detecting-fileless-malware-techniques

Installation
SKILL.md

Detecting Fileless Malware Techniques

When to Use

  • EDR alerts indicate suspicious behavior from trusted system binaries (PowerShell, mshta, wmic, regsvr32)
  • Investigating attacks that leave no traditional malware files on disk
  • Analyzing WMI event subscriptions, registry-stored payloads, or scheduled task abuse for persistence
  • Building detection rules for LOLBin (Living Off the Land Binary) abuse in enterprise environments
  • Memory forensics reveals malicious code but no corresponding files exist on the filesystem

Do not use for traditional file-based malware; standard static and dynamic analysis methods are more appropriate for disk-resident malware.

Prerequisites

Installs
33
GitHub Stars
24.2K
First Seen
Mar 18, 2026
detecting-fileless-malware-techniques — mukul975/anthropic-cybersecurity-skills