How does this skill help with WMI persistence?

It provides specific commands and scripts to enumerate WMI event filters, consumers, and bindings that attackers use to maintain access without writing files to disk.

Which binaries are considered LOLBins?

Common LOLBins (Living Off the Land Binaries) include mshta.exe, certutil.exe, regsvr32.exe, and powershell.exe, which are legitimate Windows tools often abused to execute malicious code.

What is fileless malware?

Fileless malware is a type of malicious activity that uses legitimate programs to infect a computer, staying primarily in memory to avoid detection by traditional file-based scanners.

Does this skill require external tools?

Yes, for full functionality it leverages system data from tools like Sysmon, Volatility 3, and PowerShell Script Block Logging to gather necessary forensic data.

Fileless Malware Detection & Analysis

Name: Fileless Malware Detection & Analysis
Author: mukul975

bymukul975

•

4,121

•

セキュリティとテスト

Identifies and analyzes in-memory threats, LOLBin abuse, and registry-resident payloads to detect fileless malware attacks.

This skill provides a specialized toolkit for security analysts and incident responders to detect and investigate malware that operates entirely in memory or via legitimate system tools. It enables Claude to identify 'Living off the Land' (LOLBin) abuse patterns involving binaries like mshta and certutil, analyze WMI-based persistence mechanisms, and locate malicious payloads hidden in the Windows Registry. By bridging the gap between EDR alerts and forensic analysis, it helps users map complex fileless attack chains and build robust Sigma detection rules for enterprise security monitoring.

主な機能

014,121 GitHub stars

02Provides memory forensics workflows for in-memory artifact extraction

03Analyzes WMI event subscriptions for fileless persistence

04Identifies 'Living off the Land' (LOLBin) binary abuse patterns

05Scans Windows Registry for large, encoded malicious payloads

06Generates Sigma detection rules for fileless threat vectors

ユースケース

01Creating proactive detection signatures for LOLBin abuse in SOC environments

02Investigating EDR alerts involving suspicious PowerShell or mshta behavior

03Hunting for advanced persistence mechanisms within WMI or the registry

What are Skills?·How to Install

Install with 🐟 Skill.Fish

npx skillfish add mukul975/anthropic-cybersecurity-skills detecting-fileless-malware-techniques

For use in Claude.ai and ChatGPT

主な機能

014,121 GitHub stars

02Provides memory forensics workflows for in-memory artifact extraction

03Analyzes WMI event subscriptions for fileless persistence

04Identifies 'Living off the Land' (LOLBin) binary abuse patterns

05Scans Windows Registry for large, encoded malicious payloads

06Generates Sigma detection rules for fileless threat vectors

ユースケース

01Creating proactive detection signatures for LOLBin abuse in SOC environments

02Investigating EDR alerts involving suspicious PowerShell or mshta behavior

03Hunting for advanced persistence mechanisms within WMI or the registry

What are Skills?·How to Install

Install with 🐟 Skill.Fish

npx skillfish add mukul975/anthropic-cybersecurity-skills detecting-fileless-malware-techniques

For use in Claude.ai and ChatGPT