Analyzes Zeek conn.log and NetFlow data to detect ransomware indicators: C2 beaconing patterns, TOR exit node connections, data exfiltration, and encryption key exchanges.
npx claudepluginhub killvxk/cybersecurity-skills-zhThis skill uses the workspace's default tool permissions.
在勒索软件(Ransomware)执行之前和期间,攻击者会建立 C2 通道、外泄数据并下载加密密钥。本技能分析 Zeek conn.log 和 NetFlow 数据,检测信标(Beaconing)模式(定期回调)、连接到已知 TOR 出口节点的行为、大量向外传输数据以及与勒索软件家族相关的可疑 DNS 活动。
Analyzes Zeek conn.log and NetFlow data to detect ransomware indicators: C2 beaconing, TOR connections, data exfiltration, DNS patterns, and risk scoring.
Analyzes Zeek conn.log and NetFlow data to detect ransomware indicators including C2 beaconing, TOR exit node connections, data exfiltration, and DNS patterns. For threat hunting and incident investigations.
Analyzes malware PCAPs from sandbox or incident response using Wireshark, tshark, Zeek, Suricata to detect C2 protocols, data exfiltration, DNS tunneling, payload downloads, and lateral movement.
Share bugs, ideas, or general feedback.
在勒索软件(Ransomware)执行之前和期间,攻击者会建立 C2 通道、外泄数据并下载加密密钥。本技能分析 Zeek conn.log 和 NetFlow 数据,检测信标(Beaconing)模式(定期回调)、连接到已知 TOR 出口节点的行为、大量向外传输数据以及与勒索软件家族相关的可疑 DNS 活动。