Skip to main content
Run any Skill in Manus
with one click
GitHub repository

awesome-dfir-skills

awesome-dfir-skills contains 8 collected skills from tsale, with repository-level occupation coverage and site-owned skill detail pages.

skills collected
8
Stars
321
updated
2026-05-14
Forks
36
Occupation coverage
1 occupation categories · 100% classified
repository explorer

Skills in this repository

admiralty-system
information-security-analysts

Apply the NATO Admiralty System (AJP-2.1) to assess source reliability and information credibility in cyber threat intelligence, OSINT, and breach analysis. Use this skill whenever you need to evaluate a CTI report, breach claim, dark web forum post, threat actor advertisement, vendor blog, social media intel claim, leaked database listing, or any source plus information pair where trust matters. Trigger phrases include "assess this source", "rate this report", "is this breach real", "evaluate credibility", "source assessment", "should I trust this claim", "admiralty rating", "A1 to F6", and any review of CTI or OSINT material where you need to decide how much weight to give it. Use proactively when the user shares a breach post, threat actor claim, or vendor report and asks for analysis, even if they do not explicitly mention the Admiralty System. Also use when teaching, building courseware, or producing a training example around source evaluation.

2026-05-14
threat-actor-profiling
information-security-analysts

Build structured threat actor profiles using the 5W1H framework and the Diamond Model. Use this skill whenever the user wants to profile a threat actor, create a TA report, analyze an APT group, build an adversary profile, assess threat actor capability, map TTPs to MITRE ATT&CK for a specific group, or produce any intelligence deliverable about a threat actor. Also trigger when the user mentions threat actor names (e.g. APT29, Lazarus, FIN7), asks about victimology, modus operandi, or wants to structure threat intelligence around an adversary. This skill applies to both internal tracking profiles and incident-driven analytical deliverables.

2026-04-10
osquery-query-helper
information-security-analysts

Help users write, validate, and troubleshoot osquery SQL queries using provided osquery table schemas as the authoritative source.

2026-02-03
malware-analysis
information-security-analysts

Professional malware analysis workflow for PE executables and suspicious files. Triggers on file uploads with requests like "analyze this malware", "analyze this sample", "what does this executable do", "check this file for malware", or any request to examine suspicious files. Performs static analysis, threat intelligence triage, behavioral inference, and produces analyst-grade reports with reasoned conclusions.

2026-01-21
analysing-attack
information-security-analysts

Analyse Mitre ATT&CK tactics, techniques and sub-techniques. Use when performing analysis of threat detections, threat models, security risks or cyber threat intelligence

2026-01-08
windows-intrusion-timeline-targeted
information-security-analysts

Create a targeted intrusion timeline for a Windows incident using whatever artifacts are available (event logs, EDR, SIEM exports, triage notes).

2025-12-27
suspicious-powershell-hunt-cross-platform-ideas
information-security-analysts

Hypothesis-driven hunt plan for suspicious PowerShell, plus query snippets for common telemetry.

2025-12-27
initial-incident-intake-scoping
information-security-analysts

First-hour intake checklist + questions that produce an actionable scope and evidence plan.

2025-12-27
awesome-dfir-skills Agent Skills on GitHub | SkillsMP