
from mitre-attack-agent-skills18
Defensive analysis skill for MITRE ATT&CK T1557.001: helps triage, detection engineering, hunting, and incident response for name-resolution poisoning and SMB r
This skill packages MITRE ATT&CK T1557.001 guidance into an agent-ready capability: it helps analysts and detection engineers map evidence to the Name Resolution Poisoning and SMB Relay technique, produce detection logic, create hunt plans, and generate defensive briefs. The skill includes structured metadata, detection and mitigation notes, templates for reports and hunt plans, and helper scripts to render briefs.
Use this skill when you need to: triage potential T1557.001 activity from logs or alerts; design telemetry and detection rules; plan defensive emulation or authorized lab validation; or produce a clear mitigation and incident-response plan focused on LLMNR/NBT-NS/mDNS and SMB-related credential relay concerns. It is explicitly defensive and avoids providing offensive exploitation steps.
Best used with agents that can run local scripts and render Markdown outputs (e.g., Copilot/Code assistants, CLI-enabled agents, or any agent with file/script execution capability).
MITRE ATT&CK T1557.001 defensive analysis skill for Name Resolution Poisoning & SMB Relay. Well-structured SKILL.md with detailed technique context, detection guidance, and recommended output pattern. Bundled render_brief.py script is clean and simple but crashes because the referenced technique-profile.json and other bundled resources (references/, templates/, assets/) are not included in the skill package — only the script itself was fetched. The skill is essentially a static reference document with a non-functional helper script.
Purely defensive/educational skill focused on ATT&CK T1557.001 triage and detection. No offensive capabilities. The SKILL.md explicitly instructs agents to stay safe and not provide exploitation instructions. Script failure is due to missing bundled resources, not a code defect. Composite will be moderate-high due to strong security but limited practical usefulness.
MITRE ATT&CK T1098 — Account Manipulation
Defensive analysis and guidance for MITRE ATT&CK technique T1098 (Account Manipulation): detection, triage, hunting, and mitigation planning for enterprise envi
MITRE ATT&CK — T1569.001 Launchctl
Defensive analysis skill for MITRE ATT&CK T1569.001 (Launchctl): detection, triage, and mitigation guidance for macOS adversary activity.
ATT&CK T1560.003 — Archive via Custom Method
Defensive analysis skill for MITRE ATT&CK T1560.003: helps map observations, produce detection ideas, and create triage and mitigation briefs for custom archive
MITRE ATT&CK — Hidden Files & Directories (T1564.001)
Defensive analysis aid for MITRE ATT&CK T1564.001 to help triage, detection engineering, hunting, and incident response around hidden files and directories.
MITRE ATT&CK T1633.001 — System Checks
Defensive analysis skill for MITRE ATT&CK T1633.001 (System Checks) — aids triage, detection engineering, hunting, and emulation planning for mobile platforms.