active-directory-skill
CommunityMaster AD attack & detection with ELK insights
System Documentation
What problem does it solve?
This skill provides a comprehensive framework for understanding Active Directory attack techniques and Windows event-log based detections, equipping security teams to analyze incidents and implement ELK-integrated defenses.
Core Features & Use Cases
- Kerberos-based attack coverage (TGT/ST/AS-REQ/PK) and authentication flows, with detection guidance.
- Domain trust abuse, LDAP operations, privilege escalation, persistence techniques, and log-analysis detections.
- ELK integration for SIEM workflows: Kibana dashboards and detection queries to support incident response and threat hunting.
Quick Start
Load the Active Directory Attack & Detection Skill into your agent and ask for practical detection guidance. Example: "Show me Kibana queries to detect Kerberoasting in Windows Event Logs." Another example: "Provide a detection plan for Pass-the-Ticket events using Event IDs 4769 and 4624."
Dependency Matrix
Required Modules
None requiredComponents
💻 Claude Code Installation
Recommended: Let Claude install automatically. Simply copy and paste the text below to Claude Code.
Please help me install this Skill: Name: active-directory-skill Download link: https://github.com/SeeKT/Active-Directory-Forge-Ticket-Agent-ELK/archive/main.zip#active-directory-skill Please download this .zip file, extract it, and install it in the .claude/skills/ directory.
Agent Skills Search Helper
Install a tiny helper to your Agent, search and equip skill from 223,000+ vetted skills library on demand.