defensive-rce
CommunityDetect web RCE and triage fast.
Data & Analytics#command-injection#process-spawning#kql#sigma#rce-detection#webshell-detection#yara-detections
Authorriparino
Version1.0.0
Installs0
System Documentation
What problem does it solve?
Detect and triage remote code execution attempts targeting web applications by correlating web process spawning, command injection signals, and webshell indicators.
Core Features & Use Cases
- RCE detection: Identify web server process spawning unauthorized system utilities and suspicious child processes.
- Webshell detection: Detect webshell deployment via file changes, YARA matches, and HTTP interactions.
- Threat mapping: Align findings to MITRE ATT&CK T1190, T1505.003, T1059, with Sigma/KQL/YARA artifacts for SOC triage.
Quick Start
Load the full RCE detection methodology against your telemetry to trigger detections and triage incidents.
Dependency Matrix
Required Modules
None requiredComponents
Standard package💻 Claude Code Installation
Recommended: Let Claude install automatically. Simply copy and paste the text below to Claude Code.
Please help me install this Skill: Name: defensive-rce Download link: https://github.com/riparino/Claude-Cyber/archive/main.zip#defensive-rce Please download this .zip file, extract it, and install it in the .claude/skills/ directory.
Agent Skills Search Helper
Install a tiny helper to your Agent, search and equip skill from 471,000+ vetted skills library on demand.