Skip to main content
تشغيل أي مهارة في Manus
بنقرة واحدة
مستودع GitHub

awesome-dfir-skills

يحتوي awesome-dfir-skills على 8 من skills المجمعة من tsale، مع تغطية مهنية على مستوى المستودع وصفحات skill داخل الموقع.

skills مجمعة
8
Stars
321
محدث
2026-05-14
Forks
36
التغطية المهنية
1 فئات مهنية · 100% مصنفة
مستكشف المستودعات

Skills في هذا المستودع

admiralty-system
محللو أمن المعلومات

Apply the NATO Admiralty System (AJP-2.1) to assess source reliability and information credibility in cyber threat intelligence, OSINT, and breach analysis. Use this skill whenever you need to evaluate a CTI report, breach claim, dark web forum post, threat actor advertisement, vendor blog, social media intel claim, leaked database listing, or any source plus information pair where trust matters. Trigger phrases include "assess this source", "rate this report", "is this breach real", "evaluate credibility", "source assessment", "should I trust this claim", "admiralty rating", "A1 to F6", and any review of CTI or OSINT material where you need to decide how much weight to give it. Use proactively when the user shares a breach post, threat actor claim, or vendor report and asks for analysis, even if they do not explicitly mention the Admiralty System. Also use when teaching, building courseware, or producing a training example around source evaluation.

2026-05-14
threat-actor-profiling
محللو أمن المعلومات

Build structured threat actor profiles using the 5W1H framework and the Diamond Model. Use this skill whenever the user wants to profile a threat actor, create a TA report, analyze an APT group, build an adversary profile, assess threat actor capability, map TTPs to MITRE ATT&CK for a specific group, or produce any intelligence deliverable about a threat actor. Also trigger when the user mentions threat actor names (e.g. APT29, Lazarus, FIN7), asks about victimology, modus operandi, or wants to structure threat intelligence around an adversary. This skill applies to both internal tracking profiles and incident-driven analytical deliverables.

2026-04-10
osquery-query-helper
محللو أمن المعلومات

Help users write, validate, and troubleshoot osquery SQL queries using provided osquery table schemas as the authoritative source.

2026-02-03
malware-analysis
محللو أمن المعلومات

Professional malware analysis workflow for PE executables and suspicious files. Triggers on file uploads with requests like "analyze this malware", "analyze this sample", "what does this executable do", "check this file for malware", or any request to examine suspicious files. Performs static analysis, threat intelligence triage, behavioral inference, and produces analyst-grade reports with reasoned conclusions.

2026-01-21
analysing-attack
محللو أمن المعلومات

Analyse Mitre ATT&CK tactics, techniques and sub-techniques. Use when performing analysis of threat detections, threat models, security risks or cyber threat intelligence

2026-01-08
windows-intrusion-timeline-targeted
محللو أمن المعلومات

Create a targeted intrusion timeline for a Windows incident using whatever artifacts are available (event logs, EDR, SIEM exports, triage notes).

2025-12-27
suspicious-powershell-hunt-cross-platform-ideas
محللو أمن المعلومات

Hypothesis-driven hunt plan for suspicious PowerShell, plus query snippets for common telemetry.

2025-12-27
initial-incident-intake-scoping
محللو أمن المعلومات

First-hour intake checklist + questions that produce an actionable scope and evidence plan.

2025-12-27