Which data sources does this skill monitor?

It analyzes telemetry from Windows Security Event Logs, Sysmon, EDR platforms like CrowdStrike or Microsoft Defender for Endpoint, and SIEM logs like Splunk or Elastic.

Does it support automated response?

While primarily focused on detection and hunting, the skill provides recommended actions for containment and investigation to guide the manual response process.

Can this skill be used with GitHub Copilot?

Yes, this skill follows the agentskills.io standard and works with Claude Code, GitHub Copilot, Cursor, and other major AI agent platforms.

What is Kerberoasting?

Kerberoasting is a post-exploitation technique where attackers request service tickets (TGS) for accounts with Service Principal Names (SPNs) in order to crack the account passwords offline.

Kerberoasting Attack Detection

Name: Kerberoasting Attack Detection
Author: mukul975

bymukul975

•

4,121

•

安全与测试

Detects Kerberoasting attacks by monitoring for anomalous Kerberos TGS requests targeting service accounts for offline password cracking.

This skill provides specialized guidance for threat hunting teams and security analysts to identify Kerberoasting techniques (MITRE ATT&CK T1558). It enables AI agents to assist in monitoring environment-wide Kerberos traffic, analyzing anomalous service ticket requests, and correlating EDR or SIEM telemetry to find indicators of credential access. By streamlining the detection workflow—from hypothesis formulation to incident reporting—it helps organizations proactively secure Active Directory environments against sophisticated credential theft and lateral movement.

主要功能

014,121 GitHub stars

02Multi-platform support for EDR and SIEM telemetry integration

03Mapping to MITRE ATT&CK, NIST CSF, and D3FEND frameworks

04Automated threat hunting workflows for Kerberos TGS request anomalies

05Structured output formats for incident reporting and documentation

06Advanced correlation of process and network telemetry for high-confidence detection

使用场景

01Proactive threat hunting for Active Directory credential access

02Purple team exercises and periodic security posture assessments

03Incident response investigations following suspicious service account activity

What are Skills?·How to Install

Install with 🐟 Skill.Fish

npx skillfish add mukul975/anthropic-cybersecurity-skills detecting-kerberoasting-attacks

For use in Claude.ai and ChatGPT

主要功能

014,121 GitHub stars

02Multi-platform support for EDR and SIEM telemetry integration

03Mapping to MITRE ATT&CK, NIST CSF, and D3FEND frameworks

04Automated threat hunting workflows for Kerberos TGS request anomalies

05Structured output formats for incident reporting and documentation

06Advanced correlation of process and network telemetry for high-confidence detection

使用场景

01Proactive threat hunting for Active Directory credential access

02Purple team exercises and periodic security posture assessments

03Incident response investigations following suspicious service account activity

What are Skills?·How to Install

Install with 🐟 Skill.Fish

npx skillfish add mukul975/anthropic-cybersecurity-skills detecting-kerberoasting-attacks

For use in Claude.ai and ChatGPT