Stats
Actions
Tags
From cybersecurity-skills
Detects credential stuffing attacks by analyzing authentication logs for login velocity anomalies, ASN diversity, password spray patterns, and geographic distribution of failed logins. Uses statistical analysis on Splunk or raw log data.
How this skill is triggered — by the user, by Claude, or both
Slash command
/cybersecurity-skills:hunting-credential-stuffing-attacksThe summary Claude sees in its skill listing — used to decide when to auto-load this skill
- When investigating security incidents that require hunting credential stuffing attacks
Analyze authentication logs to detect credential stuffing by identifying patterns of distributed login failures, high IP diversity, and suspicious ASN distribution.
import pandas as pd
from collections import Counter
# Load auth logs
df = pd.read_csv("auth_logs.csv", parse_dates=["timestamp"])
# Credential stuffing indicator: many IPs trying few accounts
ip_per_account = df[df["status"] == "failed"].groupby("username")["source_ip"].nunique()
accounts_under_attack = ip_per_account[ip_per_account > 50]
Key detection indicators:
# Password spray: one password tried across many accounts
spray = df[df["status"] == "failed"].groupby(["source_ip", "password_hash"]).agg(
accounts=("username", "nunique")).reset_index()
sprays = spray[spray["accounts"] > 10]
npx claudepluginhub mukul975/anthropic-cybersecurity-skills --plugin cybersecurity-skillsDetects credential stuffing attacks by analyzing authentication logs for login velocity anomalies, ASN diversity, password spray patterns, and geographic distribution of failed logins. Uses statistical analysis on Splunk or raw log data.
Detects credential stuffing attacks in auth logs using Python/pandas for IP diversity, login velocity anomalies, password sprays, and geo distribution. For threat hunting or building detection rules.
Detects credential stuffing attacks by analyzing auth logs for login velocity anomalies, ASN diversity, password spray patterns, and geographic distribution of failed logins. Uses statistical analysis on Splunk or raw log data.