Does this skill handle complex timestamp calculations?

Yes, it dynamically computes Unix epoch timestamps for relative time ranges (like 'past 24 hours') to ensure LCQL queries are accurate and ready to run.

How does it assist with Detection Engineering?

Once a manual hunt identifies malicious activity, the skill provides the logic and syntax to convert that hunt into a permanent LimaCharlie Detection & Response (D&R) rule.

What is the primary purpose of the Threat Hunter skill?

The Threat Hunter skill helps security professionals conduct proactive investigations in LimaCharlie by generating queries, analyzing telemetry, and creating automated threat detection logic.

Which operating systems does this skill support?

It provides specialized hunting queries and forensic commands for all platforms supported by LimaCharlie, including Windows, Linux, and macOS.

Can I use this to map hunts to the MITRE ATT&CK framework?

Absolutely. The skill includes methodologies and query examples specifically designed to hunt for tactics like persistence, privilege escalation, and exfiltration.

LimaCharlie Threat Hunter

Name: LimaCharlie Threat Hunter
Author: tekgrunt

bytekgrunt

安全与测试

Conducts proactive threat investigations and builds hypothesis-driven hunts within the LimaCharlie SecOps platform.

关于

The Threat Hunter skill transforms Claude into a specialized security analyst capable of performing advanced network and endpoint investigations. It guides users through the entire hunting lifecycle—from developing hypotheses based on MITRE ATT&CK tactics to constructing complex LCQL queries and converting successful findings into automated Detection & Response (D&R) rules. By automating precise timestamp calculations and providing structured forensic methodologies, it enables security teams to identify sophisticated threats that bypass traditional security controls, such as LOLBins, LSASS access, and suspicious parent-child process relationships.

主要功能

0 GitHub stars
Behavioral pattern analysis for identifying Living-off-the-Land (LOLBin) abuse and C2 beaconing.
Dynamic LCQL query construction with automatic Unix epoch timestamp calculation.
Forensic deep-dives using sensor commands for memory strings, file hashes, and process trees.
Hypothesis-driven investigation workflows aligned with MITRE ATT&CK tactics.
Detection engineering to convert manual hunts into automated D&R rules.

使用场景

Investigating suspicious PowerShell execution or encoded command-line activity across an enterprise fleet.
Building automated security detections based on newly discovered indicators of compromise or behavioral anomalies.
Searching for persistence mechanisms and lateral movement using Windows Event Logs and network telemetry.

关于

主要功能

0 GitHub stars
Behavioral pattern analysis for identifying Living-off-the-Land (LOLBin) abuse and C2 beaconing.
Dynamic LCQL query construction with automatic Unix epoch timestamp calculation.
Forensic deep-dives using sensor commands for memory strings, file hashes, and process trees.
Hypothesis-driven investigation workflows aligned with MITRE ATT&CK tactics.
Detection engineering to convert manual hunts into automated D&R rules.

使用场景

Investigating suspicious PowerShell execution or encoded command-line activity across an enterprise fleet.
Building automated security detections based on newly discovered indicators of compromise or behavioral anomalies.
Searching for persistence mechanisms and lateral movement using Windows Event Logs and network telemetry.