
from mitre-attack-agent-skills18
Defensive analysis and guidance for MITRE ATT&CK technique T1098 (Account Manipulation): detection, triage, hunting, and mitigation planning for enterprise envi
Provides a defensive-focused skill that analyzes MITRE ATT&CK technique T1098 (Account Manipulation). It helps the agent map evidence to the ATT&CK technique, produce detection hypotheses, create triage and hunt plans, and generate mitigation and containment recommendations. The skill bundles structured metadata, templates, and rendering scripts to produce concise defensive briefs.
Use this skill when investigating account manipulation behaviors, planning detection logic for account-related TTPs, drafting threat-hunting playbooks, conducting incident-response mapping, or preparing controlled adversary-emulation exercises. It's intended for defensive analysts and detection engineers seeking ATT&CK-mapped outputs.
scripts/render_brief.py (render detection briefs)references/technique-profile.json, references/detection-and-mitigation.md, references/known-threat-context.mdBest used by agents that can run local scripts and produce structured text outputs (automation-capable assistants used for security analysis, e.g., code-capable agents and automation runners).
MITRE ATT&CK T1098 (Account Manipulation) defensive analysis skill with clean SKILL.md and one bundled script (render_brief.py). The script is a straightforward JSON-to-Markdown renderer that crashed because its bundled references/technique-profile.json was not available in the test sandbox. No security concerns — purely defensive guidance with explicit safety guardrails. Well-structured frontmatter and resource organization.
Part of the santosomar/mitre-attack-agent-skills collection. Purely defensive/security-oriented skill. Script failure is due to missing bundled data file, not a code defect. Clean, no security issues.
MITRE ATT&CK — T1569.001 Launchctl
Defensive analysis skill for MITRE ATT&CK T1569.001 (Launchctl): detection, triage, and mitigation guidance for macOS adversary activity.
MITRE ATT&CK T1557.001: Name Resolution Poisoning & SMB Relay
Defensive analysis skill for MITRE ATT&CK T1557.001: helps triage, detection engineering, hunting, and incident response for name-resolution poisoning and SMB r
ATT&CK T1560.003 — Archive via Custom Method
Defensive analysis skill for MITRE ATT&CK T1560.003: helps map observations, produce detection ideas, and create triage and mitigation briefs for custom archive
MITRE ATT&CK — Hidden Files & Directories (T1564.001)
Defensive analysis aid for MITRE ATT&CK T1564.001 to help triage, detection engineering, hunting, and incident response around hidden files and directories.
MITRE ATT&CK T1633.001 — System Checks
Defensive analysis skill for MITRE ATT&CK T1633.001 (System Checks) — aids triage, detection engineering, hunting, and emulation planning for mobile platforms.