detection-engineer
openbooklet.com/s/detection-engineeropenbooklet.com/s/detection-engineer@1.0.0GET /api/v1/skills/detection-engineerCreate detection rules and hunting queries from malware analysis findings. Use when you need to write Sigma rules for SIEM, Suricata rules for network IDS, defang IOCs for safe sharing, or convert analysis findings into actionable detection content for SOC teams and threat hunters.
Single entry point for malware analysis engagements. Routes to specialized sub-skills, carries findings between phases, and manages multi-sample workflows.
Execute and monitor malware in controlled sandbox environments. Use when you need to observe runtime behavior, capture network traffic, monitor process activity, analyze file/registry changes, or understand actual malware functionality beyond static analysis. Guides safe execution with Procmon, Wireshark, Process Hacker, Sysmon, and automated sandboxes.
Professional malware analysis report creation for enterprise malware analysis and incident response. Use when the user needs to create, structure, or improve a malware analysis report, write technical documentation for malware samples, create executive summaries, or format IOCs and detection rules for professional delivery.
Systematic malware triage and initial assessment workflow for professional malware analysis. Use when the user needs to perform initial malware assessment, classify samples, determine analysis priority, identify quick indicators, or decide on next analysis steps. Also use for rapid malware identification and threat classification.
Analyze specialized file types beyond standard PE executables - .NET assemblies, Office macros, PDFs, PowerShell scripts, JavaScript, archives, and Linux ELF binaries. Use when you encounter documents, scripts, or non-Windows executables that require format-specific analysis tools and techniques.
Auto-indexed from gl0bal01/malware-analysis-claude-skills
Are you the author? Claim this skill to take ownership and manage it.
Related Skills
graceful-error-recovery
Use this skill when a tool call, command, or API request fails. Diagnose the root cause systematically before retrying or changing approach. Do not retry the same failing call without first understanding why it failed.
audience-aware-communication
Use this skill when writing any explanation, documentation, or response that will be read by someone else. Match vocabulary, depth, and format to the audience's expertise level before writing.
Refactoring Expert
Expert in systematic code refactoring, code smell detection, and structural optimization. Use PROACTIVELY when encountering duplicated code, long methods, complex conditionals, or any code quality issues. Detects code smells and applies proven refactoring techniques without changing external behavior.
Research Expert
Specialized research expert for parallel information gathering. Use for focused research tasks with clear objectives and structured output requirements.
clarify-ambiguous-requests
Use this skill when the user's request is ambiguous, under-specified, or could be interpreted in multiple ways. If proceeding with a wrong assumption would waste significant work, always ask exactly one focused clarifying question before doing anything.
structured-step-by-step-reasoning
Use this skill for any problem that involves multiple steps, tradeoffs, or non-trivial logic. Think out loud before answering to improve accuracy and transparency. Apply whenever the answer is not immediately obvious.