
from mitre-attack-agent-skills18
Defensive analysis skill for MITRE ATT&CK T1569.001 (Launchctl): detection, triage, and mitigation guidance for macOS adversary activity.
Provides structured defensive analysis and reporting for the MITRE ATT&CK sub-technique T1569.001 (Launchctl). The skill maps observations to ATT&CK concepts, suggests telemetry sources and detection logic, and produces templates for detection briefs, hunt plans, and incident-response notes.
Use this skill when investigating macOS activity that may involve launchctl, when building detection rules or telemetry collection for Launch Agents/Daemons, during threat-hunting focused on execution techniques, or when preparing controlled adversary-emulation exercises that require safe, defensive-only guidance.
scripts/ for generating briefs (has_scripts=true).references/ and templates/ (has_references=true).Designed for defensive/security analysis agents and research assistants with code and markdown capabilities (Copilot/Code assistants, Codex-style agents, and CLI-capable models).
Defensive analysis skill for MITRE ATT&CK T1569.001 (Launchctl) on macOS. SKILL.md is well-structured with clear triggers, workflow steps, and bundled resource references. The single script (render_brief.py) reads a local JSON profile and renders Markdown, but fails when the references/ directory isn't present alongside it — a portability issue. No security concerns; the script is purely local file I/O with no network calls or destructive operations.
Part of the santosomar/mitre-attack-agent-skills repo — a collection of ATT&CK technique skills. Well-organized SKILL.md with frontmatter, agent workflow, detection guidance, and templates. The render_brief.py script is a simple local Markdown generator with no security issues. Main weakness is the script's dependency on an unbundled reference file, causing it to crash in isolation.
MITRE ATT&CK T1098 — Account Manipulation
Defensive analysis and guidance for MITRE ATT&CK technique T1098 (Account Manipulation): detection, triage, hunting, and mitigation planning for enterprise envi
MITRE ATT&CK T1557.001: Name Resolution Poisoning & SMB Relay
Defensive analysis skill for MITRE ATT&CK T1557.001: helps triage, detection engineering, hunting, and incident response for name-resolution poisoning and SMB r
ATT&CK T1560.003 — Archive via Custom Method
Defensive analysis skill for MITRE ATT&CK T1560.003: helps map observations, produce detection ideas, and create triage and mitigation briefs for custom archive
MITRE ATT&CK — Hidden Files & Directories (T1564.001)
Defensive analysis aid for MITRE ATT&CK T1564.001 to help triage, detection engineering, hunting, and incident response around hidden files and directories.
MITRE ATT&CK T1633.001 — System Checks
Defensive analysis skill for MITRE ATT&CK T1633.001 (System Checks) — aids triage, detection engineering, hunting, and emulation planning for mobile platforms.