Computer Network Support Specialists

Executes structured recovery from a ransomware incident following NIST and CISA frameworks, including environment isolation, forensic evidence preservation, clean infrastructure rebuild, prioritized system restoration from verified backups, credential reset, and validation against re-infection. Covers Active Directory recovery, database restoration, and application stack rebuild in dependency order. Activates for requests involving ransomware recovery, post-encryption restoration, or disaster recovery from ransomware.

Hunting For Persistence Mechanisms In Windows

Systematically hunt for adversary persistence mechanisms across Windows endpoints including registry, services, startup folders, and WMI subscriptions.

Performing Network Traffic Analysis With Tshark

Automate network traffic analysis using tshark and pyshark for protocol statistics, suspicious flow detection, DNS anomaly identification, and IOC extraction from PCAP files

Detecting Cryptomining In Cloud

This skill teaches security teams how to detect and respond to unauthorized cryptocurrency mining operations in cloud environments. It covers identifying cryptomining indicators through compute usage anomalies, network traffic patterns to mining pools, GuardDuty CryptoCurrency findings, and runtime process monitoring on EC2, ECS, EKS, and Azure Automation workloads.

Analyzing Malware Sandbox Evasion Techniques

Detect sandbox evasion techniques in malware samples by analyzing timing checks, VM artifact queries, user interaction detection, and sleep inflation patterns from Cuckoo/AnyRun behavioral reports

Analyzing Docker Container Forensics

Investigate compromised Docker containers by analyzing images, layers, volumes, logs, and runtime artifacts to identify malicious activity and evidence.

架构模式

Building Detection Rules With Sigma

Builds vendor-agnostic detection rules using the Sigma rule format for threat detection across SIEM platforms including Splunk, Elastic, and Microsoft Sentinel. Use when creating portable detection logic from threat intelligence, mapping rules to MITRE ATT&CK techniques, or converting community Sigma rules into platform-specific queries using sigmac or pySigma backends.

Hunting For Ntlm Relay Attacks

Detect NTLM relay attacks by analyzing Windows Event 4624 logon type 3 with NTLMSSP authentication, identifying IP-to-hostname mismatches, Responder traffic signatures, SMB signing status, and suspicious authentication patterns across the domain.

Implementing Ransomware Kill Switch Detection

Detects and exploits ransomware kill switch mechanisms including mutex-based execution guards, domain-based kill switches, and registry-based termination checks. Implements proactive mutex vaccination and kill switch domain monitoring to prevent ransomware from executing. Activates for requests involving ransomware kill switch analysis, mutex vaccination, WannaCry-style domain kill switches, or malware execution guard detection.

Performing Network Packet Capture Analysis

Perform forensic analysis of network packet captures (PCAP/PCAPNG) using Wireshark, tshark, and tcpdump to reconstruct network communications, extract transferred files, identify malicious traffic, and establish evidence of data exfiltration or command-and-control activity.

Analyzing Tls Certificate Transparency Logs

Queries Certificate Transparency logs via crt.sh and pycrtsh to detect phishing domains, unauthorized certificate issuance, and shadow IT. Monitors newly issued certificates for typosquatting and brand impersonation using Levenshtein distance. Use for proactive phishing domain detection and certificate monitoring.

生物信息学

Analyzing Windows Lnk Files For Artifacts

Parse Windows LNK shortcut files to extract target paths, timestamps, volume information, and machine identifiers for forensic timeline reconstruction.

Analyzing Network Packets With Scapy

Craft, send, sniff, and dissect network packets using Scapy for protocol analysis, network reconnaissance, and traffic anomaly detection in authorized security testing

Exploiting Ipv6 Vulnerabilities

Identifies and exploits IPv6-specific vulnerabilities including SLAAC spoofing, Router Advertisement flooding, and IPv6 tunneling during authorized assessments to test dual-stack security controls and IPv6-aware network defenses.

域名与 DNS 工具

Ip

聚合数据IP归属地查询V3.0，支持IPv4查询国家/省份/城市/运营商

openclaw4.2k

系统管理

Ssh Essentials

Essential SSH commands for secure remote access, key management, tunneling, and file transfers.

openclaw4.2k

系统管理

Hilink Lte

Control Huawei HiLink USB LTE modems (E3372, E8372, etc.) via REST API. Send/receive SMS, check signal strength, manage SIM PIN, query prepaid balance, and monitor connection status. Use when sending or reading SMS messages, checking LTE signal/status, entering SIM PIN, querying mobile balance (USSD), or managing a HiLink USB modem.

openclaw4.2k

Network Proxy

Helps when network-related commands (like curl, git, npm, pip, brew) are failing, timing out, or running slowly due to network issues. It suggests and applies proxy environment variables to fix connectivity problems.

didi3.9k

系统管理

Ephemeral Erigon Instance

Run an ephemeral Erigon instance with a temporary datadir. Use this whenever the user wants to spin up a temporary, throwaway, or sandboxed Erigon node for quick testing, launch a second Erigon instance alongside an existing one, clone a datadir into a temp copy for safe experimentation, or find and clean up leftover ephemeral datadirs and processes from previous sessions. Handles port conflict detection and automatic port offsetting. Trigger on any mention of temporary/throwaway/ephemeral/disposable Erigon instances, running erigon briefly for testing or debugging, starting a second/additional erigon node, or cleaning up old temp erigon data.

erigontech3.6k

Debug Crash Dump

Download and analyze crash dumps from CI failures using CDB/WinDbg. Use this skill when asked to debug crashes, analyze dump files, set up WinDbg/CDB, investigate fault injection failures, or start mcp-windbg.

microsoft3.5k

Device Log

Use for pulling recent Blokada app logs from a connected device, using the same share-log file exposed in Settings. Trigger when Codex needs the most recent app log lines for debugging, wants logs from the last hour or today, or needs a manual operator workflow for recent device logs without going through Appium UI automation.

blokadaorg3.2k

Chrome Cdp

Interact with local Chrome browser session (only on explicit user approval after being asked to inspect, debug, or interact with a page open in Chrome)

pasky2.9k

知识库

Hex Debug Bundle

Collect Hex debug evidence for support tickets and troubleshooting. Use when encountering persistent issues, preparing support tickets, or collecting diagnostic information for Hex problems. Trigger with phrases like "hex debug", "hex support bundle", "collect hex logs", "hex diagnostic".

Deepgram Common Errors

Diagnose and fix common Deepgram errors and issues. Use when troubleshooting Deepgram API errors, debugging transcription failures, or resolving integration issues. Trigger: "deepgram error", "deepgram not working", "fix deepgram", "deepgram troubleshoot", "transcription failed", "deepgram 401".

HubSpot Debug Bundle

Collect HubSpot debug evidence for support tickets and troubleshooting. Use when encountering persistent issues, preparing support tickets, or collecting diagnostic information for HubSpot API problems. Trigger with phrases like "hubspot debug", "hubspot support bundle", "collect hubspot logs", "hubspot diagnostic", "hubspot correlation id".

Exa Observability

Set up monitoring, metrics, and alerting for Exa search integrations. Use when implementing monitoring for Exa operations, building dashboards, or configuring alerting for search quality and latency. Trigger with phrases like "exa monitoring", "exa metrics", "exa observability", "monitor exa", "exa alerts", "exa dashboard".

Miro Debug Bundle

Collect Miro REST API v2 diagnostic evidence for support tickets. Use when encountering persistent issues, preparing support tickets, or collecting diagnostic information for Miro integration problems. Trigger with phrases like "miro debug", "miro support bundle", "collect miro logs", "miro diagnostic", "miro support ticket".

大语言模型与 AI

Retellai Debug Bundle

Retell AI debug bundle — AI voice agent and phone call automation. Use when working with Retell AI for voice agents, phone calls, or telephony. Trigger with phrases like "retell debug bundle", "retellai-debug-bundle", "voice agent".

大语言模型与 AI

Overview

Diagnose and fix Instantly.ai API v2 common errors and exceptions. Use when encountering Instantly errors, debugging failed requests, or troubleshooting campaign/account/lead issues. Trigger with phrases like "instantly error", "instantly 401", "instantly 429", "instantly api failed", "instantly debug", "instantly troubleshoot".