from mitre-attack-agent-skills12
Defensive analysis skill for MITRE ATT&CK T1560.003: helps map observations, produce detection ideas, and create triage and mitigation briefs for custom archive
This skill equips an agent to analyse and explain the ATT&CK sub-technique T1560.003 (Archive via Custom Method). It guides defensive workflows: scoping an investigation, mapping evidence to ATT&CK, producing prioritized detection suggestions, drafting incident-response notes, and creating coverage assessment or hunt-plan templates. The skill bundles machine-readable metadata, detection & mitigation notes, templates, and a small rendering script to produce a structured brief.
Use this skill when you suspect data compression/encryption or custom archival behavior prior to exfiltration, when building detection logic for collection tactics, during threat hunting focused on unusual archive/encryption patterns, or when preparing safe adversary-emulation exercises and coverage assessments. It is tailored for triage, detection engineering, hunting, mitigation planning, and incident-response mapping.
scripts/render_brief.py).Best suited for security-focused agent deployments (agents with code/script access and file reading), e.g., Claude/Copilot-style assistants or custom security automation agents that can run simple Python helpers.
This skill has not been reviewed by our automated audit pipeline yet.
MITRE ATT&CK T1098 — Account Manipulation
Defensive analysis and guidance for MITRE ATT&CK technique T1098 (Account Manipulation): detection, triage, hunting, and mitigation planning for enterprise envi
MITRE ATT&CK — T1569.001 Launchctl
Defensive analysis skill for MITRE ATT&CK T1569.001 (Launchctl): detection, triage, and mitigation guidance for macOS adversary activity.
MITRE ATT&CK T1557.001: Name Resolution Poisoning & SMB Relay
Defensive analysis skill for MITRE ATT&CK T1557.001: helps triage, detection engineering, hunting, and incident response for name-resolution poisoning and SMB r
