from MITRE ATT&CK Agent Skills13
Defensive analysis skill for MITRE ATT&CK T1557.001: helps triage, detection engineering, hunting, and incident response for name-resolution poisoning and SMB r
This skill packages MITRE ATT&CK T1557.001 guidance into an agent-ready capability: it helps analysts and detection engineers map evidence to the Name Resolution Poisoning and SMB Relay technique, produce detection logic, create hunt plans, and generate defensive briefs. The skill includes structured metadata, detection and mitigation notes, templates for reports and hunt plans, and helper scripts to render briefs.
Use this skill when you need to: triage potential T1557.001 activity from logs or alerts; design telemetry and detection rules; plan defensive emulation or authorized lab validation; or produce a clear mitigation and incident-response plan focused on LLMNR/NBT-NS/mDNS and SMB-related credential relay concerns. It is explicitly defensive and avoids providing offensive exploitation steps.
Best used with agents that can run local scripts and render Markdown outputs (e.g., Copilot/Code assistants, CLI-enabled agents, or any agent with file/script execution capability).
This skill has not been reviewed by our automated audit pipeline yet.
MITRE ATT&CK T1098 — Account Manipulation
Defensive analysis and guidance for MITRE ATT&CK technique T1098 (Account Manipulation): detection, triage, hunting, and mitigation planning for enterprise envi
MITRE ATT&CK — T1569.001 Launchctl
Defensive analysis skill for MITRE ATT&CK T1569.001 (Launchctl): detection, triage, and mitigation guidance for macOS adversary activity.
