MCP App StoreMCP App Store
from anthropic-cybersecurity-skills14,314
Detect Cobalt Strike beacon network activity using TLS certificate signatures, JA3/JA3S/JARM fingerprints, HTTP profile matching, and timing analysis in Zeek/Su
Provides a practical detection workflow for identifying Cobalt Strike beacon callbacks in network traffic. The skill describes how to use Zeek logs, Suricata rules, and Python PCAP analysis to spot TLS certificate fingerprints, JA3/JA3S/JARM signatures, HTTP malleable profile patterns, and regular beacon timing with jitter. It combines these signals into a scored detection output for investigators and SOC analysts.
Use this skill during threat hunting, incident response, or monitoring validation when you suspect command-and-control (C2) activity or want to improve detection coverage for Cobalt Strike. It is useful for SOC playbooks, building IDS rules, and post-incident network forensics.
Based on repo and readme, this skill is compatible with threat-hunting and automation tooling and can be used by Claude Code, GitHub Copilot/Codex workflows, and CLI-based automation (Python scripts).
This skill has not been reviewed by our automated audit pipeline yet.
Analyzing Ransomware Leak Site Intelligence
Collect and analyze ransomware data-leak site (DLS) postings to extract victim, group, sector, and timeline intelligence for threat hunting and risk assessment.
Evaluating Threat Intelligence Platforms
Guides procurement, evaluation, and proof-of-concept testing for Threat Intelligence Platforms (MISP, OpenCTI, ThreatConnect, Anomali, EclecticIQ) based on inte
Performing Threat Modeling with OWASP Threat Dragon
Use OWASP Threat Dragon to create data-flow diagrams, apply STRIDE/LINDDUN threat classifications, and generate threat-model reports to guide secure design revi
Testing for XSS Vulnerabilities with Burp Suite
Guided workflow to identify, validate, and document reflected, stored, and DOM-based XSS using Burp Suite (scanner, repeater, intruder, DOM Invader).
Analyzing Ransomware Leak Site Intelligence
Collect and analyze ransomware data-leak site (DLS) postings to extract victim, group, sector, and timeline intelligence for threat hunting and risk assessment.
Evaluating Threat Intelligence Platforms
Guides procurement, evaluation, and proof-of-concept testing for Threat Intelligence Platforms (MISP, OpenCTI, ThreatConnect, Anomali, EclecticIQ) based on inte
GNS3 Packet Capture
Start/stop packet captures on GNS3 links and retrieve PCAP files or live stream URLs for analysis.
Performing Threat Modeling with OWASP Threat Dragon
Use OWASP Threat Dragon to create data-flow diagrams, apply STRIDE/LINDDUN threat classifications, and generate threat-model reports to guide secure design revi
Threat Hunter — SecOps Hunt
Expert, tool-aware guidance for proactive threat hunting: formulate SIEM/UDM queries, iterate searches, enrich findings, and produce case or report outputs.
Tabletop Exercise Designer
Design and generate CISA-aligned cybersecurity tabletop exercises, facilitator guides, participant materials, technical atomics, and SOP gap analyses for incide
Packet Capture Analysis
Analyze pcap/pcapng captures to produce protocol summaries, evidence-backed IP labeling, PNG visualizations and a structured Markdown report.
Scanner Skill — Decepticon
High-volume codebase scanner that shards work, ranks suspicious locations, and promotes a concise set of candidates for deeper analysis.