Stats
Actions
Tags
Detects NTFS timestomping (MITRE T1070.006) by comparing MFT $STANDARD_INFORMATION and $FILE_NAME timestamps using analyzeMFT and Python. For threat hunting anti-forensic activity.
How this skill is triggered — by the user, by Claude, or both
Slash command
/cybersecurity-skills-zh:hunting-for-defense-evasion-via-timestompingThe summary Claude sees in its skill listing — used to decide when to auto-load this skill
通过分析 NTFS MFT 条目中 $STANDARD_INFORMATION 和 $FILE_NAME 属性之间的差异来检测时间戳篡改。
通过分析 NTFS MFT 条目中 $STANDARD_INFORMATION 和 $FILE_NAME 属性之间的差异来检测时间戳篡改。
npx claudepluginhub killvxk/cybersecurity-skills-zhDetects NTFS timestomping (MITRE T1070.006) by comparing $STANDARD_INFORMATION and $FILE_NAME timestamps in MFT using analyzeMFT, MFTECmd, and Python. For threat hunting defense evasion on Windows systems.
Detects NTFS timestamp manipulation (MITRE T1070.006) by comparing MFT $STANDARD_INFORMATION vs $FILE_NAME timestamps using analyzeMFT and Python. Useful for threat hunting and anti-forensic investigation.
Detects NTFS timestamp manipulation (MITRE T1070.006) by comparing MFT $STANDARD_INFORMATION vs $FILE_NAME timestamps using analyzeMFT and Python. Useful for threat hunting and anti-forensic investigation.