Stats
Actions
Tags
Detects process injection techniques (MITRE T1055) via Sysmon events ID 8/10 and EDR telemetry, including CreateRemoteThread, process hollowing, and DLL injection for threat hunting.
How this skill is triggered — by the user, by Claude, or both
Slash command
/cybersecurity-skills-zh:hunting-for-process-injection-techniquesThe summary Claude sees in its skill listing — used to decide when to auto-load this skill
进程注入(MITRE ATT&CK T1055)允许攻击者在另一进程的地址空间中执行代码,从而实现防御规避和权限提升。本技能通过 Sysmon 事件 ID 8(CreateRemoteThread)、事件 ID 10(具有可疑访问权限的 ProcessAccess)以及分析源进程与目标进程关系来区分合法注入与恶意注入,从而检测注入技术。
进程注入(MITRE ATT&CK T1055)允许攻击者在另一进程的地址空间中执行代码,从而实现防御规避和权限提升。本技能通过 Sysmon 事件 ID 8(CreateRemoteThread)、事件 ID 10(具有可疑访问权限的 ProcessAccess)以及分析源进程与目标进程关系来区分合法注入与恶意注入,从而检测注入技术。
npx claudepluginhub killvxk/cybersecurity-skills-zhDetects process injection techniques (T1055) like CreateRemoteThread, process hollowing, and DLL injection using Sysmon Event IDs 8/10 and EDR telemetry. For threat hunting in security incidents.
Detects process injection techniques (T1055) via Sysmon Event IDs 8 and 10 and EDR telemetry. Guides SOC analysts in hunting, scoring, and reporting injection events.
Detects process injection techniques (T1055) via Sysmon Event IDs 8 and 10 and EDR telemetry. Generates scored JSON reports with MITRE sub-technique mapping.