatConnect, Anomali, and EclecticIQ, and prescribes PoC tests, weighted scoring matrices, and a 90-day implementation plan.
Use this skill when running an RFP or procurement for a TIP, planning migration between platforms, or validating whether an existing TIP meets organizational maturity and integration needs. Not intended for standalone feed-quality analysis.
Designed for security-focused agents and integrations (Claude Code, Codex CLI, Copilot, Cursor, other agent runtimes that perform security procurement tasks).
TIP evaluation skill with a weighted scoring matrix and comparison report generator. Script ran successfully, producing a ranked comparison of MISP, OpenCTI, and ThreatConnect. SSL verification is disabled by default in test_misp_api and test_opencti_api (verify_ssl=False), and API keys are accepted via env vars or CLI args — moderate security concerns but not malicious. Code is functional but uses deprecated datetime.utcnow() and has hardcoded sample scores rather than dynamic evaluation.
The skill is a structured evaluation guide for TIP procurement — genuinely useful for security teams doing vendor selection. The script is a scoring calculator, not an automated assessor. SSL-verify=False default is a real concern for a cybersecurity skill. Niche audience (CTI program managers), not broadly applicable.
Analyzing Ransomware Leak Site Intelligence
Collect and analyze ransomware data-leak site (DLS) postings to extract victim, group, sector, and timeline intelligence for threat hunting and risk assessment.
Performing Threat Modeling with OWASP Threat Dragon
Use OWASP Threat Dragon to create data-flow diagrams, apply STRIDE/LINDDUN threat classifications, and generate threat-model reports to guide secure design revi
Testing for XSS Vulnerabilities with Burp Suite
Guided workflow to identify, validate, and document reflected, stored, and DOM-based XSS using Burp Suite (scanner, repeater, intruder, DOM Invader).
Hunting for Cobalt Strike Beacons
Detect Cobalt Strike beacon network activity using TLS certificate signatures, JA3/JA3S/JARM fingerprints, HTTP profile matching, and timing analysis in Zeek/Su
Conducting Domain Persistence with DCSync
Guided procedures to identify DCSync-capable accounts and extract Active Directory credential hashes (KRBTGT, admin) for authorized red-team testing and validat
Testing for JSON Web Token (JWT) Vulnerabilities
Techniques and checks to find and exploit common JWT misconfigurations (alg none, alg confusion, kid/JKU injection, weak secrets).
NIST SP 800-30 Cyber Risk Assessment
Conducts comprehensive cybersecurity risk assessments using the NIST SP 800-30 Rev 1 methodology to identify threats, vulnerabilities, and impact.