Loading...
Loading...
Found 27 Skills
Cyber Threat Intelligence gathering, IOC extraction, threat analysis, and intelligence reporting. Process threat data and produce actionable intelligence. Use for CTI work, threat research, and intelligence dissemination.
Analyzes structured and unstructured threat intelligence feeds to extract actionable indicators, adversary tactics, and campaign context. Use when ingesting commercial or open-source CTI feeds, evaluating feed quality, normalizing data into STIX 2.1 format, or enriching existing IOCs with campaign attribution. Activates for requests involving ThreatConnect, Recorded Future, Mandiant Advantage, MISP, AlienVault OTX, or automated feed aggregation pipelines.
Expert malware analyst specializing in defensive malware research, threat intelligence, and incident response. Masters sandbox analysis, behavioral analysis, and malware family identification. Handles static/dynamic analysis, unpacking, and IOC extraction. Use PROACTIVELY for malware triage, threat hunting, incident response, or security research.
Professional malware analysis workflow for PE executables and suspicious files. Triggers on file uploads with requests like "analyze this malware", "analyze this sample", "what does this executable do", "check this file for malware", or any request to examine suspicious files. Performs static analysis, threat intelligence triage, behavioral inference, and produces analyst-grade reports with reasoned conclusions.
Security advisory feed with automated NVD CVE polling for OpenClaw-related vulnerabilities. Updated daily.
SecurityTrails integration. Manage data, records, and automate workflows. Use when the user wants to interact with SecurityTrails data.
Extract and catalog attack patterns from cyber threat intelligence reports into a structured STIX-based library mapped to MITRE ATT&CK for detection engineering and threat-informed defense.
Guides cybersecurity deception operations using MITRE D3FEND—honeynets, decoy objects, decoy personas, and decoy credentials. Covers honeypot deployment, decoy file planting, credential baiting, and deception environment design. Use when deploying honeypots, planting decoy data, baiting credentials, or designing deception programs—not for detection (d3fend-detect), hardening (d3fend-harden), or isolation (d3fend-isolate).
Manages the end-to-end cyber threat intelligence lifecycle from planning and direction through collection, processing, analysis, dissemination, and feedback to ensure intelligence products meet stakeholder requirements and continuously improve. Use when establishing or maturing a CTI program, defining intelligence requirements with business stakeholders, or building feedback loops between intelligence consumers and producers. Activates for requests involving CTI program maturity, intelligence requirements, PIRs, or intelligence lifecycle management.
Analyzes malware command-and-control (C2) communication protocols to understand beacon patterns, command structures, data encoding, and infrastructure. Covers HTTP, HTTPS, DNS, and custom protocol C2 analysis for detection development and threat intelligence. Activates for requests involving C2 analysis, beacon detection, C2 protocol reverse engineering, or command-and-control infrastructure mapping.
Perform static analysis of malicious PDF documents using peepdf, pdfid, and pdf-parser to extract embedded JavaScript, shellcode, and suspicious objects.
Analyze advanced persistent threat (APT) group techniques using MITRE ATT&CK Navigator to create layered heatmaps of adversary TTPs for detection gap analysis and threat-informed defense.