From asi
Detects suspicious Windows service installations (MITRE ATT&CK T1543.003) by parsing System event logs for Event ID 7045, analyzing binary paths, and identifying persistence indicators. Useful for threat hunting and incident response.
npx claudepluginhub plurigrid/asi --plugin asiThis skill uses the workspace's default tool permissions.
Attackers frequently install malicious Windows services for persistence and privilege escalation (MITRE ATT&CK T1543.003 — Create or Modify System Process: Windows Service). Event ID 7045 in the System event log records every new service installation. This skill parses .evtx log files to extract service installation events, flags suspicious binary paths (temp directories, PowerShell, cmd.exe, e...
Parses Windows System event logs for Event ID 7045 to detect suspicious service installations, analyzes binary paths for persistence indicators (MITRE T1543.003), and generates risk reports.
Detects suspicious Windows service installations by parsing event ID 7045 from System.evtx logs, analyzing binary paths and PowerShell patterns for persistence (MITRE T1543.003). Useful for threat hunting.
Extracts, parses, and analyzes Windows Event Logs (EVTX) using Chainsaw, Hayabusa, and EvtxECmd to detect lateral movement, persistence, and privilege escalation in incidents.
Share bugs, ideas, or general feedback.
Attackers frequently install malicious Windows services for persistence and privilege escalation (MITRE ATT&CK T1543.003 — Create or Modify System Process: Windows Service). Event ID 7045 in the System event log records every new service installation. This skill parses .evtx log files to extract service installation events, flags suspicious binary paths (temp directories, PowerShell, cmd.exe, encoded commands), and correlates with known attack patterns.
python-evtx, lxml