Detects Living Off The Land (LOTL) attacks abusing legitimate Windows binaries (LOLBins) like certutil, mshta, rundll32, regsvr32. Monitors process creation, command lines, and parent-child relationships for suspicious patterns.
npx claudepluginhub killvxk/cybersecurity-skills-zhThis skill uses the workspace's default tool permissions.
监控对合法 Windows 二进制文件(LOLBin)的可疑使用,包括 certutil、mshta、rundll32、regsvr32 等,这些工具被用于无文件和离地攻击技术。
Detects LOLBin/LOLBAS abuse including certutil, regsvr32, mshta, rundll32 via Sysmon telemetry, Sigma rules, and parent-child process analysis for threat hunting.
Detects LOLBin abuse in Windows via Sysmon process monitoring, command-line analysis, and relationships. Builds SIEM rules, threat hunts fileless attacks, tunes configs.
Detects abuse of Windows LOLBins like certutil, rundll32, and mshta in living-off-the-land attacks. Analyzes Sysmon logs, process creation, command lines, and parent-child relations for SIEM rules and threat hunting.
Share bugs, ideas, or general feedback.
监控对合法 Windows 二进制文件(LOLBin)的可疑使用,包括 certutil、mshta、rundll32、regsvr32 等,这些工具被用于无文件和离地攻击技术。