Does this skill handle complex timestamp calculations?

Yes, it dynamically computes Unix epoch timestamps for relative time ranges (like 'past 24 hours') to ensure LCQL queries are accurate and ready to run.

How does it assist with Detection Engineering?

Once a manual hunt identifies malicious activity, the skill provides the logic and syntax to convert that hunt into a permanent LimaCharlie Detection & Response (D&R) rule.

What is the primary purpose of the Threat Hunter skill?

The Threat Hunter skill helps security professionals conduct proactive investigations in LimaCharlie by generating queries, analyzing telemetry, and creating automated threat detection logic.

Which operating systems does this skill support?

It provides specialized hunting queries and forensic commands for all platforms supported by LimaCharlie, including Windows, Linux, and macOS.

Can I use this to map hunts to the MITRE ATT&CK framework?

Absolutely. The skill includes methodologies and query examples specifically designed to hunt for tactics like persistence, privilege escalation, and exfiltration.

LimaCharlie Threat Hunter

Name: LimaCharlie Threat Hunter
Author: tekgrunt

bytekgrunt

0•

セキュリティとテスト

Conducts proactive threat investigations and builds hypothesis-driven hunts within the LimaCharlie SecOps platform.

The Threat Hunter skill transforms Claude into a specialized security analyst capable of performing advanced network and endpoint investigations. It guides users through the entire hunting lifecycle—from developing hypotheses based on MITRE ATT&CK tactics to constructing complex LCQL queries and converting successful findings into automated Detection & Response (D&R) rules. By automating precise timestamp calculations and providing structured forensic methodologies, it enables security teams to identify sophisticated threats that bypass traditional security controls, such as LOLBins, LSASS access, and suspicious parent-child process relationships.

主な機能

010 GitHub stars

02Behavioral pattern analysis for identifying Living-off-the-Land (LOLBin) abuse and C2 beaconing.

03Dynamic LCQL query construction with automatic Unix epoch timestamp calculation.

04Forensic deep-dives using sensor commands for memory strings, file hashes, and process trees.

05Hypothesis-driven investigation workflows aligned with MITRE ATT&CK tactics.

06Detection engineering to convert manual hunts into automated D&R rules.

ユースケース

01Investigating suspicious PowerShell execution or encoded command-line activity across an enterprise fleet.

02Building automated security detections based on newly discovered indicators of compromise or behavioral anomalies.

03Searching for persistence mechanisms and lateral movement using Windows Event Logs and network telemetry.

What are Skills?·How to Install

Install with 🐟 Skill.Fish

npx skillfish add tekgrunt/boot-test threat-hunter

For use in Claude.ai and ChatGPT

Download Skill