Stats
Actions
Tags
From cybersecurity-skills
Hunts for DNS-based persistence mechanisms (hijacking, dangling CNAMEs, wildcard abuse, zone modifications) using SecurityTrails API and DNS audit logs. Useful for incident response and threat hunting.
How this skill is triggered — by the user, by Claude, or both
Slash command
/cybersecurity-skills:hunting-for-dns-based-persistenceThe summary Claude sees in its skill listing — used to decide when to auto-load this skill
Attackers establish DNS-based persistence by hijacking DNS records, creating unauthorized subdomains, abusing wildcard DNS entries, or modifying NS delegations to redirect traffic through attacker-controlled infrastructure. These techniques survive credential rotations, endpoint reimaging, and traditional remediation because DNS changes persist independently of compromised hosts. Detection requ...
Attackers establish DNS-based persistence by hijacking DNS records, creating unauthorized subdomains, abusing wildcard DNS entries, or modifying NS delegations to redirect traffic through attacker-controlled infrastructure. These techniques survive credential rotations, endpoint reimaging, and traditional remediation because DNS changes persist independently of compromised hosts. Detection requires passive DNS historical analysis, zone file auditing, and monitoring for unauthorized record modifications. This skill covers hunting methodologies using SecurityTrails passive DNS API, DNS audit logs from Route53/Azure DNS/Cloudflare, and zone transfer analysis.
Export current DNS zone records and establish baseline for all authorized A, AAAA, CNAME, MX, NS, and TXT records.
Use SecurityTrails API to retrieve historical DNS records and identify unauthorized changes, new subdomains, and CNAME records pointing to decommissioned services (dangling CNAMEs).
Compare current records against baseline to identify unauthorized modifications, wildcard records that resolve all subdomains, NS delegation changes, and MX record hijacking.
Correlate DNS anomalies with threat intelligence feeds, check resolution targets against known malicious infrastructure, and validate record ownership.
JSON report listing DNS anomalies with record type, historical changes, risk severity, and remediation recommendations for each finding.
npx claudepluginhub mukul975/anthropic-cybersecurity-skills --plugin cybersecurity-skillsHunts for DNS-based persistence mechanisms (hijacking, dangling CNAMEs, wildcard abuse, zone modifications) using SecurityTrails API and DNS audit logs. Useful for incident response and threat hunting.
Hunts DNS-based persistence like hijacking, dangling CNAMEs, wildcard abuse, unauthorized zones using SecurityTrails API, passive DNS, and audit logs for threat hunting.
Hunts for DNS-based persistence mechanisms such as hijacking, dangling CNAMEs, wildcard abuse, and zone modifications using SecurityTrails API and DNS audit logs.