Stats
Actions
Tags
From cybersecurity-skills
Hunts for registry-based persistence mechanisms including Run keys, Winlogon modifications, IFEO injection, and COM hijacking in Windows environments.
How this skill is triggered — by the user, by Claude, or both
Slash command
/cybersecurity-skills:hunting-for-registry-persistence-mechanismsThe summary Claude sees in its skill listing — used to decide when to auto-load this skill
- When proactively hunting for indicators of hunting for registry persistence mechanisms in the environment
| Concept | Description |
|---|---|
| T1547.001 | Registry Run Keys |
| T1547.004 | Winlogon Helper DLL |
| T1546.012 | IFEO Injection |
| T1546.015 | COM Hijacking |
| Tool | Purpose |
|---|---|
| CrowdStrike Falcon | EDR telemetry and threat detection |
| Microsoft Defender for Endpoint | Advanced hunting with KQL |
| Splunk Enterprise | SIEM log analysis with SPL queries |
| Elastic Security | Detection rules and investigation timeline |
| Sysmon | Detailed Windows event monitoring |
| Velociraptor | Endpoint artifact collection and hunting |
| Sigma Rules | Cross-platform detection rule format |
Hunt ID: TH-HUNTIN-[DATE]-[SEQ]
Technique: T1547.001
Host: [Hostname]
User: [Account context]
Evidence: [Log entries, process trees, network data]
Risk Level: [Critical/High/Medium/Low]
Confidence: [High/Medium/Low]
Recommended Action: [Containment, investigation, monitoring]
npx claudepluginhub mukul975/anthropic-cybersecurity-skills --plugin cybersecurity-skillsHunts for registry-based persistence mechanisms including Run keys, Winlogon modifications, IFEO injection, and COM hijacking in Windows environments.
Hunt for Windows registry persistence mechanisms including Run keys, Winlogon modifications, IFEO injection, and COM hijacking. For threat hunting, IR, and security assessments.
Hunt for Windows registry persistence mechanisms including Run keys, Winlogon modifications, IFEO injection, and COM hijacking. For threat hunting, IR, and security assessments.