Do I need specific tools to use this skill effectively?

Yes, for best results you should have Sysmon, Windows Security Event logs (4697, 4698), and forensic tools like Sysinternals Autoruns or Velociraptor.

How does it help in incident response scenarios?

It provides a structured workflow to identify all methods an attacker might use to maintain access after an initial breach, ensuring complete eviction from the network.

What persistence locations does this skill cover?

It covers Registry run keys, startup folders, Windows services, scheduled tasks, WMI subscriptions, COM hijacking, IFEO injection, and DLL search order hijacking.

Is this skill aligned with industry security frameworks?

Absolutely, it is mapped to multiple frameworks including MITRE ATT&CK, NIST CSF 2.0, D3FEND, and NIST AI RMF.

Windows Persistence Threat Hunting

Name: Windows Persistence Threat Hunting
Author: mukul975

bymukul975

•

4,121

•

보안 및 테스팅

Identifies and analyzes hidden persistence mechanisms in Windows environments to detect unauthorized backdoors and dormant threats.

This skill provides specialized guidance for cybersecurity professionals to systematically hunt for adversary persistence across Windows endpoints. It covers a wide range of techniques including registry run keys, malicious services, scheduled tasks, WMI event subscriptions, and COM hijacking. By mapping activities to MITRE ATT&CK and NIST frameworks, it helps users baseline legitimate system behavior, identify anomalies, and investigate suspicious entries using tools like Sysmon, Autoruns, and EDR platforms, ensuring a proactive defense against long-term attacker access.

주요 기능

01Integration guidance for Sysmon, EDR, and Windows Event Logs

024,121 GitHub stars

03Systematic workflow for baselining and anomaly detection

04Detailed investigation steps for Registry, WMI, and COM hijacking

05Comprehensive mapping to MITRE ATT&CK persistence techniques

06Standardized output format for hunt reporting and remediation

사용 사례

01Investigating unauthorized changes to services, scheduled tasks, or startup folders

02Post-incident forensics to identify all persistent artifacts left by an attacker

03Proactive hunting for dormant backdoors during periodic security assessments

What are Skills?·How to Install

Install with 🐟 Skill.Fish

npx skillfish add mukul975/anthropic-cybersecurity-skills hunting-for-persistence-mechanisms-in-windows

For use in Claude.ai and ChatGPT

주요 기능

01Integration guidance for Sysmon, EDR, and Windows Event Logs

024,121 GitHub stars

03Systematic workflow for baselining and anomaly detection

04Detailed investigation steps for Registry, WMI, and COM hijacking

05Comprehensive mapping to MITRE ATT&CK persistence techniques

06Standardized output format for hunt reporting and remediation

사용 사례

01Investigating unauthorized changes to services, scheduled tasks, or startup folders

02Post-incident forensics to identify all persistent artifacts left by an attacker

03Proactive hunting for dormant backdoors during periodic security assessments

What are Skills?·How to Install

Install with 🐟 Skill.Fish

npx skillfish add mukul975/anthropic-cybersecurity-skills hunting-for-persistence-mechanisms-in-windows

For use in Claude.ai and ChatGPT