From cybersecurity-skills
Detect process injection techniques (T1055) including CreateRemoteThread, process hollowing, and DLL injection via Sysmon Event IDs 8 and 10 and EDR process telemetry
How this skill is triggered — by the user, by Claude, or both
Slash command
/cybersecurity-skills:hunting-for-process-injection-techniquesThe summary Claude sees in its skill listing — used to decide when to auto-load this skill
Process injection (MITRE ATT&CK T1055) allows adversaries to execute code in the address space of another process, enabling defense evasion and privilege escalation. This skill detects injection techniques via Sysmon Event ID 8 (CreateRemoteThread), Event ID 10 (ProcessAccess with suspicious access rights), and analysis of source-target process relationships to distinguish legitimate from malic...
Process injection (MITRE ATT&CK T1055) allows adversaries to execute code in the address space of another process, enabling defense evasion and privilege escalation. This skill detects injection techniques via Sysmon Event ID 8 (CreateRemoteThread), Event ID 10 (ProcessAccess with suspicious access rights), and analysis of source-target process relationships to distinguish legitimate from malicious injection.
Prevents decimal mismatch bugs across EVM chains with runtime decimal lookup, chain-aware caching, bridged-token handling, and safe normalization for bots, dashboards, and DeFi tools.
npx claudepluginhub katsiarynakavaleuskaya/anthropic-cybersecurity-skills