Stats
Actions
Tags
From cybersecurity-skills
Detects data staging before exfiltration by monitoring archive creation (7-Zip/RAR), unusual temp folder access, and file consolidation patterns via EDR and process telemetry.
How this skill is triggered — by the user, by Claude, or both
Slash command
/cybersecurity-skills:hunting-for-data-staging-before-exfiltrationThe summary Claude sees in its skill listing — used to decide when to auto-load this skill
Before exfiltrating data, adversaries typically stage collected files in a central location (MITRE ATT&CK T1074). This involves creating archives with tools like 7-Zip, RAR, or tar, consolidating files from multiple directories, and using temporary or hidden staging directories. This skill detects staging behavior by analyzing process creation logs for archiver activity, monitoring file system ...
Before exfiltrating data, adversaries typically stage collected files in a central location (MITRE ATT&CK T1074). This involves creating archives with tools like 7-Zip, RAR, or tar, consolidating files from multiple directories, and using temporary or hidden staging directories. This skill detects staging behavior by analyzing process creation logs for archiver activity, monitoring file system events in common staging paths, and identifying anomalous file consolidation patterns.
npx claudepluginhub mukul975/anthropic-cybersecurity-skills --plugin cybersecurity-skillsDetects data staging before exfiltration by monitoring archive creation (7-Zip/RAR), unusual temp folder access, and file consolidation patterns via EDR and process telemetry.
Hunt for data staging activity before exfiltration by monitoring archive creation (7-Zip/RAR), unusual temp folder access, large file consolidation, and staging directory patterns via EDR and process telemetry.
Detects data staging before exfiltration by monitoring 7-Zip/RAR archive creation, temp folder access, file consolidation, and staging patterns via EDR/Sysmon telemetry. For threat hunting in security incidents.