Stats
Actions
Tags
Hunts Webshell deployments on internet-facing servers by analyzing web directory file creations, web server process anomalies, and HTTP patterns. Useful for threat hunting, incident response, and security assessments.
How this skill is triggered — by the user, by Claude, or both
Slash command
/cybersecurity-skills-zh:hunting-for-webshell-activityThe summary Claude sees in its skill listing — used to decide when to auto-load this skill
- 主动狩猎环境中 Webshell 活动指标时
| 概念 | 描述 |
|---|---|
| T1505.003 | Web Shell |
| T1190 | 利用面向公众的应用程序 |
| T1059.001 | PowerShell |
| 工具 | 用途 |
|---|---|
| CrowdStrike Falcon | EDR 遥测和威胁检测 |
| Microsoft Defender for Endpoint | 基于 KQL 的高级狩猎 |
| Splunk Enterprise | 使用 SPL 查询的 SIEM 日志分析 |
| Elastic Security | 检测规则和调查时间线 |
| Sysmon | 详细的 Windows 事件监控 |
| Velociraptor | 终端工件收集和狩猎 |
| Sigma Rules | 跨平台检测规则格式 |
狩猎 ID:TH-HUNTIN-[日期]-[序号]
技术:T1505.003
主机:[主机名]
用户:[账户上下文]
证据:[日志条目、进程树、网络数据]
风险等级:[严重/高/中/低]
置信度:[高/中/低]
建议措施:[遏制、调查、监控]
npx claudepluginhub killvxk/cybersecurity-skills-zhHunts for web shell deployments on internet-facing servers by analyzing file creation in web directories, suspicious process spawning, and anomalous HTTP patterns.
Hunts for web shell deployments on internet-facing servers using EDR and SIEM telemetry. Analyzes file creation, suspicious process spawning, and HTTP patterns.
Hunts for web shell deployments on internet-facing servers by analyzing file creation in web directories, suspicious process spawning from web servers, and anomalous HTTP patterns. Useful for threat hunting and incident response.