Stats
Actions
Tags
Detects T1547.001 Windows startup folder persistence by monitoring suspicious file creations, analyzing autoruns entries, and using Python watchdog for real-time filesystem monitoring.
How this skill is triggered — by the user, by Claude, or both
Slash command
/cybersecurity-skills-zh:hunting-for-startup-folder-persistenceThe summary Claude sees in its skill listing — used to decide when to auto-load this skill
攻击者使用 Windows 启动文件夹实现持久化(MITRE ATT&CK T1547.001——启动或登录自动启动执行:注册表 Run 键/启动文件夹)。放置在 `%APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup` 或 `C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup` 中的文件会在用户登录时自动执行。本技能扫描启动目录中的可疑文件,使用 Python watchdog 实时监控变化,并分析文件元数据以检测持久化植入物。
攻击者使用 Windows 启动文件夹实现持久化(MITRE ATT&CK T1547.001——启动或登录自动启动执行:注册表 Run 键/启动文件夹)。放置在 %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup 或 C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup 中的文件会在用户登录时自动执行。本技能扫描启动目录中的可疑文件,使用 Python watchdog 实时监控变化,并分析文件元数据以检测持久化植入物。
watchdog、pefile(可选,用于 PE 分析)npx claudepluginhub killvxk/cybersecurity-skills-zhDetects T1547.001 startup folder persistence by scanning startup directories for suspicious files, analyzing autoruns entries, and monitoring filesystem changes with Python watchdog.
Detects T1547.001 startup folder persistence by scanning startup directories for suspicious files, analyzing autoruns entries, and monitoring filesystem changes with Python watchdog.
Detects T1547.001 startup folder persistence by scanning Windows startup directories for suspicious files, analyzing autoruns entries, and real-time monitoring with Python watchdog.