Summary
This is a solid foundation for security analysts doing proactive threat detection. You get MITRE ATT&CK mapping tables covering the full kill chain, ready-to-use Splunk and KQL queries for hunting credential dumping and lateral movement, and Sigma rule templates for building detections. The correlation query examples are specific enough to adapt (DCSync detection, Kerberoasting, LSASS access patterns). What stands out is the hunting hypothesis framework and the behavioral baseline guidance, which helps structure investigations beyond just running queries. The Sysmon event ID reference is handy when you're staring at logs at 2am. Best for analysts who already know their SIEM but need structured hunting methodologies and a quick reference for technique-to-detection mapping.
Install to Claude Code
npx -y skills add hypnguyen1209/offensive-claude --skill threat-hunting --agent claude-codeInstalls into .claude/skills of the current project.
Agent, run crypto. Access onchain data & trade routes via 1inch.
Install now →
On Capafy, your Skill runs online 24/7 as an agent product, and you get paid every time someone uses it.
Start earning →
An agent that runs the SEO playbooks that move rankings and ships PRs you control.
Get founding access →
Connect Claude to +800M contacts, +150M companies. Find & Enrich leads in chat.
Try For Free →Files
SKILL.md
Select a file.
Featured
Agent, run crypto. Access onchain data & trade routes via 1inch.
Install now →On Capafy, your Skill runs online 24/7 as an agent product, and you get paid every time someone uses it.
Start earning →An agent that runs the SEO playbooks that move rankings and ships PRs you control.
Get founding access →Connect Claude to +800M contacts, +150M companies. Find & Enrich leads in chat.
Try For Free →First SeenJun 11, 2026
