Can this skill help with HTML smuggling detection?

Yes, it includes specific scenarios for detecting advanced delivery methods like HTML smuggling and QR code-based phishing.

Does it provide a standardized reporting format?

Yes, it generates a structured 'Hunt ID' report including host context, evidence logs, risk levels, and recommended remediation actions.

What primary techniques does this skill focus on?

This skill focuses on MITRE ATT&CK T1566, specifically hunting for spearphishing attachments, links, and attacks delivered via services.

Which security tools are compatible with this workflow?

The skill is designed to work with enterprise-grade tools including CrowdStrike Falcon, Microsoft Defender for Endpoint, Splunk, Elastic Security, and Sysmon.

Spearphishing Threat Hunting

Name: Spearphishing Threat Hunting
Author: micsapp

bymicsapp

0•

安全与测试

Hunts for spearphishing campaign indicators across email, endpoint, and network telemetry to detect and document targeted cyber attacks.

The Spearphishing Threat Hunting skill provides a structured framework for security analysts to identify stealthy initial access attempts within their environment. By correlating data from EDR platforms, SIEM logs, and Sysmon, this skill guides Claude in executing a complete hunting workflow—from hypothesis generation to evidence documentation. It specifically targets MITRE ATT&CK T1566 techniques, enabling the detection of advanced threats like HTML smuggling, macro-enabled payloads, and QR code phishing that often bypass traditional perimeter defenses.

主要功能

010 GitHub stars

02Guided detection for complex scenarios like HTML smuggling and LNK payloads

03Standardized hunt reporting format for incident response and documentation

04Alignment with MITRE ATT&CK techniques T1566.001, .002, and .003

05Integration strategies for major tools like CrowdStrike, Splunk, and Sentinel

06Multi-source telemetry correlation across EDR, SIEM, and Sysmon logs

使用场景

01Scoping the impact of a spearphishing campaign during an active incident response investigation

02Proactively searching for stealthy indicators of compromise following a threat intelligence briefing

03Conducting periodic security assessments and purple team exercises to validate email security controls

What are Skills?·How to Install

Install with 🐟 Skill.Fish

npx skillfish add micsapp/micstec-skills hunting-for-spearphishing-indicators

For use in Claude.ai and ChatGPT

主要功能

010 GitHub stars

02Guided detection for complex scenarios like HTML smuggling and LNK payloads

03Standardized hunt reporting format for incident response and documentation

04Alignment with MITRE ATT&CK techniques T1566.001, .002, and .003

05Integration strategies for major tools like CrowdStrike, Splunk, and Sentinel

06Multi-source telemetry correlation across EDR, SIEM, and Sysmon logs

使用场景

01Scoping the impact of a spearphishing campaign during an active incident response investigation

02Proactively searching for stealthy indicators of compromise following a threat intelligence briefing

03Conducting periodic security assessments and purple team exercises to validate email security controls

What are Skills?·How to Install

Install with 🐟 Skill.Fish

npx skillfish add micsapp/micstec-skills hunting-for-spearphishing-indicators

For use in Claude.ai and ChatGPT