Skills

hunting-for-data-staging-before-exfiltration

Installation
SKILL.md

Hunting for Data Staging Before Exfiltration

Overview

Before exfiltrating data, adversaries typically stage collected files in a central location (MITRE ATT&CK T1074). This involves creating archives with tools like 7-Zip, RAR, or tar, consolidating files from multiple directories, and using temporary or hidden staging directories. This skill detects staging behavior by analyzing process creation logs for archiver activity, monitoring file system events in common staging paths, and identifying anomalous file consolidation patterns.

When to Use

  • When investigating security incidents that require hunting for data staging before exfiltration
  • When building detection rules or threat hunting queries for this domain
  • When SOC analysts need structured procedures for this analysis type
  • When validating security monitoring coverage for related attack techniques

Prerequisites

Installs
18
Repository
mukul975/anthro…y-skills
GitHub Stars
14.8K
First Seen
Mar 15, 2026
Security Audits
Gen Agent Trust HubPass
SocketPass
SnykPass
hunting-for-data-staging-before-exfiltration — mukul975/anthropic-cybersecurity-skills