Stats
Actions
Tags
Hunts attackers abusing Azure, AWS, GCP, and SaaS platforms for C2, data staging, and exfiltration. Guides EDR/SIEM queries for proactive threat hunting and incident response.
How this skill is triggered — by the user, by Claude, or both
Slash command
/cybersecurity-skills-zh:hunting-for-living-off-the-cloud-techniquesThe summary Claude sees in its skill listing — used to decide when to auto-load this skill
- 主动狩猎环境中的云寄生技术指标时
| 概念 | 描述 |
|---|---|
| T1102 | Web 服务 |
| T1567 | 通过 Web 服务外泄数据 |
| T1537 | 将数据转移至云账户 |
| 工具 | 用途 |
|---|---|
| CrowdStrike Falcon | EDR 遥测和威胁检测 |
| Microsoft Defender for Endpoint | 使用 KQL 进行高级威胁狩猎 |
| Splunk Enterprise | 使用 SPL 查询的 SIEM 日志分析 |
| Elastic Security | 检测规则和调查时间线 |
| Sysmon | 详细的 Windows 事件监控 |
| Velociraptor | 终端取证采集和狩猎 |
| Sigma Rules | 跨平台检测规则格式 |
狩猎 ID:TH-HUNTIN-[日期]-[序号]
技术:T1102
主机:[主机名]
用户:[账户上下文]
证据:[日志条目、进程树、网络数据]
风险等级:[严重/高/中/低]
置信度:[高/中/低]
建议操作:[遏制、调查、监控]
npx claudepluginhub killvxk/cybersecurity-skills-zhHunt for adversary abuse of legitimate cloud services for C2, data staging, and exfiltration across Azure, AWS, GCP, and SaaS platforms using EDR/SIEM tools like CrowdStrike, Splunk, and MDE.
Hunts adversary abuse of AWS, Azure, GCP, and SaaS platforms for C2, data staging, exfiltration. Useful for threat hunting, incident response, and security assessments.
Hunts for adversary abuse of legitimate cloud services (Azure, AWS, GCP, SaaS) for C2, data staging, and exfiltration using EDR/SIEM telemetry and threat intelligence.