Stats
Actions
Tags
Detects domain fronting C2 traffic by analyzing proxy logs for SNI and HTTP Host mismatches, using pyOpenSSL for TLS certificate inspection and CDN provider identification. Useful for threat hunting.
How this skill is triggered — by the user, by Claude, or both
Slash command
/cybersecurity-skills-zh:hunting-for-domain-fronting-c2-trafficThe summary Claude sees in its skill listing — used to decide when to auto-load this skill
域前置(MITRE ATT&CK T1090.004)是一种攻击技术,攻击者在 TLS SNI 字段和 HTTP Host 头中使用不同的域名,将 C2 流量伪装在合法 CDN 托管域名之后。本技能通过解析代理/Web 网关日志中的 SNI-Host 头不匹配情况、分析 TLS 证书以识别 CDN 提供商、标记 SNI 指向高信誉域名但 Host 头指向攻击者控制域名的连接,以及与已知 CDN 提供商 IP 范围进行关联,来检测域前置行为。
域前置(MITRE ATT&CK T1090.004)是一种攻击技术,攻击者在 TLS SNI 字段和 HTTP Host 头中使用不同的域名,将 C2 流量伪装在合法 CDN 托管域名之后。本技能通过解析代理/Web 网关日志中的 SNI-Host 头不匹配情况、分析 TLS 证书以识别 CDN 提供商、标记 SNI 指向高信誉域名但 Host 头指向攻击者控制域名的连接,以及与已知 CDN 提供商 IP 范围进行关联,来检测域前置行为。
JSON 报告,包含检测到的域前置指标及其 SNI-Host 对、证书详情、CDN 提供商识别、置信度评分和 MITRE ATT&CK 技术映射。
npx claudepluginhub killvxk/cybersecurity-skills-zhDetect domain fronting C2 traffic by analyzing SNI vs HTTP Host header mismatches in proxy logs and TLS certificate discrepancies using pyOpenSSL for certificate inspection.
Detects domain fronting C2 traffic by analyzing SNI vs HTTP Host mismatches in proxy logs and TLS certificates using pyOpenSSL. For threat hunting and network security analysis.
Detects domain fronting C2 traffic by analyzing SNI vs HTTP Host mismatches in proxy logs and TLS certificates using pyOpenSSL. For threat hunting and network security analysis.