Skip to main content
在 Manus 中运行任何 Skill
一键导入
GitHub 仓库

awesome-dfir-skills

awesome-dfir-skills 收录了来自 tsale 的 8 个 skills,并提供仓库级职业覆盖和站内 skill 详情页。

已收集 skills
8
Stars
321
更新
2026-05-14
Forks
36
职业覆盖
1 个职业分类 · 已分类 100%
仓库浏览

这个仓库中的 skills

admiralty-system
信息安全分析师

Apply the NATO Admiralty System (AJP-2.1) to assess source reliability and information credibility in cyber threat intelligence, OSINT, and breach analysis. Use this skill whenever you need to evaluate a CTI report, breach claim, dark web forum post, threat actor advertisement, vendor blog, social media intel claim, leaked database listing, or any source plus information pair where trust matters. Trigger phrases include "assess this source", "rate this report", "is this breach real", "evaluate credibility", "source assessment", "should I trust this claim", "admiralty rating", "A1 to F6", and any review of CTI or OSINT material where you need to decide how much weight to give it. Use proactively when the user shares a breach post, threat actor claim, or vendor report and asks for analysis, even if they do not explicitly mention the Admiralty System. Also use when teaching, building courseware, or producing a training example around source evaluation.

2026-05-14
threat-actor-profiling
信息安全分析师

Build structured threat actor profiles using the 5W1H framework and the Diamond Model. Use this skill whenever the user wants to profile a threat actor, create a TA report, analyze an APT group, build an adversary profile, assess threat actor capability, map TTPs to MITRE ATT&CK for a specific group, or produce any intelligence deliverable about a threat actor. Also trigger when the user mentions threat actor names (e.g. APT29, Lazarus, FIN7), asks about victimology, modus operandi, or wants to structure threat intelligence around an adversary. This skill applies to both internal tracking profiles and incident-driven analytical deliverables.

2026-04-10
osquery-query-helper
信息安全分析师

Help users write, validate, and troubleshoot osquery SQL queries using provided osquery table schemas as the authoritative source.

2026-02-03
malware-analysis
信息安全分析师

Professional malware analysis workflow for PE executables and suspicious files. Triggers on file uploads with requests like "analyze this malware", "analyze this sample", "what does this executable do", "check this file for malware", or any request to examine suspicious files. Performs static analysis, threat intelligence triage, behavioral inference, and produces analyst-grade reports with reasoned conclusions.

2026-01-21
analysing-attack
信息安全分析师

Analyse Mitre ATT&CK tactics, techniques and sub-techniques. Use when performing analysis of threat detections, threat models, security risks or cyber threat intelligence

2026-01-08
windows-intrusion-timeline-targeted
信息安全分析师

Create a targeted intrusion timeline for a Windows incident using whatever artifacts are available (event logs, EDR, SIEM exports, triage notes).

2025-12-27
suspicious-powershell-hunt-cross-platform-ideas
信息安全分析师

Hypothesis-driven hunt plan for suspicious PowerShell, plus query snippets for common telemetry.

2025-12-27
initial-incident-intake-scoping
信息安全分析师

First-hour intake checklist + questions that produce an actionable scope and evidence plan.

2025-12-27