MCP App StoreMCP App StoreThis skill documents a repeatable workflow for constructing threat-hunting hypotheses: scope a testable hypothesis tied to ATT&CK techniques, identify data sources, run queries across EDR/SIEM, validate results, and produce an evidence-backed hunt report. It emphasizes verifiable, falsifiable hypotheses and documenting coverage.
Use this during proactive threat hunting, purple-team exercises, incident response scoping, or when threat intelligence suggests new TTPs to validate. Also useful for coverage gap analysis to prioritize instrumentation.
Relevant to security automation and hunting toolchains that can query EDR/SIEM platforms and run endpoint tests (Velociraptor, SIEM hunt runners, custom automation).
This skill has not been reviewed by our automated audit pipeline yet.
Analyzing Ransomware Leak Site Intelligence
Collect and analyze ransomware data-leak site (DLS) posts to extract victim, group, sector and geographic trends for threat intelligence and proactive defense.
Analyzing Ransomware Leak Site Intelligence
Collect and analyze ransomware data-leak site (DLS) postings to extract victim, group, sector, and timeline intelligence for threat hunting and risk assessment.
Evaluating Threat Intelligence Platforms
Guides procurement, evaluation, and proof-of-concept testing for Threat Intelligence Platforms (MISP, OpenCTI, ThreatConnect, Anomali, EclecticIQ) based on inte
Performing Threat Modeling with OWASP Threat Dragon
Use OWASP Threat Dragon to create data-flow diagrams, apply STRIDE/LINDDUN threat classifications, and generate threat-model reports to guide secure design revi
DAG Diagnosis (Airflow)
Structured root-cause diagnosis for failed Airflow DAGs with actionable fixes, impact assessment, and prevention recommendations.
Observe WhatsApp
Operational diagnostics for WhatsApp: inspect message delivery, webhook deliveries/retries, triage API errors, and run phone-number health checks.
Threat Hunter — SecOps Hunt
Expert, tool-aware guidance for proactive threat hunting: formulate SIEM/UDM queries, iterate searches, enrich findings, and produce case or report outputs.
Blameless Post-Mortem
Structured, blameless incident post-mortem template that produces an executive summary, timeline, root cause analysis, and actionable remediation items.
