tracking-threat-actor-infrastructure

Installation
SKILL.md

Tracking Threat Actor Infrastructure

Overview

Threat actor infrastructure tracking involves monitoring and mapping adversary-controlled assets including command-and-control (C2) servers, phishing domains, exploit kit hosts, bulletproof hosting, and staging servers. This skill covers using passive DNS, certificate transparency logs, Shodan/Censys scanning, WHOIS analysis, and network fingerprinting to discover, track, and pivot across threat actor infrastructure over time.

When to Use

  • When managing security operations that require tracking threat actor infrastructure
  • When improving security program maturity and operational processes
  • When establishing standardized procedures for security team workflows
  • When integrating threat intelligence or vulnerability data into operations

Prerequisites

Installs
80
GitHub Stars
24.2K
First Seen
Mar 15, 2026
tracking-threat-actor-infrastructure — mukul975/anthropic-cybersecurity-skills